cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
314
Views
0
Helpful
1
Replies

IOS zone-based firewall without protocol inspection

r.spiandorello
Level 1
Level 1

Hi, I defined about 20 zone-pair between 10 zone/vlan in a 2800 router.

Zone-based firewall runs very well but I'd like to avoid specific protocol inspection (now it inspects evry protocols) and to realize a simple L4 firewall, based on the class access-lists.

How to ?

thanks

1 Reply 1

sadsiddi
Level 1
Level 1

You can combine the match access-group filter with Layer 4 specific filters like "match protocol tcp/udp/icmp" for Layer4 only inspection.For non-transport protocol like GRE, you need to have a "match access-list" with pass action.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: