Filter
Top Products
36-8
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 36 Configuring a Service Policy
Task Flows for Configuring Service Policies
Another class map that exists in the default configuration is called class-default, and it matches all
traffic. You can use the class-default class if desired, rather than using the Any traffic class. In fact, some
features are only available for class-default, such as QoS traffic shaping.
Task Flows for Configuring Service Policies
This section includes the following topics:
• Task Flow for Configuring a Service Policy Rule, page 36-8
Task Flow for Configuring a Service Policy Rule
Configuring a service policy consists of adding one or more service policy rules per interface or for the
global policy. For each rule, you identify the following elements:
Step 1 Identify the interface to which you want to apply the rule, or identify the global policy.
Step 2 Identify the traffic to which you want to apply actions. You can identify Layer 3 and 4 through traffic.
Step 3 Apply actions to the traffic class. You can apply multiple actions for each traffic class.
Adding a Service Policy Rule for Through Traffic
See the “Supported Features for Through Traffic” section on page 36-1 for more information. To add a
service policy rule for through traffic, perform the following steps:
Step 1 Choose Configuration > Firewall > Service Policy Rules pane, and click Add.
The Add Service Policy Rule Wizard - Service Policy dialog box appears.
Note When you click the Add button, and not the small arrow on the right of the Add button, you add
a through traffic rule by default. If you click the arrow on the Add button, you can choose
between a through traffic rule and a management traffic rule.
Step 2 In the Create a Service Policy and Apply To area, click one of the following options:
• Interface. This option applies the service policy to a single interface. Interface service policies take
precedence over the global service policy for a given feature. For example, if you have a global
policy with FTP inspection, and an interface policy with TCP connection limits, then both FTP
inspection and TCP connection limits are applied to the interface. However, if you have a global
policy with FTP inspection, and an interface policy with FTP inspection, then only the interface
policy FTP inspection is applied to that interface.
a. Choose an interface from the drop-down list.
If you choose an interface that already has a policy, then the wizard lets you add a new service
policy rule to the interface.
b. If it is a new service policy, enter a name in the Policy Name field.