cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
608
Views
0
Helpful
3
Replies

ASA - Check traffic with regex

Renzo_Orezzoli
Level 1
Level 1

I want to check specific ports & protocol messages for their data and only allow that data between two interfaces when it matches any of the conditions.

 

I built a regular expression class and have it OR match between the different regular expression's (name - value).

 

I think this is done correctly. But I'm not sure how to apply it to the interface(s).

3 Replies 3

Hi

 You need to add your class inside a policy and apply like this:

service-policy inside-policy interface inside

Refers to this doc:

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100535-asa-8x-regex-config.html

 

-If I helped you somehow, please, rate it as useful.- 

I've tried to do that via that guide, but it specifies HTTP traffic, what I want to do is only allow certain data through the FW regardless of the port or protocol used. I want to scan the packet data itself for corruption.

I think I understand now that I need the submodule's help in doing what I want. I'm exploring firepower now to do just that.

Review Cisco Networking for a $25 gift card