Filter
Top Products
9-12
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 9 Getting Started with Application Layer Protocol Inspection
Configuring Application Layer Protocol Inspection
Step 6 To activate the policy map on one or more interfaces, enter the following command:
ciscoasa(config)# service-policy policymap_name {global | interface interface_name}
Where global applies the policy map to all interfaces, and interface applies the policy to one interface.
By default, the default policy map, “global_policy,” is applied globally. Only one global policy is
allowed. You can override the global policy on an interface by applying a service policy to that interface.
You can only apply one policy map to each interface.
scansafe [map_name] If you added a ScanSafe (Cloud Web Security) inspection
policy map according to “Configuring a Service Policy to
Send Traffic to Cloud Web Security” section on page 25-10,
identify the map name in this command.
sip [map_name] If you added a SIP inspection policy map according to
“Configuring a SIP Inspection Policy Map for Additional
Inspection Control” section on page 11-20, identify the map
name in this command.
skinny [map_name] If you added a Skinny inspection policy map according to
“Configuring a Skinny (SCCP) Inspection Policy Map for
Additional Inspection Control” section on page 11-26,
identify the map name in this command.
snmp [map_name] If you added an SNMP inspection policy map according to
“Configuring an SNMP Inspection Policy Map for
Additional Inspection Control” section on page 13-10,
identify the map name in this command.
sqlnet —
sunrpc The default class map includes UDP port 111; if you want to
enable Sun RPC inspection for TCP port 111, you need to
create a new class map that matches TCP port 111, add the
class to the policy, and then apply the inspect sunrpc
command to that class.
tftp —
waas —
xdmcp —
Table 9-2 Protocol Keywords
Keywords Notes