IOS Zone-Based Firewall

Uploaded by

estanislao Mba Ndoho

0% found this document useful (0 votes)

4 views1 page

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

4 views1 page

IOS Zone-Based Firewall

Uploaded by

estanislao Mba Ndoho

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 1

Search inside document

IOS ZONE-BASED FIREWALL packetlife.

net
Terminology Inspection Class Configuration
Security Zone ! Match by protocol
A group of interfaces which share a common level of security class-map type inspect match-any ByProtocol
Zone Pair match protocol tcp
A unidirectional pairing of source and destination zones to which a match protocol udp
security policy is applied match protocol icmp

Inspection Policy ! Match by access list

An inspect-type policy map used to statefully filter traffic by ip access-list extended MyACL
matching one or more inspect-type class maps permit ip 10.0.0.0 255.255.0.0 any
!
Parameter Map class-map type inspect match-all ByAccessList
An optional configuration of protocol-specific parameters referenced match access-group name MyACL
by an inspection policy

Security Zones Parameter Map Configuration

parameter-map type inspect MyParameterMap

Trusted Internet
alert on
audit-trail off
dns-timeout 5
G0/0 G0/1 max-incomplete low 20000
MPLS WAN Internet
max-incomplete high 25000
icmp idle-time 3
tcp synwait-time 3

Guest Inspection Policy Actions

Drop Traffic is prevented from passing
Corporate Guest
Traffic is permitted to pass without
LAN G0/2.10 G0/2.20 Wireless LAN Pass
stateful inspection
Traffic is subjected to stateful
Inspect inspection; legitimate return traffic is
! Defining security zones permitted in the opposite direction
zone security Trusted
zone security Guest Inspection Policy Configuration
zone security Internet
policy-map type inspect MyInspectionPolicy
! Assigning interfaces to security zones ! Pass permitted stateless traffic
interface GigabitEthernet0/0 class VPN-Tunnel
zone-member security Trusted pass
! ! Inspect permitted stateful traffic
interface GigabitEthernet0/1 class Allowed-Traffic1
zone-member security Internet inspect
! ! Stateful inspection with a parameter map
interface GigabitEthernet0/2.10 class Allowed-Traffic2
zone-member security Trusted inspect MyParameterMap
! ! Drop and log unpermitted traffic
interface GigabitEthernet0/2.20 class class-default
zone-member security Guest drop log

Zone Pair Configuration Troubleshooting

! Service policies are applied to zone pairs show zone security

zone-pair security T2I source Trusted destination Internet show zone-pair security
service-policy type inspect Trusted2Internet
show policy-map type inspect
zone-pair security G2I source Guest destination Internet
service-policy type inspect Guest2Internet show class-map type inspect
show parameter-map type inspect
zone-pair security I2T source Internet destination Trusted
service-policy type inspect Internet2Trusted debug zone security events

