Installation guide

ManualsBrandsCisco ManualsComputer equipmentExplorer 4700

151

152

153

154

155

156

157

158

159

160

5-21

Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance

OL-26645-02

Chapter 5 Configuring Virtual Servers

Configuring Virtual Servers

Step 6 For FTP protocol inspection, do the following:

a. Check the Use Strict check box to indicate that the virtual server is to perform enhanced inspection

of FTP traffic and enforce compliance with RFC standards. Clear this check box to indicate that the

virtual server is not to perform enhanced FTP inspection.

b. If you checked the Use Strict check box, in the Blocked FTP Commands field, identify the

commands that are to be denied by the virtual server. See Table 12-13 for more information about

the FTP commands.

–

Select the commands that are to be blocked by the virtual server in the Available list, and then

click Add. The commands appear in the Selected list.

–

To remove commands that you do not want to be blocked, select them in the Selected list, and

then click Remove. The commands appear in the Available list.

Step 7 For HTTP or HTTPS inspection, do the following:

a. Check the Logging Enabled check box to enable monitoring of Layer 3 and Layer 4 traffic. When

enabled, this feature logs every URL request that is sent in the specified class of traffic, including

the source or destination IP address and the URL that is accessed. Clear this check box to disable

monitoring of Layer 3 and Layer 4 traffic.

b. In the Policy subset, click Add to add a new match condition and action, or select an existing match

condition and action, and then click Edit to modify it. The Policy configuration pane appears.

c. In the Matches field, select an existing class map or *New* or *Inline Match* to configure new

match criteria for protocol inspection.

If you select an existing class map, the screen refreshes and allows you to view, modify, or duplicate

the selected class map. See the “Shared Objects and Virtual Servers” section on page 5-9 for more

information about modifying shared objects.

d. Configure match criteria and related actions by following the steps in Table 5-5.

Table 5-5 Protocol Inspection Match Criteria Configuration

Selection Action

Existing class map

1. Click View to review the match condition information for the selected class map.

2. Do the following:

–

Click Cancel to continue without making changes and to return to the previous screen.

–

Click Edit to modify the existing configuration.

–

Click Duplicate to create a new class map with the same attributes without affecting other

virtual servers using the same class map.

See the “Shared Objects and Virtual Servers” section on page 5-9 for more information about

modifying shared objects.

3. In the Action field, indicate the action that the virtual server is to perform on the traffic if it

matches the specified match criteria:

–

Permit—Indicates that the specified traffic is to be received by the virtual server if it meets

the specified deep inspection match criteria.

–

Reset—Indicates that the specified traffic is to be denied by the virtual server, which then

sends a TCP reset message to the client or server to close the connection.