I'm new to comm/firewall-related things. I have a new customer that has an ASA 5505.
This ASA doesn't have any class-map or policy-map statements in its config. From what I've read there is, by default in an ASA 5505, the following configuration...
policy-map type inspect dns preset_dns_map
message-length maximum 512
inspect dns preset_dns_map
inspect h323 h225
inspect h323 ras
service-policy global_policy global
The only problem I notice from the missing stuff is that FTP doesn't work (clients from the inside can't access or download files from FTP-servers on the internet). I've managed to solve this with the following configuration...
match port tcp eq ftp
service-policy FTP-policy interface outside
My question is should I recreate the default class-map and policy-map? What functionality do they provide... can they introduce any latency or other problems?
Thanks in advance