21-54
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 21 Managing Zone-based Firewall Rules
Troubleshooting Zone-based Rules and Configurations
When you deploy these rules, Security Manager generates the following configuration. The bold letters
are added for reference in the explanation that follows the configuration.
A.
class-map type inspect http match-any HTTPcmap
match req-resp protocol-violation
match request port-misuse any
!
B.
policy-map type inspect http HTTPpmap
class type inspect http HTTPcmap
reset
log
!
C.
class-map type inspect CSM_ZBF_CLASS_MAP_1
match access-group name CSM_ZBF_CMAP_ACL_1
!
D.
class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_1
match protocol ftp
match protocol ftps
!
E.
class-map type inspect CSM_ZBF_CLASS_MAP_2
match access-group name CSM_ZBF_CMAP_ACL_2
match class-map CSM_ZBF_CMAP_PLMAP_1
!
F.
class-map type inspect match-any CSM_ZBF_CLASS_MAP_3
match protocol bittorrent
match protocol edonkey
match protocol fasttrack
match protocol icq
match protocol kazaa2
!
G.
class-map type inspect CSM_ZBF_CLASS_MAP_4
match protocol http
!