Difference between revisions of "Netband Project - Zone based Firewall(ZFW)"

From Teknologisk videncenter
Jump to: navigation, search
(=HTTP Aplication inspection)
Line 23: Line 23:
 
   service-policy http uri_check_pm
 
   service-policy http uri_check_pm
 
</pre>
 
</pre>
 +
 +
==Branch router with DMZ==
  
 
==External links==
 
==External links==

Revision as of 10:58, 27 April 2009

<accesscontrol>NetBand</accesscontrol> This page is part of the Netband Project

HTTP Aplication inspection

parameter-map type regex uri_regex_cm
 pattern ..*cmd.exe.
 pattern ..*sex.
 pattern ..*gambling.
!
class-map type inspect http match-all uri_check_cm
 match  request uri regex uri_regex_cm
!
class-map type inspect match-any INSIDE-OUT-HTTP
 match protocol http
!
policy-map type inspect http uri_check_pm
 class type inspect http uri_check_cm
  reset
 class class-default
!
policy-map type inspect INSIDE-OUT-PMAP
  class type inspect INSIDE-OUT-HTTP
  inspect
  service-policy http uri_check_pm

Branch router with DMZ

External links

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml
http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_zone_polcy_firew.html