21-23
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter21 Managing Zone-based Firewall Rules
Configuring Inspection Maps for Zone-based Firewall Policies
IMAP and POP3 Class Maps Add or Edit Match Criterion Dialog Boxes
Use the Add or Edit Match Criterion dialog boxes for the Internet Message Access Protocol (IMAP) and
Post Office Protocol 3 (POP3) classes used with zone-based firewall policies to define a match criterion
and value for the class map.
You can select the following criteria to identify matching traffic:
Invalid Command—Matches commands that are not valid on a POP3 server or IMAP connection.
Login Clear Text—Matches non-secure logins, where the password is being provided in clear text.
Navigation Path
From the Add or Edit Class Maps dialog boxes for the IMAP or POP3 classes, right-click inside the table
and select Add Row or right-click a row and select Edit Row. See Configuring Class Maps for
Zone-Based Firewall Policies, page 21-17.
Encoding Type If you select transfer encoding in the Header Option field, you can
select these types:
All—All of the transfer encoding types.
Chunked—The message body is transferred as a series of chunks;
each chunk contains its own size indicator.
Compress—The message body is transferred using UNIX file
compression.
Deflate—The message body is transferred using zlib format (RFC
1950) and deflate compression (RFC 1951).
GZIP—The message body is transferred using GNU zip (RFC
1952).
Identity—No transfer encoding is performed.
Greater Than Count The maximum number of records allowed in the header. If you select a
specific header option, the count applies to those types of records. If
you do not select a specific header option, the count applies to the total
number of records in the header without regard to type.
Regular Expression The regular expression object that defines the regular expression you
want to use for pattern matching. Enter the name of the object. You can
click Select to choose the object from a list of existing ones or to create
a new regular expression object.
Port Misuse The type of request port misuse you want to match. Your options are:
Any—Any of the listed types of misuse.
IM—Instant messaging protocol applications subject to inspection.
P2P—Peer-to-peer protocol applications subject to inspection.
Tunneling—Tunneling applications subject to inspection:
HTTPPort/HTTPHost.
Table21-5 HTTP (IOS) Class Add or Edit Match Criterion Dialog Boxes (Continued)
Element Description