Modular Policy Framework order of operation

Unanswered Question
Feb 19th, 2007

I am just looking for an order of operation. If I have an ASA 7.2(2) and I a default global policy. If I make a service policy, and apply it to an interface does that replace the global policy for traffic traversing that interface, or is it like an ACL that if it doesn't match it looks at the next. Example Http traffic, if it doesn't match the policy assigned to the interface which is only set to inspect ftp, it then checks the default policy for a match on the http inspect?

Thanks in advance for the info

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
vitripat Tue, 02/20/2007 - 15:05

You are right. With global policy in place, if you apply a interface policy, traffic would be first checked based on the interface policy. If traffic does not match any thing in the interface policy, then it'll be matched based on the global policy.

If traffic has been matched in the interface policy, then it wont be sent through the global policy again. This is one of the reasons it is said to define the traffic in interface policy as specific as possible.

Hope this clarifies.



abinjola Wed, 02/21/2007 - 13:46

Hello ,

The service-policy command activates a policy-map command globally on all interfaces or on a targeted interface. An interface can be a virtual (vlan) interface or a physical interface. Only one global policy-map is allowed. If you specify the keyword interface and an interface name, the policy-map applies only to that interface. An interface policy-map inherits rules from the global policy-map. For rules that overlap with the global policy map, the interface policy rules will be applied. Only one interface policy-map can be applied to an interface at any one time

Please let me know if you need any links on this

Hope that answered your Queries !

Jesse Wiener Wed, 02/21/2007 - 13:50

if you have links that would be cool, but thanks for the great explaination.


This Discussion