Configure a Security Appliance Modular Policy
Configure a policy map

The policy-map command is used to configure various policies. A policy consists of a class command and its associated actions. The PIX Security Appliance supports one policy per interface and one global policy. Each policy map may support multiple classes and policy actions. In the example in Figure , there are two policy maps, the outside policy map and the global policy map. The outside policy map supports four class maps, these are the Internet, SE, EXEC, and S2S class maps. IDS, Inspect, police, and priority actions are associated with the aforementioned classes. The global policy map supports default inspection criteria for all traffic.

The following steps are use to define a policy map:

Step 1 Name the policy.
Step 2 Identify a class of traffic covered by this policy.
Step 3 Associate an action or actions with each traffic flow.

The first step is to define the policy maps. In the example in Figure , there are two policy maps, outside and global.

The next step is to identify which traffic flows, or classes, are specified in a policy map. Each traffic flow is identified by a class map name. In the example in Figure , the outside policy map is identified. Internet class traffic flow is assigned to the outside policy map.

The syntax of the policy-map commands is as follows:

policy-mappolicymap_name
description text
classclassmap_name

The last step is to associate actions with specific traffic flows within a policy map. In the example in Figure , the policy map name, outside, is defined. The Internet class of traffic is defined. The administrator must next associate actions with this traffic flow. The policy action options are to forward traffic to IDS, perform specified protocol inspections, police the bandwidth used by the specified flow, direct the flow to the low latency queue, or set connection parameters on these flows.

To display all of the policy map configurations or the default policy map configuration, use the show running-config policy-map command.

More information about the syntax of the policy-map command is available in the Command Reference.