C H A P T E R
11-1
Cisco ASA Series Firewall CLI Configuration Guide
11
Service Policy Using the Modular Policy
Framework
Service policies using Modular Policy Framework provide a consistent and flexible way to configure
ASA features. For example, you can use a service policy to create a timeout configuration that is specific
to a particular TCP application, as opposed to one that applies to all TCP applications. A service policy
consists of multiple actions or rules applied to an interface or applied globally.
•
About Service Policies, page 11-1
•
Guidelines for Service Policies, page 11-8
•
Defaults for Service Policies, page 11-9
•
Configure Service Policies, page 11-11
•
Monitoring Service Policies, page 11-18
•
Examples for Service Policies (Modular Policy Framework), page 11-18
•
History for Service Policies, page 11-21
About Service Policies
The following topics describe how service policies work.
•
The Components of a Service Policy, page 11-1
•
Features Configured with Service Policies, page 11-4
•
Feature Directionality, page 11-4
•
Feature Matching Within a Service Policy, page 11-5
•
Order in Which Multiple Feature Actions are Applied, page 11-6
•
Incompatibility of Certain Feature Actions, page 11-6
•
Feature Matching for Multiple Service Policies, page 11-8
The Components of a Service Policy
The point of service policies is to apply advanced services to the traffic you are allowing. Any traffic
permitted by access rules can have service policies applied, and thus receive special processing, such as
being redirected to a service module or having application inspection applied.
Summary of Contents for ASA 5508-X
Page 11: ...P A R T 1 Access Control ...
Page 12: ......
Page 157: ...P A R T 2 Network Address Translation ...
Page 158: ......
Page 233: ...P A R T 3 Service Policies and Application Inspection ...
Page 234: ......
Page 379: ...P A R T 4 Connection Management and Threat Detection ...
Page 380: ......