I am just looking for an order of operation. If I have an ASA 7.2(2) and I a default global policy. If I make a service policy, and apply it to an interface does that replace the global policy for traffic traversing that interface, or is it like an ACL that if it doesn't match it looks at the next. Example Http traffic, if it doesn't match the policy assigned to the interface which is only set to inspect ftp, it then checks the default policy for a match on the http inspect?
You are right. With global policy in place, if you apply a interface policy, traffic would be first checked based on the interface policy. If traffic does not match any thing in the interface policy, then it'll be matched based on the global policy.
If traffic has been matched in the interface policy, then it wont be sent through the global policy again. This is one of the reasons it is said to define the traffic in interface policy as specific as possible.
The service-policy command activates a policy-map command globally on all interfaces or on a targeted interface. An interface can be a virtual (vlan) interface or a physical interface. Only one global policy-map is allowed. If you specify the keyword interface and an interface name, the policy-map applies only to that interface. An interface policy-map inherits rules from the global policy-map. For rules that overlap with the global policy map, the interface policy rules will be applied. Only one interface policy-map can be applied to an interface at any one time
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...