Manualsbrain.com
  1. 매뉴얼
  2. 브랜드
  3. Cisco
  4. Cisco ASA 5515-X Adaptive Security Appliance
  5. 전단

Cisco Cisco ASA 5515-X Adaptive Security Appliance 전단

다운로드
페이지 438
 
1-3
Cisco ASA Series Firewall ASDM 컨피그레이션 가이드      
 
1       사용하는 서비스 정책
  서비스 정책 정보    
    max-forwards-validation action drop log
    strict-header-validation action drop log
: Class map to define traffic matching for the inside-class rule.
 
: In ASDM, this maps to call-out 3, from the Match to the Time fields.
 
class-map inside-class
  match access-list inside_mpc_1
: Class map to define traffic matching for the sip-class-inside rule.
 
: In ASDM, this maps to call-out 3, from the Match to the Time fields.
 
class-map sip-class-inside
  match access-list inside_mpc
: Class map to define traffic matching for the inside-class1 rule.
 
: In ASDM, this maps to call-out 3, from the Match to the Time fields.
 
class-map inside-class1
  match access-list inside_mpc_2
: Policy map that actually defines the service policy rule set named test-inside-policy.
 
: In ASDM, this corresponds to the folder at call-out 1.
 
policy-map test-inside-policy
: First rule in test-inside-policy, named sip-class-inside. Inspects SIP traffic.
 
: The sip-class-inside rule applies the sip-high inspection policy map to SIP inspection.
: In ASDM, each rule corresponds to call-out 2.
 
  class sip-class-inside
    inspect sip sip-high
: Second rule, inside-class. Applies SNMP inspection using an SNMP map.
 
  class inside-class
    inspect snmp snmp-v3only
: Third rule, inside-class1. Applies ICMP inspection.
 
  class inside-class1
    inspect icmp 
: Fourth rule, class-default. Applies connection settings and enables user statistics.
 
  class class-default
    set connection timeout embryonic 0:00:30 half-closed 0:10:00 idle 1:00:00 
reset dcd 0:15:00 5
    user-statistics accounting
: The service-policy command applies the policy map rule set to the inside interface.
 
: This command activates the policies.
 
service-policy test-inside-policy interface inside
서비스 정책으로 구성된 기능
다음 표에는 서비스 정책을 사용하여 구성하는 기능이 나열되어 있습니다.
표 
1-1
 
서비스
 
정책으로
 
구성된
 
기능
기능
통과 트래픽 관리 트래픽 참조 :
애플리케이션 검사(여러 유형) RADIUS 어카
운팅을 제외
한 전부
RADIUS 
카운팅 전용
  •
  •
  •
  •
  •
  •
ASA IPS
아니요
ASA CX
아니요
ASA FirePOWER(ASA SFR)
아니요