7-45
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 7 Inspection of Basic Internet Protocols
TFTP Inspection
Example:
hostname(config)# policy-map global_policy
In the default configuration, the global_policy policy map is assigned globally to all interfaces. If you
want to edit the global_policy, enter global_policy as the policy name.
Step 3
Identify the L3/L4 class map you are using for IP options inspection.
class
name
Example:
hostname(config-pmap)# class inspection_default
To edit the default policy, or to use the special inspection_default class map in a new policy, specify
inspection_default
for the
name
. Otherwise, you are specifying the class you created earlier in this
procedure.
Step 4
Configure ESMTP inspection.
inspect esmtp
[
esmtp_policy_map
]
Where
esmtp_policy_map
is the optional ESMTP inspection policy map. You need a map only if you
want non-default inspection processing. For information on creating the ESMTP inspection policy map,
see
Configure the ESMTP Inspection Service Policy, page 7-44
.
Example:
hostname(config-class)# no inspect esmtp
hostname(config-class)# inspect esmtp esmtp-map
Note
If you are editing the default global policy (or any in-use policy) to use a different inspection
policy map, you must remove the ESMTP inspection with the
no inspect esmtp
command, and
then re-add it with the new inspection policy map name.
Step 5
If you are editing an existing service policy (such as the default global policy called global_policy), you
are done. Otherwise, activate the policy map on one or more interfaces.
service-policy
policymap_name
{
global
|
interface
interface_name
}
Example:
hostname(config)# service-policy global_policy global
The
global
keyword applies the policy map to all interfaces, and
interface
applies the policy to one
interface. Only one global policy is allowed. You can override the global policy on an interface by
applying a service policy to that interface. You can only apply one policy map to each interface.
TFTP Inspection
TFTP inspection is enabled by default.
TFTP, described in RFC 1350, is a simple protocol to read and write files between a TFTP server and
client.
Summary of Contents for ASA 5512-X
Page 5: ...P A R T 1 Service Policies and Access Control ...
Page 6: ......
Page 51: ...P A R T 2 Network Address Translation ...
Page 52: ......
Page 127: ...P A R T 3 Application Inspection ...
Page 128: ......
Page 255: ...P A R T 4 Connection Settings and Quality of Service ...
Page 256: ......
Page 303: ...P A R T 5 Advanced Network Protection ...
Page 304: ......
Page 339: ...P A R T 6 ASA Modules ...
Page 340: ......