Defining Actions Using a Layer 3/4 Policy Map
•
•
•
•
•
Policy Map Guidelines
See the following guidelines for using policy maps:
•
•
•
•
Supported Feature Types
Feature types supported by the Modular Policy Framework that you can enable in the policy map include
the following:
•
•
•
•
•
•
•
Feature Directionality
Actions are applied to traffic bidirectionally or unidirectionally depending on the feature. For features
that are applied bidirectionally, all traffic that enters or exits the interface to which you apply the policy
map is affected if the traffic matches the class map for both directions.
When you use a global policy, all features are unidirectional; features that are normally bidirectional
Note
when applied to a single interface only apply to the ingress of each interface when applied globally.
Because the policy is applied to all interfaces, the policy will be applied in both directions so
bidirectionality in this case is redundant.
Cisco Security Appliance Command Line Configuration Guide
21-14
Supported Feature Types, page 21-14
Feature Directionality, page 21-14
Feature Matching Guidelines within a Policy Map, page 21-15
Feature Matching Guidelines for multiple Policy Maps, page 21-15
Order in Which Multiple Feature Actions are Applied, page 21-16
You can only assign one policy map per interface.
You can apply the same policy map to multiple interfaces.
You can identify multiple Layer 3/4 class maps in a Layer 3/4 policy map.
For each class map, you can assign multiple actions from one or more feature types.
TCP normalization, TCP and UDP connection limits and timeouts, and TCP sequence number
randomization
CSC
Application inspection
IPS
QoS input policing
QoS output policing
QoS priority queue
Chapter 21
Using Modular Policy Framework
OL-12172-03