by Jeremy Stretch v1.0

Clothhabit Rosy Ladyshorts
Document13 pages
Clothhabit Rosy Ladyshorts
Walter Valverde
100% (3)
Security+ Boot Camp Study Guide
From Everand
Security+ Boot Camp Study Guide
Chad Russell
Rating: 5 out of 5 stars
5/5 (1)
Visio-SNMP Cheat Sheet V1
Document1 page
Visio-SNMP Cheat Sheet V1
Walter Valverde
No ratings yet
Test - Palo Alto Networks Certified Network Security Engineer (PCNSE) : Exam Practice Questions
Document19 pages
Test - Palo Alto Networks Certified Network Security Engineer (PCNSE) : Exam Practice Questions
gurunge
No ratings yet
CISA EXAM-Testing Concept-Firewall
From Everand
CISA EXAM-Testing Concept-Firewall
Hemang Doshi
Rating: 2.5 out of 5 stars
2.5/5 (2)
Ios Z - B F: ONE Ased Irewall
Document1 page
Ios Z - B F: ONE Ased Irewall
ravi kant
No ratings yet
Ccna Sec 1.1
Document231 pages
Ccna Sec 1.1
loffy hacker
No ratings yet
ZigBee and IEEE 802.15.4
Document39 pages
ZigBee and IEEE 802.15.4
rsakm20019931
100% (2)
Configure ACI Multi-Site Deployment: Requirements
Document16 pages
Configure ACI Multi-Site Deployment: Requirements
coolboyasif
No ratings yet
Traffic PDF
Document162 pages
Traffic PDF
Senan Alkaaby
100% (4)
Ios ZB-F
Document1 page
Ios ZB-F
Jay Kannan
No ratings yet
Network Security
Document16 pages
Network Security
AronAbadilla
No ratings yet
ZBF Script
Document1 page
ZBF Script
Ayan leghari
No ratings yet
CENTRAL
Document4 pages
CENTRAL
ĐayZ
No ratings yet
Cisco CCNA Security Chapter 4 Exam
Document7 pages
Cisco CCNA Security Chapter 4 Exam
Paulina Echeverría
No ratings yet
Redes de Datos I: Class 21. Firewalls
Document53 pages
Redes de Datos I: Class 21. Firewalls
Linux0ec
No ratings yet
Zone Design Guide
Document49 pages
Zone Design Guide
nirvana_0z
No ratings yet
Zone Based Firewall Notes From Youtube Downloaded Video Part - 2
Document11 pages
Zone Based Firewall Notes From Youtube Downloaded Video Part - 2
Ahmed Fraz Mamoon
No ratings yet
03 - Zone Security, Security and NAT Policies
Document23 pages
03 - Zone Security, Security and NAT Policies
iboy.foody
No ratings yet
FW - 7
Document73 pages
FW - 7
eti
No ratings yet
CH09 CompSec3e
Document36 pages
CH09 CompSec3e
Anonymous rsGzBBiqk
No ratings yet
Mikrotik - Zone Based Firewall
Document15 pages
Mikrotik - Zone Based Firewall
jwtven
100% (1)
Raheel Shabir Ahmed S-2014 BEEE5
Document39 pages
Raheel Shabir Ahmed S-2014 BEEE5
Ahmed Hassan
No ratings yet
Configuring Security Features
Document8 pages
Configuring Security Features
edin
No ratings yet
NGX R60 Route Based VPN Deployments
Document25 pages
NGX R60 Route Based VPN Deployments
Hebert Molina
No ratings yet
Ip Inspect: Advanced - 4036.html
Document9 pages
Ip Inspect: Advanced - 4036.html
Hanane Hanane
No ratings yet
Access Control Lists: Advanced Systems Administration Course
Document21 pages
Access Control Lists: Advanced Systems Administration Course
Karthik Gunasekaran
No ratings yet
CCNA Security v2.0 Chapter 4 Exam Answers
Document7 pages
CCNA Security v2.0 Chapter 4 Exam Answers
Samb Ti
100% (1)
Hillario Zidan - 00000050745 - IF673 - A - UTS
Document4 pages
Hillario Zidan - 00000050745 - IF673 - A - UTS
Hillario Zidan
No ratings yet
A Wan Interconnects Lans Over Long Distances.
Document55 pages
A Wan Interconnects Lans Over Long Distances.
Ibrahima
No ratings yet
Telco Signalling Security Assessment
Document12 pages
Telco Signalling Security Assessment
Thái Duy Hòa
No ratings yet
Cisco CCNA Security Module 4
Document9 pages
Cisco CCNA Security Module 4
pollypol
No ratings yet
It 6300
Document34 pages
It 6300
Rich Bagui
No ratings yet
Cisco IOS Zone Based Firewall Tutorial
Document12 pages
Cisco IOS Zone Based Firewall Tutorial
useryon
No ratings yet
Cisco Checklist
Document6 pages
Cisco Checklist
Dema Permana
No ratings yet
Meet QoS PDF
Document4 pages
Meet QoS PDF
Jacob Bowser
No ratings yet
Examen Final CCNA Security V1.1
Document17 pages
Examen Final CCNA Security V1.1
Cristian Gonzalez Hosima
100% (1)
Examen Final CCNA Security V1 1
Document17 pages
Examen Final CCNA Security V1 1
Alfonso García Rodríguez
