Difference between revisions of "Zone-based firewall Cisco IOS"
From Teknologisk videncenter
m |
m (→artikler) |
||
| Line 3: | Line 3: | ||
=artikler= | =artikler= | ||
*[[Netband Project - Zone based Firewall(ZFW)]] | *[[Netband Project - Zone based Firewall(ZFW)]] | ||
| + | =Transparant Zone-based firewall= | ||
| + | A transparant Zone-based firewall can be constructed using a [[Bridge-group cisco IOS|bridge-group]] between two interfaces. The following example allows full IP layer 2 transparant connectivity from zone SEC to zone PUB. | ||
| + | <source lang=ci> | ||
| + | vlan 10 | ||
| + | name Public | ||
| + | vlan 20 | ||
| + | name Secure | ||
| + | ! | ||
| + | bridge irb | ||
| + | ! | ||
| + | zone security SEC | ||
| + | zone security PUB | ||
| + | ! | ||
| + | int vlan 10 | ||
| + | description Connected to public network | ||
| + | brigde-group 10 | ||
| + | zone-member security PUB | ||
| + | ! | ||
| + | int vlan 20 | ||
| + | description Connected to secure network | ||
| + | brigde-group 10 | ||
| + | zone-member security SEC | ||
| + | ! | ||
| + | bridge 10 protocol ieee | ||
| + | ! | ||
| + | class-map type inspect match-any ALL-CMI | ||
| + | match access-group 10 | ||
| + | ! | ||
| + | policy-map type inspect ALL-PMI | ||
| + | class type inspect ALL-CMI | ||
| + | inspect | ||
| + | class class-default | ||
| + | drop | ||
| + | ! | ||
| + | access-list 10 permit any | ||
| + | </source> | ||
=links= | =links= | ||
Revision as of 12:53, 22 June 2014
Materialer
- Zone-based firewall (Power point præsentation)
artikler
Transparant Zone-based firewall
A transparant Zone-based firewall can be constructed using a bridge-group between two interfaces. The following example allows full IP layer 2 transparant connectivity from zone SEC to zone PUB.
vlan 10
name Public
vlan 20
name Secure
!
bridge irb
!
zone security SEC
zone security PUB
!
int vlan 10
description Connected to public network
brigde-group 10
zone-member security PUB
!
int vlan 20
description Connected to secure network
brigde-group 10
zone-member security SEC
!
bridge 10 protocol ieee
!
class-map type inspect match-any ALL-CMI
match access-group 10
!
policy-map type inspect ALL-PMI
class type inspect ALL-CMI
inspect
class class-default
drop
!
access-list 10 permit any