24-65
Cisco ASDM User Guide
OL-16647-01
Chapter 24 Configuring Application Layer Protocol Inspection
Inspect Map Field Descriptions
• Add—Configures a new DNS inspect map. To edit a DNS inspect map, select the DNS entry in the
DNS Inspect Maps table and click Customize.
• Delete—Deletes the inspect map selected in the DNS Inspect Maps table.
• Security Level—Select the security level (high, medium, or low).
–
Low—Default.
DNS Guard: enabled
NAT rewrite: enabled
Protocol enforcement: enabled
ID randomization: disabled
Message length check: enabled
Message length maximum: 512
Mismatch rate logging: disabled
TSIG resource record: not enforced
–
Medium
DNS Guard: enabled
NAT rewrite: enabled
Protocol enforcement: enabled
ID randomization: enabled
Message length check: enabled
Message length maximum: 512
Mismatch rate logging: enabled
TSIG resource record: not enforced
–
High
DNS Guard: enabled
NAT rewrite: enabled
Protocol enforcement: enabled
ID randomization: enabled
Message length check: enabled
Message length maximum: 512
Mismatch rate logging: enabled
TSIG resource record: enforced
• Customize—Opens the Add/Edit DNS Policy Map dialog box for additional settings.
• Default Level—Sets the security level back to the default level of Low.
Modes
The following table shows the modes in which this feature is available: