Modular Policy Framework(MPF) provides a consistent and flexible way to configure security appliance features. For example, you can use MPF to create a timeout configuration that is specific to a particular TCP application, as opposed to one that applies to all TCP applications.
Configuring Modular Policy Framework consists of three tasks:
1. class-map: Identify the traffic to which you want to apply actions. See "Identifying Traffic Using a Class Map" section.
2. policy-map: Apply actions to the traffic. See "Defining Actions Using a Policy Map" section.
3. service-policy: Activate the actions on an interface. See "Applying a Policy to an Interface Using a Service Policy" section.
Examples:
hostname(config)# class-map inspection_default
hostname(config-cmap)# match default-inspection-traffic
hostname(config)# class-map http_traffic
hostname(config-cmap)# match port tcp eq 80
hostname(config)# policy-map outside_policy
hostname(config-pmap)# class inspection_default
hostname(config-pmap-c)# inspect http http_map
hostname(config-pmap-c)# inspect sip
hostname(config-pmap)# class http_traffic
hostname(config-pmap-c)# set connection timeout tcp 0:10:0hostname(config)# service-policy outside_policy interface outside[ Link ]
1 comment:
Thank you for sharing this topic about Appliance feature thingie. :D
Post a Comment