Service Policy rule setup on 5510 for SMTP traffic
I would like to have prior knowledge regarding Service Policy manage setup on our 5510 for SMTP activity.
Code:
outside-class1 1 True Match EMAILSIGServer any tcp/smtp class outside-class1
police input 1024000 1500 conform-action transmit exceed-action drop
police output 1024000 1500 conform-action transmit exceed-action drop
[[ class-map outside-class1 description match acl=outside_mpc match port=null ]]
Situation is, this week someone sent a more expansive message 20+mb to handfuls of beneficiaries and the outside interface was hitting 10mb, which is not what I could have looked for with this guideline in place, so I'm addressing the configuration.
Re: Service Policy rule setup on 5510 for SMTP traffic
I was viewing the Outside Interface 'Output' so never got the extent that exploring the counters. Be that as it may once we stopped the server that connects the signature to our messages, the movement dropped to nothing.
Re: Service Policy rule setup on 5510 for SMTP traffic
Alright, checked the running design and all looks peachy from what I could probably see/referred to. I've primarily examined the running config and chose the parts that identify with the Service Policy for the Email Server SMTP config.
Code:
access-list outside_mpc extended permit tcp host
EmailServerToInternet any eq smtp
class-map outside-class1
match access-list outside_mpc
policy-map outside-policy1
class outside-class1
police input 1024000 1500
police output 1024000 1500
service-policy outside-policy1 interface outside
This is ending up a real issue when someone does an expansive message to express 200+ outside beneficiary where they have a connection, express 700k. Affects on interior network, network perusing, remote users utilizing TS, and so on and need to take a few to get back some composure on it so any assistance much treasured.
Re: Service Policy rule setup on 5510 for SMTP traffic
I did a global command, which I guess will show everything
Result of the command: "show service-policy"
Code:
Global policy:
Service-policy: asa_global_fw_policy
Class-map: inspection_default
Inspect: ftp, packet 309763, drop 0, reset-drop 0
Interface outside:
Service-policy: outside-policy1
Class-map: outside-class1
Input police Interface outside:
cir 1024000 bps, bc 1500 bytes
conformed 0 packets, 0 bytes; actions: transmit
exceeded 0 packets, 0 bytes; actions: drop
conformed 0 bps, exceed 0 bps…….