ASA防火墙11 应用层检测
生活随笔
收集整理的這篇文章主要介紹了
ASA防火墙11 应用层检测
小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
?
class-map type inspect ---> policy-map type inspect ---> policy-map ---> service-policy class-map---->policy-map---->service-policy ·??? 正則表達(dá)式:regulay expressions ·??? 組正則表達(dá)式: ciscoasa(config)# regex myregex1 cisco1\.com ciscoasa(config)# regex myregex2 cisco2\.com ciscoasa(config)# class-map type regex match-any mycla*** ciscoasa(config-cmap)# match regex myregex1 ciscoasa(config-cmap)# match regex myregex2 ciscoasa# test regex cisco.com "cisco\.com" //測試 ciscoasa(config)# class-map ? configure mode commands/options: ?WORD < 41 char?class-map name ?type??????????? Specifies the type of class-map //type里面定義的用在class類中,policy里面的用法一致 ·??? //http默認(rèn)的80替換成8080 ciscoasa(config)# class-map http8080 ciscoasa(config-cmap)# match port tcp eq 8080 ciscoasa(config)# policy-map mypolicy ciscoasa(config-pmap)# class http8080 ciscoasa(config-pmap-c)# inspect http ciscoasa(config)# service-policy mypolicy interface inside ·??? //同時(shí)檢測80和8080 ciscoasa(config)# class-map http8080 ciscoasa(config-cmap)# match port tcp eq 8080 ciscoasa(config)# class-map http80 ciscoasa(config-cmap)# match port tcp eq 80 ciscoasa(config)# policy-map mypolicy ciscoasa(config-pmap)# class http8080 ciscoasa(config-pmap-c)# inspect http ciscoasa(config-pmap)# class http80 ciscoasa(config-pmap-c)# inspect http ciscoasa(config)# service-policy mypolicy interface inside --------------------------------案例----------------------------------------- ciscoasa(config)# class-map type inspect http myhttp ciscoasa(config)# policy-map type inspect http myinpolicy ciscoasa(config-pmap)# class myhttp ciscoasa(config-pmap-c)# drop-connection ciscoasa(config)# policy-map mypolicy ciscoasa(config-pmap)# class class-default ciscoasa(config-pmap-c)# inspect http myinpolicy ciscoasa(config)# service-policy mypolicy interface inside -----------------------------------------------------------------------------轉(zhuǎn)載于:https://blog.51cto.com/nppstudy/725920
總結(jié)
以上是生活随笔為你收集整理的ASA防火墙11 应用层检测的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: secureCRT连接问题
- 下一篇: 14 款免费漂亮的 BuddyPress