Difference between revisions of "Zone-based firewall Cisco IOS"
From Teknologisk videncenter
m (→Transparant Zone-based firewall) |
m |
||
| Line 4: | Line 4: | ||
*[[Netband Project - Zone based Firewall(ZFW)]] | *[[Netband Project - Zone based Firewall(ZFW)]] | ||
=Transparant Zone-based firewall= | =Transparant Zone-based firewall= | ||
| − | A | + | A transparent Zone-based firewall can be constructed using a [[Bridge-group cisco IOS|bridge-group]] between two interfaces. The following example allows full IP layer 2 transparant connectivity from zone SEC to zone PUB. |
<source lang=cli> | <source lang=cli> | ||
vlan 10 | vlan 10 | ||
Revision as of 14:29, 22 June 2014
Materialer
- Zone-based firewall (Power point præsentation)
artikler
Transparant Zone-based firewall
A transparent Zone-based firewall can be constructed using a bridge-group between two interfaces. The following example allows full IP layer 2 transparant connectivity from zone SEC to zone PUB.
vlan 10
name Public
vlan 20
name Secure
!
bridge irb
!
zone security SEC
zone security PUB
!
zone-pair security ALL source SEC destination PUB
service-policy type inspect ALL-PMI
!
int vlan 10
description Connected to public network
brigde-group 10
zone-member security PUB
!
int vlan 20
description Connected to secure network
brigde-group 10
zone-member security SEC
!
bridge 10 protocol ieee
!
class-map type inspect match-any ALL-CMI
match access-group 10
!
policy-map type inspect ALL-PMI
class type inspect ALL-CMI
inspect
class class-default
drop
!
access-list 10 permit any