Cisco Cisco ASA 5520 Adaptive Security Appliance 技术手册
22
XML Examples for the Cisco Application Centric Infrastructure Security Device Package, Version 1.2(7)
SourceFire
SourceFire
This XML example shows a basic SourceFire configuration in fail-open and monitor-only mode.
ASA Configuration
access-list ACL1 extended permit ip any any
class-map sfr_internalIf
match access-list ACL1
policy-map internalIf
class sfr_internalIf
sfr fail-open monitor-only
XML Example
<polUni>
<fvTenant name="tenant1">
<vnsAbsGraph name = "WebGraph">
<vnsAbsNode name = "FW1">
<vnsAbsDevCfg>
<vnsAbsFolder key="AccessList" name="ACL1">
<vnsAbsFolder key="AccessControlEntry" name="ACE1">
<vnsAbsParam key="action" name="action1" value="permit"/>
<vnsAbsParam key="order" name="order1" value="1"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="Interface" name="internalIf">
<vnsAbsFolder key="ServicePolicy" name="SFR-Policy">
<vnsAbsParam key="ServicePolicyState" name="PolicyState"
value="enable"/>
<vnsAbsFolder key="SFR" name="SFR">
<vnsAbsCfgRel key="TrafficSelection" name="TrafficSelect"
targetName="ACL1"/>
<vnsAbsFolder key="SFRSettings" name="SFRSettings">
<vnsAbsParam key="monitor_only" name="operate_mode"
value="enable"/>
<vnsAbsParam key="fail_mode" name="fail_mode"
value="fail-open"/>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsDevCfg>
</vnsAbsNode>
</vnsAbsGraph>
</fvTenant>
</polUni>