Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

21-22

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 21 Managing Zone-based Firewall Rules

Configuring Inspection Maps for Zone-based Firewall Policies

Navigation Path

From the Add or Edit Class Maps dialog boxes for the HTTP (IOS) class, right-click inside the table and

select Add Row or right-click a row and select Edit Row. See Configuring Class Maps for Zone-Based

Firewall Policies, page 21-17.

Related Topics

• Understanding Map Objects, page 6-72

• Configuring Inspection Maps for Zone-based Firewall Policies, page 21-15

• Configuring Content Filtering Maps for Zone-based Firewall Policies, page 21-35

• Understanding the Zone-based Firewall Rules, page 21-3

Field Reference

Table 21-5 HTTP (IOS) Class Add or Edit Match Criterion Dialog Boxes

Element Description

Criterion Specifies which criterion of HTTP traffic to match. The criteria are

described above.

Type Specifies that the map includes traffic that matches the criterion.

Variable Fields

The following fields vary based on what you select in the Criterion field. This list is a super-set of the

fields you might see.

Less Than Length The minimum length in bytes of the evaluated field. The criterion

matches if the length is less than the specified number.

Greater Than Length The maximum length in bytes of the evaluated field. The criterion

matches if the length is greater than the specified number.

Header Option The type of header record. If you do not select a record type, the count

or expression is applied to all records in the header. If you select a

record type, those selections are applied only to the records of the

selected type. If you select content type or transfer encoding, you can

make additional selections related to those types.

Request Method The request method you want to match.

Value (Content Type) If you select content-type in the Header Option field, you can select

these types:

• Mismatch—Verifies the content-type of the response message

against the accept field value of the request message.

• Unknown—The content type is not known. Select Unknown when

you want to evaluate the item against all known MIME types.

• Violation—The content-type definition and the content type of the

actual body do not match.

previous next