Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 1 Configuring a Service Policy
Guidelines and Limitations
Guidelines and Limitations
This section includes the guidelines and limitations for this feature.
Context Mode Guidelines
Supported in single and multiple context mode.
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
IPv6 Guidelines
Supports IPv6 for the following features:
• Application inspection for DNS, FTP, HTTP, ICMP, ScanSafe, SIP, SMTP, IPsec-pass-thru, and
• NetFlow Secure Event Logging filtering
• TCP and UDP connection limits and timeouts, TCP sequence number randomization
• TCP normalization
• TCP state bypass
• User statistics for Identity Firewall
Traffic Class Guidelines
The maximum number of traffic classes of all types is 255 in single mode or per context in multiple
mode. Class maps include the following types:
• Layer 3/4 class maps (for through traffic and management traffic).
• Inspection class maps
• Regular expression class maps
• match commands used directly underneath an inspection policy map
This limit also includes default traffic classes of all types, limiting user-configured traffic classes to
approximately 235. See the “Default Traffic Classes” section on page 1-8.
Service Policy Guidelines
• Interface service policies take precedence over the global service policy for a given feature. For
example, if you have a global policy with FTP inspection, and an interface policy with TCP
normalization, then both FTP inspection and TCP normalization are applied to the interface.
However, if you have a global policy with FTP inspection, and an interface policy with FTP
inspection, then only the interface policy FTP inspection is applied to that interface.
Model License Requirement
All models Base License.