I'm new to comm/firewall-related things. I have a new customer that has an ASA 5505.
This ASA doesn't have any class-map or policy-map statements in its config. From what I've read there is, by default in an ASA 5505, the following configuration...
class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global
The only problem I notice from the missing stuff is that FTP doesn't work (clients from the inside can't access or download files from FTP-servers on the internet). I've managed to solve this with the following configuration...
class-map FTP-traffic match port tcp eq ftp
policy-map FTP-policy class FTP-traffic inspect ftp
service-policy FTP-policy interface outside
My question is should I recreate the default class-map and policy-map? What functionality do they provide... can they introduce any latency or other problems?
Radius server configuration for 802.1X
Server radius test1
Address ipv4 10.1.1.1
Server radius test2
Address ipv4 10.1.1.2
aaa group server radius TEST-gr
server name test1
server name test2
Umbrella’s cloud-delivered firewall (CDFW) is a cool features that provides Firewall Services in the Cisco Umbrella Cloud without the need to deploy on-premises firewall devices and visibility and control for internet traffic across all branch offices. To...
SymptomsDownloadable ACL (dACL) does not take effect on the IOS-XE Network Access DevicesDiagnosisCreating redirection ACL on the IOS-XE device failed to redirect the specified traffic for captive portal redirectionSolutionEnable device tracking, Below is...
Multiple Cisco Security Technologies in a single book : ASA Firepower, WSA, Umbrella, ISE and VPN with 100 percent 100 practical scenarios with 70 Labs to cover important topics of the Cisco SCOR Exam. The best part is ISE with interesting scenarios wi...