Chapter 6. Protocol Inspections

Understanding Modular Policy Framework

If you have ever configured Cisco quality of service (QoS) using the Modular QoS command-line interface (CLI), the Modular Policy Framework (MPF) is going to make a lot of sense. This is because it is deployed using the same thought process: Class Map > Policy Map > Service Policy. With the MPF, you will

  1. Define the traffic in question using a class map.

  2. Define an action to take on the matching traffic using a policy map.

  3. Apply the policy either globally or to an interface using a service policy.

With the MPF, you can do the following:

  • Perform TCP normalization

  • Apply TCP and UDP connection limits and timeouts and TCP sequence number randomization

  • Forward traffic to the CSC (not with ...

Get CCSP SNPA Quick Reference now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.