56-5
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter56 Configuring Service Policy Rules on Firewall Devices
IPS, QoS, and Connection Rules Page
Related Topics
Chapter 56, “Configuring Service Policy Rules on Firewall Devices”
Insert/Edit Service Policy (MPC) Rule Wizard, page56-6
About Service Policy Rules, page 56-1
Understanding Queuing Parameters, page 63-4
Field Reference
IPS, QoS, and Connection Rules Page
Use the IPS, QoS, and Connection Rules page to define new service policy rules, and to edit or delete
existing service policy rules.
Configuring IPS, QoS and Connection Rules consists of three tasks:
1. Configure a service policy. Create a service policy and determine the interfaces to which the service
policy applies. For more information, see Step 1. Configure a Service Policy, page 56-6.
2. Configure the traffic class. Specify the criteria you want to use to identify the traffic to which the
service policy applies. For more information, see Step 2. Configure the traffic class, page56-7.
3. Configure the actions. Specify the actions that should be taken to protect information or resources,
or to perform QoS functions for the traffic specified in this service policy. For more information, see
Step 3. Configure the MPC actions, page 56-8.
The three tasks are performed using the Insert/Edit Service Policy (MPC) Rule Wizard, page56-6. Refer
to the individual task topics for descriptions of the fields displayed in the IPS, QoS and Connection Rules
table on this page.
Navigation Path
(Device view) Select Platform > Service Policy Rules > IPS, QoS, and Connection Rules from
the Device Policy selector.
(Policy view) Select PIX/ASA/FWSM Platform > Service Policy Rules > IPS, QoS, and
Connection Rules from the Policy Type selector. Select an existing policy from the Shared Policy
selector, or create a new one.
Table56-1 Priority Queue Configuration Dialog Box
Element Description
Interface Name Specify the interface to which this rule applies; you can enter the
interface name, or click Select to choose an available interface.
Queue Limit Enter the maximum number of packets that can be queued in a priority
queue before it drops data. This limit must be in the range of 0 through
2048 packets.
Transmission Ring Limit Enter the maximum number of packets allowed into the transmit queue.
This fine-tuning of the transmit queue can reduce latency and offer
better performance through the transmit driver.
On PIX devices, this value can range from 3 through 128 packets. On
ASAs prior to version 7.2, this limit can be in the range 3 through 256
packets, while on ASAs running version 7.2 and higher, the value can
be in the range 3 through 512 packets.