No ratings yet
Traffic Policing: Finding Feature Information
Document6 pages
Traffic Policing: Finding Feature Information
Amadou Mbaye
No ratings yet
Our Crossbow Sensor Equipment and Zigbee: Presentation by Philip Kuryloski and Sameer Pai
Document34 pages
Our Crossbow Sensor Equipment and Zigbee: Presentation by Philip Kuryloski and Sameer Pai
Yuwono Marta Dinata
No ratings yet
IpQ Product Brochure
Document17 pages
IpQ Product Brochure
iwood99
No ratings yet
Archivo: /home/roberto/Documentos/IT/ccns/tema4 Página 1 de 3
Document3 pages
Archivo: /home/roberto/Documentos/IT/ccns/tema4 Página 1 de 3
Roberto Ortega Ramiro
No ratings yet
Network Traffic Log: SR. No. Data Fields Type Description
Document4 pages
Network Traffic Log: SR. No. Data Fields Type Description
Ibrahim
No ratings yet
Permit Icmp Any Any Nd-Na Permit Icmp Any Any Nd-Ns
Document15 pages
Permit Icmp Any Any Nd-Na Permit Icmp Any Any Nd-Ns
my_queen57
No ratings yet
Firewall
Document5 pages
Firewall
Sports Science and Analytics CoE
No ratings yet
Faq Firewall
Document13 pages
Faq Firewall
Taoufic Ben Hcine
No ratings yet
Chapter 1 - Network Security Basis - 5.5R7
Document20 pages
Chapter 1 - Network Security Basis - 5.5R7
Heshitha Pushpawela
No ratings yet
BGP Flowspec Introduction and Configuration
Document14 pages
BGP Flowspec Introduction and Configuration
rs
No ratings yet
Firewall Settings
Document6 pages
Firewall Settings
gestradag-1
No ratings yet
Cuestionario NS4
Document20 pages
Cuestionario NS4
david cuenca
No ratings yet
Cuestionario Fortinet 2020 NS4 V6 - 2
Document18 pages
Cuestionario Fortinet 2020 NS4 V6 - 2
Din Cessare
No ratings yet
Sec Lawful Intercept
Document18 pages
Sec Lawful Intercept
Mossad News
No ratings yet
Configure Anyconnect Virtual Private Network (VPN) Connectivity On The Rv34X Series Router
Document13 pages
Configure Anyconnect Virtual Private Network (VPN) Connectivity On The Rv34X Series Router
The Maison Maids
No ratings yet
CISCO Security QuestionsBank Mohawk College
Document8 pages
CISCO Security QuestionsBank Mohawk College
Don D
No ratings yet
Applying Qos Policies: Cisco Security Appliance Command Line Configuration Guide Ol-6721-02
Document16 pages
Applying Qos Policies: Cisco Security Appliance Command Line Configuration Guide Ol-6721-02
dick1965
No ratings yet
Answer CCNA Security Final Exam Ingles
Document23 pages
Answer CCNA Security Final Exam Ingles
esquirla300
No ratings yet
Packetmaster - Overview Oct 2015 (Revised) PDF
Document55 pages
Packetmaster - Overview Oct 2015 (Revised) PDF
Nguyễn Thế Đạt
No ratings yet
Junos Practice SEC 1
Document8 pages
Junos Practice SEC 1
HafidHariyadhi
No ratings yet
How To Implement Transparent Subnet Gateway Using Bridge Pair
Document5 pages
How To Implement Transparent Subnet Gateway Using Bridge Pair
Anchit Kharbanda
No ratings yet
9 Week
Document37 pages
9 Week
Abdulaziz Tutor
No ratings yet
IP Telephony: Deploying VoIP Protocols and IMS Infrastructure
From Everand
IP Telephony: Deploying VoIP Protocols and IMS Infrastructure
Olivier Hersent
No ratings yet
Network Security
From Everand
Network Security
André Perez
No ratings yet
CCNA3 - Answers Chapter 2 v.4.0: Updated Daily New Updated Mar 01 2009 by Quocvuong Email
Document6 pages
CCNA3 - Answers Chapter 2 v.4.0: Updated Daily New Updated Mar 01 2009 by Quocvuong Email
Walter Valverde
No ratings yet
TCP Keep Alive 1
Document2 pages
TCP Keep Alive 1
Walter Valverde
No ratings yet
Cisco Router Command Quick Reference
Document4 pages
Cisco Router Command Quick Reference
Walter Valverde
No ratings yet
Lab Topology
Document2 pages
Lab Topology
Walter Valverde
No ratings yet
Lab Topology2
Document2 pages
Lab Topology2
Walter Valverde
No ratings yet
Frame Relay CheatSheet
Document1 page
Frame Relay CheatSheet
Walter Valverde
No ratings yet
Cisco 3750 (Site 1) Cisco 3750 (Site 2) : Gig1/0/1 Gig2/0/1 Gig1/0/1 Gig2/0/1 Etherchannel
Document1 page
Cisco 3750 (Site 1) Cisco 3750 (Site 2) : Gig1/0/1 Gig2/0/1 Gig1/0/1 Gig2/0/1 Etherchannel
Walter Valverde
No ratings yet