17-56
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
Field Reference
HTTP Map Port Misuse Tab
Use the Port Misuse tab to enable port misuse application firewall inspection. The application categories
you can configure are:
IM—Instant Messaging. The applications checked for are Yahoo! Messenger, AIM, and MSN IM.
P2P—Peer-to-peer applications. The Kazaa application is checked.
Tunneling—Tunneling applications. The applications checked for are HTTPort/HTTHost, GNU
Httptunnel, GotoMyPC, Firethru, and Http-tunnel.com Client.
Navigation Path
Click the Port Misuse tab on the Add and Edit HTTP Map dialog boxes for ASA 7.1.x/PIX 7.1.x/FWSM
3.x/IOS Devices. See Configuring HTTP Maps for ASA 7.1.x, PIX 7.1.x, FWSM 3.x and IOS Devices,
page 17-50.
Related Topics
Understanding Map Objects, page 6-72
Configuring Protocols and Maps for Inspection, page 17-21
Table17-32 HTTP Map Extension Request Method Tab
Element Description
Available and Selected
Methods
Action
Generate Syslog
The Available Methods list contains the extension request methods
defined in RFC 2616.
To configure an action for a method, select it, then select an action and
optionally select Generate Syslog if you want a message added to the
syslog when an HTTP request containing the selected method is
encountered. Click the >> button to add it to the Selected Methods list.
(To remove a method from the selected list, select it and click the <<
button.)
Tip You can select multiple methods at a time using Ctrl+click if
the action and syslog requests are the same for each.
The actions you can specify are:
Allow Packet—Allow the message.
Drop Packet—Close the connection.
Reset Connection (default)—Send a TCP reset message to client
and server.
Specify the action to be
applied for the remaining
available methods above.
Whether to define a default action for the methods for which you have
not configured specific actions above. If you select this option, select
the action and syslog setting to use for the default action.