Cisco Cisco ASA 5555-X Adaptive Security Appliance 技术手册
19
XML Examples for the Cisco Application Centric Infrastructure Security Device Package, Version 1.2(7)
Global NetFlow
policy-map internalIf
class inspection_internalIf
inspect http
service-policy internalIf interface internalIf
XML Example
<polUni>
<fvTenant name="tenant1">
<vnsAbsGraph name = "WebGraph">
<vnsAbsNode name = "FW1">
<vnsAbsDevCfg>
<vnsAbsFolder key="Interface" name="internalIf">
<vnsAbsFolder key="ServicePolicy" name="Inspection-Policy">
<vnsAbsParam key="ServicePolicyState" name="PolicyState" value="enable"/>
<vnsAbsFolder key="ApplicationInspection" name="ApplicationInspection">
<vnsAbsFolder key="InspectionSettings" name="InspectionSettingsA">
<vnsAbsParam key="http" name="http" value="enable"/>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsDevCfg>
</vnsAbsNode>
</vnsAbsGraph>
</fvTenant>
</polUni>
Global NetFlow
This XML example sets up the NetFlow feature. The example shows how to create a simple access list
to which traffic is matched, creates a NetFlow object, and enables NetFlow globally for the NetFlow
objects. Also included is NetFlow on internal and external interfaces.
to which traffic is matched, creates a NetFlow object, and enables NetFlow globally for the NetFlow
objects. Also included is NetFlow on internal and external interfaces.
ASA Configuration
class-map netflow_default
match any
flow-export destination management-utility 1.2.3.4 1024
flow-export template timeout-rate 120
flow-export delay flow-create 60
flow-export active refresh-interval 30
class netflow_default
flow-export event-type all destination 1.2.3.4
XML Example
<polUni>
<fvTenant name="tenant1">
<vnsLDevVip name="Firewall">