Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
17-44
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
Configuring Protocols and Maps for Inspection, page 17-21
Field Reference
Table 17-23 GTP Policy Maps Add and Edit Match Condition and Action Dialog Boxes
Element Description
Criterion Specifies which criterion of GTP traffic to match:
Access Point Name—Matches the access point name so you can
define the access points to drop when GTP application inspection
is enabled.
Message ID—Matches the numeric identifier for the message that
you want to drop. By default, all valid message IDs are allowed.
Message Length—Matches the length of the UDP packet. Use this
criterion to change the default for the maximum allowed message
length for the UDP payload.
Version—Matches the GTP version.
Type Specifies whether the map includes traffic that matches or does not
match the criterion. For example, if Doesn’t Match is selected on the
string “example.com,” then any traffic that contains “example.com” is
excluded from the map.
Matches—Matches the criterion.
Doesn’t Match—Does not match the criterion.
Action The action you want the device to take for traffic that matches the
defined criteria.
Drop Packet—By default, all invalid packets or packets that failed
during parsing are dropped.
Drop Packet and Log
Rate Limit
Variable Fields
The following fields vary based on what you select in the Criterion field. This list is a super-set of the
fields you might see.
Access Point Name The access points to act on when GTP application inspection is
enabled.
Specified By—An access point name to be dropped. By default, all
messages with valid APNs are inspected, and any APN is allowed.
Regular Expression—The regular expression object that defines
the regular expression you want to use for pattern matching. Enter
the name of the object. You can click Select to choose the object
from a list of existing ones or to create a new regular expression
object.
Regular Expression Group—The regular expression group object
that defines the regular expression you want to use for pattern
matching. Enter the name of the object. You can click Select to
choose the object from a list of existing ones or to create a new
regular expression group object.