Using Modular Policy Framework
This chapter describes how to use Modular Policy Framework to create security policies for supported
features. This chapter includes the following sections:
•
•
•
•
•
•
Information About Modular Policy Framework
Modular Policy Framework provides a consistent and flexible way to configure FWSM features. For
example, you can use Modular Policy Framework to create a timeout configuration that is specific to a
particular TCP application, as opposed to one that applies to all TCP applications. This section includes
the following topics:
•
•
•
Modular Policy Framework Supported Features
Modular Policy Framework supports the following features:
•
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Information About Modular Policy Framework, page 20-1
Identifying Traffic (Layer 3/4 Class Map), page 20-4
Configuring Special Actions for Application Inspections (Inspection Policy Map), page 20-6
Defining Actions (Layer 3/4 Policy Map), page 20-14
Applying Actions to an Interface (Service Policy), page 20-20
Modular Policy Framework Examples, page 20-21
Modular Policy Framework Supported Features, page 20-1
Modular Policy Framework Configuration Overview, page 20-2
Default Global Policy, page 20-3
TCP and UDP connection settings, TCP sequence number randomization, and TCP state
bypass—See the
"Configuring Connection Limits and Timeouts" section on page
"Configuring TCP State Bypass" section on page
Application inspection—See
Permitting or Denying Application Types with PISA Integration—See the
Application Types with PISA Integration" section on page
C H A P T E R
21-10.
Chapter 22, "Applying Application Layer Protocol Inspection."
20
21-1, and
"Permitting or Denying
21-4.
20-1