Solved: LMS 3.2: Compliance Mngt with two submodes

h-schmidt · ‎09-21-2010

Hi,

I would like to know, how to test e.g. inspect commands.

ASA-config:

policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp

......

How to write the compliance rules, if two submodes are needed ?

I tried (without success) two rules with parent and child (with or without prerequisite of the parent):

Name: inspection      SubMode: Yes      isPrerequisite: No
Ordered : No     Prerequisite-Commandset : none     Parent: none
policy-map   global_policy
#

Name: inspectionsub     SubMode: Yes      isPrerequisite: No
Ordered : No     Prerequisite-Commandset : none     Parent: inspection
class   inspection_default
-   inspect   esmtp
-   inspect   sqlnet

Ideas anyone ?

Thank you,

Holger

Joe Clarke · ‎09-21-2010

RME doesn't break out all of the sub-modes of the ASA. Only interfaces are broken out into sub-modes. To make sure the "inspect sqlnet" and "inspect esmtp" commands aren't in the config, you'd have to check in global mode.

View solution in original post

Joe Clarke · ‎09-21-2010

RME doesn't break out all of the sub-modes of the ASA. Only interfaces are broken out into sub-modes. To make sure the "inspect sqlnet" and "inspect esmtp" commands aren't in the config, you'd have to check in global mode.