Cisco Systems ASA 5585-X Webcam User Manual


 
10-7
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 10 Getting Started with Application Layer Protocol Inspection
Configuring Application Layer Protocol Inspection
Configuring Application Layer Protocol Inspection
This feature uses Security Policy Rules to create a service policy. Service policies provide a consistent
and flexible way to configure ASA features. For example, you can use a service policy to create a timeout
configuration that is specific to a particular TCP application, as opposed to one that applies to all TCP
applications. See Chapter 1, “Configuring a Service Policy,” for more information.
Inspection is enabled by default for some applications. See the “Default Settings and NAT Limitations”
section for more information. Use this section to modify your inspection policy.
Detailed Steps
Step 1 Choose Configuration > Firewall > Service Policy Rules.
Step 2 Add or edit a service policy rule according to the “Adding a Service Policy Rule for Through Traffic”
section on page 1-8.
If you want to match non-standard ports, then create a new rule for the non-standard ports. See the
“Default Settings and NAT Limitations” section on page 10-4 for the standard ports for each inspection
engine. You can combine multiple rules in the same service policy if desired, so you can create one rule
to match certain traffic, and another to match different traffic. However, if traffic matches a rule that
contains an inspection action, and then matches another rule that also has an inspection action, only the
first matching rule is used.
Step 3 In the Edit Service Policy Rule > Rule Actions dialog box, click the Protocol Inspection tab.
For a new rule, the dialog box is called Add Service Policy Rule Wizard - Rule Actions.
Step 4 Select each inspection type that you want to apply.
Step 5 (Optional) Some inspection engines let you control additional parameters when you apply the inspection
to the traffic. Click Configure for each inspection type to configure an inspect map.
You can either choose an existing map, or create a new one. You can predefine inspect maps in the
Configuration > Firewall > Objects > Inspect Maps pane.
Step 6 You can configure other features for this rule if desired using the other Rule Actions tabs.
Step 7 Click OK (or Finish from the wizard).