24-66
Cisco ASDM User Guide
OL-16647-01
Chapter 24 Configuring Application Layer Protocol Inspection
Inspect Map Field Descriptions
Add/Edit DNS Policy Map (Security Level)
The Add/Edit DNS Policy Map pane lets you configure the security level and additional settings for DNS
application inspection maps.
Fields
• Name—When adding a DNS map, enter the name of the DNS map. When editing a DNS map, the
name of the previously configured DNS map is shown.
• Description—Enter the description of the DNS map, up to 200 characters in length.
• Security Level—Select the security level (high, medium, or low).
–
Low—Default.
DNS Guard: enabled
NAT rewrite: enabled
Protocol enforcement: enabled
ID randomization: disabled
Message length check: enabled
Message length maximum: 512
Mismatch rate logging: disabled
TSIG resource record: not enforced
–
Medium
DNS Guard: enabled
NAT rewrite: enabled
Protocol enforcement: enabled
ID randomization: enabled
Message length check: enabled
Message length maximum: 512
Mismatch rate logging: enabled
TSIG resource record: not enforced
–
High
DNS Guard: enabled
NAT rewrite: enabled
Protocol enforcement: enabled
ID randomization: enabled
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• • • •—
