Hi,

In MPF how many service-policy I can configure per interface.Please find theconfiguration in my ASA..

class-map inspection_default

match default-inspection-traffic

class-map imblock

match any

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map type inspect im impolicy

parameters

match protocol msn-im yahoo-im

drop-connection

policy-map IM_BLOCK

class imblock

inspect im impolicy

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect http

!

service-policy global_policy global

service-policy IM_BLOCK interface outside

I want to add one more modular policy to prevent TCP SYN attack.Please find the configuration..

#class-map tcp_syn

#match port tcp eq 80

#exit

#policy-map tcpmap

#class tcp_syn

#set connection conn-max 100

#set connection embryonic-conn-max 200

#set connection per-client-embryonic-max 10

#set connection per-client-max 5

#set connection timeout embryonic 0:0:45

#set connection timeout half-closed 0:25:0

#set connection timeout tcp 2:0:0

#exit

#service-policy tcpmap global

** Shall I add the above configuration in my ASA?How many service policy I can assign in global interface.