LMS 3.2: Compliance Mngt with two submodes

Answered Question
Sep 21st, 2010

Hi,

I would like to know, how to test e.g. inspect commands.

ASA-config:

policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp

......

How to write the compliance rules, if two submodes are needed ?

I tried (without success) two rules with parent and child (with or without prerequisite of the parent):

Name: inspection      SubMode: Yes      isPrerequisite: No
Ordered : No     Prerequisite-Commandset : none     Parent: none
  policy-map   global_policy
#

Name: inspectionsub     SubMode: Yes      isPrerequisite: No
Ordered : No     Prerequisite-Commandset : none     Parent: inspection
  class   inspection_default
  -   inspect   esmtp
  -   inspect   sqlnet

Ideas anyone ?

Thank you,

Holger

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 6 years 2 months ago

RME doesn't break out all of the sub-modes of the ASA.  Only interfaces are broken out into sub-modes.  To make sure the "inspect sqlnet" and "inspect esmtp" commands aren't in the config, you'd have to check in global mode.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Joe Clarke Tue, 09/21/2010 - 22:45

RME doesn't break out all of the sub-modes of the ASA.  Only interfaces are broken out into sub-modes.  To make sure the "inspect sqlnet" and "inspect esmtp" commands aren't in the config, you'd have to check in global mode.

Actions

This Discussion