Modular Policy Framework (MPF)

notion image
access-list FTP permit tcp any any eq ftp

class-map FTP-CLASS-MAP
		match access-list FTP

policay-map FTP-POLICY-MAP
		class FTP-CLASS-MAP
				inspect ftp

service-policy FTP-POLICY-MAP interface dmz
Default config
class-map inspection_default
	match default-inspection-traffic

policy-map global_policy
	class inspection_default
		inspect dns preset_dns_map
		inspect h323 h225
		inspect h323 ras
		inspect ip-options
		inspect netbios
		inspect rsh
		inspect rtdp
		inspect skinny
		inspect esmtp
		inspect sqlnet
		inspect sunrpc
		inspect tftp
		inspect sip
		inspect xdmcp
		inspect ftp

service-policy global_policy global

Traffic shaping

priority is outbound only
policing can be input or output
priority-queue inside  (create queue on interface)

class-map VOIP
		match dscp 46

class-map TELNET
		match port tcp eq telnet

policy-map inside_policy
	class VOIP
			priority
	class TELNET
			police output 8000 1500 conform-action transmit exceed-action drop


service-policy inside_policy interface inside
 
notion image
notion image
notion image
notion image
notion image
 
notion image