IOS zone-based firewall without protocol inspection

Unanswered Question
Aug 3rd, 2009
User Badges:

Hi, I defined about 20 zone-pair between 10 zone/vlan in a 2800 router.

Zone-based firewall runs very well but I'd like to avoid specific protocol inspection (now it inspects evry protocols) and to realize a simple L4 firewall, based on the class access-lists.

How to ?

thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sadsiddi Mon, 08/03/2009 - 21:08
User Badges:

You can combine the match access-group filter with Layer 4 specific filters like "match protocol tcp/udp/icmp" for Layer4 only inspection.For non-transport protocol like GRE, you need to have a "match access-list" with pass action.

Actions

This Discussion