Information
Enables the inspection of an application that is not in the default global policy application inspection
Rationale:
By default, the ASA configuration includes a policy that matches all default application inspection traffic and applies certain inspections to the traffic on all interfaces (global policy). Not all inspections are enabled by default. The default policy can be edited in order to enable inspection for a specific application that is not by default included in it.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Run the following to enable the inspection of the protocol:
HOSTNAME(CONFIG)# POLICY-MAP GLOBAL_POLICY
HOSTNAME(CONFIG-PMAP)# CLASS INSPECTION_DEFAULT
HOSTNAME(CONFIG-PMAP-C)# INSPECT _<protocol_name>_
HOSTNAME(CONFIG-PMAP-C)# EXIT
HOSTNAME(CONFIG-PMAP)# EXIT
HOSTNAME(CONFIG)#SERVICE-POLICY GLOBAL_POLICY GLOBAL