Zone-based firewall Cisco IOS

From Teknologisk videncenter
Jump to: navigation, search

Materialer

artikler

Transparant Zone-based firewall

A transparent Zone-based firewall can be constructed using a bridge-group between two interfaces. The following example allows full IP layer 2 transparant connectivity from zone SEC to zone PUB. 

vlan 10
 name Public
vlan 20
 name Secure
!
bridge irb
!
zone security SEC
zone security PUB
!
zone-pair security ALL source SEC destination PUB
 service-policy type inspect ALL-PMI
!
int vlan 10
 description Connected to public network
 brigde-group 10
 zone-member security PUB
!
int vlan 20
 description Connected to secure network
 brigde-group 10
 zone-member security SEC
! 
bridge 10 protocol ieee
!
class-map type inspect match-any ALL-CMI
 match access-group 10
!
policy-map type inspect ALL-PMI
 class type inspect ALL-CMI
  inspect
 class class-default
  drop
!
access-list 10 permit any

links

Retrieved from "http://mars.merhot.dk/w/index.php?title=Zone-based_firewall_Cisco_IOS&oldid=27762"