Modular Policy Framework Overview
Today, more and more corporations are becoming active on the Internet, resulting in an everincreasing
need for a more granular means to configure network security policies. Therefore,
a security administrator needs to manipulate and control the flow of traffic in pieces and with
more flexibility. Rate limiting and prioritizing voice traffic, and deep packet inspecting of
untrusted traffic flows, are just some of the responsibilities of today’s security administrator.
With Security Appliance software version 7.0, this functionality has been enabled through
Modular Policy Framework (MPF). An MPF gives the security administrator the tools to
segment traffic flows into traffic classes and to assign one or more actions to each traffic class.
Traditional policy maps only allowed actions to be assigned to the total traffic flow on the
Security Appliance, whereas with an MPF, HTTP traffic can have a policy separate from
H.323 or ICMP.