Cisco ASA 5506-X Configuration Manual page 26
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
Examples for Service Policies (Modular Policy Framework)
Applying Inspection to HTTP Traffic Globally
In this example, any HTTP connection (TCP traffic on port 80) that enters the ASA through any interface
is classified for HTTP inspection. Because the policy is a global policy, inspection occurs only as the
traffic enters each interface.
Figure 1-2
A
Host A
See the following commands for this example:
hostname(config)# class-map http_traffic
hostname(config-cmap)# match port tcp eq 80
hostname(config)# policy-map http_traffic_policy
hostname(config-pmap)# class http_traffic
hostname(config-pmap-c)# inspect http
hostname(config)# service-policy http_traffic_policy global
Applying Inspection and Connection Limits to HTTP Traffic to Specific Servers
In this example, any HTTP connection destined for Server A (TCP traffic on port 80) that enters the ASA
through the outside interface is classified for HTTP inspection and maximum connection limits.
Connections initiated from Server A to Host A do not match the ACL in the class map, so they are not
affected.
Any HTTP connection destined for Server B that enters the ASA through the inside interface is classified
for HTTP inspection. Connections initiated from Server B to Host B do not match the ACL in the class
map, so they are not affected.
Cisco ASA Series Firewall CLI Configuration Guide
1-20
Global HTTP Inspection
Security
appliance
port 80
insp.
port 80 insp.
inside
outside
Chapter 1
Service Policy Using the Modular Policy Framework
Host B
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
