Default Global Policy - Cisco 7604 Configuration Manual

Chapter 20 Using Modular Policy Framework
4.

Default Global Policy

By default, the configuration includes a policy that matches all default application inspection traffic and
applies certain inspections to the traffic on all interfaces (a global policy). Not all inspections are enabled
by default. You can only apply one global policy, so if you want to alter the global policy, you need to
either edit the default policy or disable it and apply a new one. (An interface policy overrides the global
policy.)
The default policy configuration includes the following commands:
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
See the "Creating a Regular Expression" section on page 20-11
Expression Class Map" section on page
Define the actions you want to perform on each Layer 3/4 class map by creating a Layer 3/4 policy
map. Then, determine on which interfaces you want to apply the policy map using a service policy.
Connection Settings
Inspection
See the "Defining Actions (Layer 3/4 Policy Map)" section on page 20-14
Actions to an Interface (Service Policy)" section on page
20-14.
Layer 3/4 Policy Map
Connection Settings
Inspection
Information About Modular Policy Framework
and the "Creating a Regular
Service Policy
and the "Applying
20-20.
20-3