Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Configuring Layer 7 Inspection

Hi Everyone,

I was reading this from cisco live--

Configuring layer 7 inspection

1.Create a Layer 7 class map to identify traffic by matching criteria specific to applications: 

2.Create a Layer 7 policy map to defend against Application Layer attacks by referencing a Layer 7 class-map and applying an action

3.Create a Layer 3/4 policy map to associate traffic defined in a Layer 3/4 class map and reference the Layer 7 policy map:???

I understand lines 1 and 2  but need to know what does  line 3 mean?Need explanation on that?

Regards

Mahesh

2 ACCEPTED SOLUTIONS

Accepted Solutions
Bronze

Configuring Layer 7 Inspection

Hello,

Example:

class-map L3_Class

match access-list L3_ACL

class-map type inspect http match-all BlockDomainsClass

match request header host regex class DomainBlockList

policy-map type inspect http http_inspection_policy

class BlockDomainsClass

  reset log

policy-map inside-policy ---------------------{ L3 Policy-map }

class L3_Class ---------------------------------{ L3 Classs-map }

  inspect http http_inspection_policy-----{ L7 policy-map }

I hope this helps.

Regards,

Felipe.

Bronze

Configuring Layer 7 Inspection

Mahesh,

After the L7 policy-map has been created, this is how you can apply it.

Regards,

Felipe.

5 REPLIES
Bronze

Configuring Layer 7 Inspection

Hello,

Example:

class-map L3_Class

match access-list L3_ACL

class-map type inspect http match-all BlockDomainsClass

match request header host regex class DomainBlockList

policy-map type inspect http http_inspection_policy

class BlockDomainsClass

  reset log

policy-map inside-policy ---------------------{ L3 Policy-map }

class L3_Class ---------------------------------{ L3 Classs-map }

  inspect http http_inspection_policy-----{ L7 policy-map }

I hope this helps.

Regards,

Felipe.

Community Member

Configuring Layer 7 Inspection

Hi Felipe,

Ya that helped a lot.Can you please tell the reason why we need to do step 3?

Regards

Mahesh

Bronze

Configuring Layer 7 Inspection

Mahesh,

After the L7 policy-map has been created, this is how you can apply it.

Regards,

Felipe.

Community Member

Configuring Layer 7 Inspection

Hi Felipe,

Thanks for answering.

Regards

Mahesh

Bronze

Configuring Layer 7 Inspection

Mahesh,

You're welcome, I'm glad to be of help.

Regards,

Felipe.

156
Views
0
Helpful
5
Replies
CreatePlease to create content