09-21-2010 04:49 AM
Hi,
I would like to know, how to test e.g. inspect commands.
ASA-config:
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
......
How to write the compliance rules, if two submodes are needed ?
I tried (without success) two rules with parent and child (with or without prerequisite of the parent):
Name: inspection SubMode: Yes isPrerequisite: No
Ordered : No Prerequisite-Commandset : none Parent: none
policy-map global_policy
#
Name: inspectionsub SubMode: Yes isPrerequisite: No
Ordered : No Prerequisite-Commandset : none Parent: inspection
class inspection_default
- inspect esmtp
- inspect sqlnet
Ideas anyone ?
Thank you,
Holger
Solved! Go to Solution.
09-21-2010 10:45 PM
RME doesn't break out all of the sub-modes of the ASA. Only interfaces are broken out into sub-modes. To make sure the "inspect sqlnet" and "inspect esmtp" commands aren't in the config, you'd have to check in global mode.
09-21-2010 10:45 PM
RME doesn't break out all of the sub-modes of the ASA. Only interfaces are broken out into sub-modes. To make sure the "inspect sqlnet" and "inspect esmtp" commands aren't in the config, you'd have to check in global mode.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide