Filter
Top Products
17-33
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
Valu e
(for DNS Type criterion)
The DNS type you want to inspect:
• DNS Type Field Name—Matches the name of a DNS type:
–
A—IPv4 address.
–
AXFR—Full (zone) transfer.
–
CNAME—Canonical name.
–
IXFR—Incremental (zone) transfer.
–
NS—Authoritative name server.
–
SOA—Start of a zone of authority.
–
TSIG—Transaction signature.
• DNS Type Field Value—Matches the specified number.
• DNS Type Field Range—Matches the specified range of numbers.
Valu e
(for Domain Name criterion)
The regular expression you want to evaluate. You can select one of the
following:
• Regular Expression—The regular expression object that defines
the regular expression you want to use for pattern matching. Enter
the name of the object. You can click Select to choose the object
from a list of existing ones or to create a new regular expression
object.
• Regular Expression Group—The regular expression group object
that defines the regular expression you want to use for pattern
matching. Enter the name of the object. You can click Select to
choose the object from a list of existing ones or to create a new
regular expression group object.
Options
Valu e
(for Header Flag criterion)
The header flag you want to inspect. Use the Options field to indicate
whether you want an exact match (Equals) or a partial match
(Contains).
• Header Flag Name—Matches the selected header flag names:
–
AA (authoritative answer)
–
QR (query)
–
RA (recursion available)
–
RD (recursion denied)
–
TC (truncation) flag bits
• Header Flag Value—Matches the specified 16-bit hexadecimal
value.
Resource Record Lists the sections to match:
• Additional—DNS additional resource record.
• Answer—DNS answer resource record.
• Authority—DNS authority resource record.
Table 17-16 DNS Class and Policy Maps Add and Edit Match Condition and Action Dialog Boxes
Element Description