Solved: Dangerous to remove this Global Service Policy on ASA-5525?

jmaxwellUSAF · ‎02-10-2023

Hi,

on this ASA-5525, It will be insightful to a troubleshoot if I simply remove the below global service policy, but I do not understand the negative consequences of this action. It seems to me this global policy is a security restriction, and thus not essential to connectivity. Thus, I'm inclined to temporarily remove it.

If I remove, then 10 mins later reapply this config, do you expect anything significantly bad will happen?

Thank you.

---

ASA-5525# show service-policy

Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: dns preset_dns_map, packet 466799322, lock fail 0, drop 44753, reset-drop 0, 5-min-pkt-rate 34 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: ftp, packet 34293991, lock fail 0, drop 50, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: h323 h225 _default_h323_map, packet 69659, lock fail 0, drop 0, reset-drop 1810, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
tcp-proxy: bytes in buffer 0, bytes dropped 310648
Inspect: h323 ras _default_h323_map, packet 755, lock fail 0, drop 708, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: rsh, packet 63345, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: rtsp, packet 39934, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: esmtp _default_esmtp_map, packet 96866793, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: sqlnet, packet 18602595, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 1 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: skinny , packet 1295131, lock fail 0, drop 2357, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
tcp-proxy: bytes in buffer 0, bytes dropped 81656
Inspect: sunrpc, packet 5342840, lock fail 0, drop 34, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: xdmcp, packet 52743, lock fail 0, drop 3788, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: netbios, packet 143784910, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 13 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: tftp, packet 53932, lock fail 0, drop 58, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: ip-options _default_ip_options_map, packet 0, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: icmp, packet 59971587, lock fail 0, drop 64577, reset-drop 0, 5-min-pkt-rate 2 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Inspect: snmp, packet 156544789, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 15 pkts/sec, v6-fail-close 0 sctp-drop-override 0
Class-map: five9-alg
Inspect: sip , packet 0, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Class-map: five9-alg-in
Inspect: sip , packet 0, lock fail 0, drop 0, reset-drop 0, 5-min-pkt-rate 0 pkts/sec, v6-fail-close 0 sctp-drop-override 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Class-map: class-default