Zone based firewall
In ZBF if we want to inspect smtp and drop a email from specific email id [email protected] and who is sending large file 10MB.
I think we can do this:
class-map type inspect match-all smtp
match protocol smtp
class-map type inspect smtp match-any largemail
match data-length gt 10000000
policy-map type inspect smtp dropl
class type inspect smtp largemail
Question is how we can add email block as mention above in addition with above config, if we use regex how we can bind it with classmap/policy map?