6-13
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 6 Getting Started with Application Layer Protocol Inspection
Configure Application Layer Protocol Inspection
Note
If you are editing the default global policy (or any in-use policy) to use a different inspection
policy map, you must remove the old inspection with the
no inspect
protocol
command, and then
re-add it with the new inspection policy map name.
Step 6
To activate the policy map on one or more interfaces, enter the following command:
hostname(config)#
service-policy
policymap_name
{
global
|
interface
interface_name
}
scansafe
[
map_name
] [
fail-open
|
fail-closed
]
If you want to enable ScanSafe (Cloud Web Security), use
the procedure described in the following topic rather than
this procedure:
Configure a Service Policy to Send Traffic to
explains the full policy configuration, including how to
configure the policy inspection map.
sip
[
map_name
]
[
tls-proxy
proxy_name
]
If you added a SIP inspection policy map according to
Configure SIP Inspection Policy Map, page 8-25
, identify
the map name in this command. Specify a TLS proxy to
enable inspection of encrypted traffic.
skinny
[
map_name
]
[
tls-proxy
proxy_name
]
Skinny (SCCP) Inspection, page 8-31
If you added a Skinny inspection policy map according to
Configure a Skinny (SCCP) Inspection Policy Map for
Additional Inspection Control, page 8-33
, identify the map
name in this command. Specify a TLS proxy to enable
inspection of encrypted traffic.
snmp
[
map_name
]
See
.
If you added an SNMP inspection policy map, identify the
map name in this command.
sqlnet
.
sunrpc
The default class map includes UDP port 111; if you want to
enable Sun RPC inspection for TCP port 111, you need to
create a new class map that matches TCP port 111, add the
class to the policy, and then apply the
inspect sunrpc
command to that class.
tftp
.
waas
Enables TCP option 33 parsing. Use when deploying Cisco
Wide Area Application Services products.
xdmcp
Table 6-2
Protocol Keywords
Keywords
Notes
Содержание ASA 5512-X
Страница 5: ...P A R T 1 Service Policies and Access Control ...
Страница 6: ......
Страница 50: ...3 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 3 Access Rules History for Access Rules ...
Страница 51: ...P A R T 2 Network Address Translation ...
Страница 52: ......
Страница 126: ...5 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 5 NAT Examples and Reference DNS and NAT ...
Страница 127: ...P A R T 3 Application Inspection ...
Страница 128: ......
Страница 255: ...P A R T 4 Connection Settings and Quality of Service ...
Страница 256: ......
Страница 288: ...12 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 12 Quality of Service History for QoS ...
Страница 303: ...P A R T 5 Advanced Network Protection ...
Страница 304: ......
Страница 339: ...P A R T 6 ASA Modules ...
Страница 340: ......
Страница 398: ...17 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 17 ASA CX Module History for the ASA CX Module ...