LMS 3.2: Compliance Mngt with two submodes

Answered Question
Sep 21st, 2010

Hi,


I would like to know, how to test e.g. inspect commands.


ASA-config:


policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp

......


How to write the compliance rules, if two submodes are needed ?


I tried (without success) two rules with parent and child (with or without prerequisite of the parent):


Name: inspection      SubMode: Yes      isPrerequisite: No
Ordered : No     Prerequisite-Commandset : none     Parent: none
  policy-map   global_policy
#


Name: inspectionsub     SubMode: Yes      isPrerequisite: No
Ordered : No     Prerequisite-Commandset : none     Parent: inspection
  class   inspection_default
  -   inspect   esmtp
  -   inspect   sqlnet



Ideas anyone ?


Thank you,

Holger

Correct Answer by Joe Clarke about 6 years 5 months ago

RME doesn't break out all of the sub-modes of the ASA.  Only interfaces are broken out into sub-modes.  To make sure the "inspect sqlnet" and "inspect esmtp" commands aren't in the config, you'd have to check in global mode.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Joe Clarke Tue, 09/21/2010 - 22:45

RME doesn't break out all of the sub-modes of the ASA.  Only interfaces are broken out into sub-modes.  To make sure the "inspect sqlnet" and "inspect esmtp" commands aren't in the config, you'd have to check in global mode.

Actions

This Discussion