Solved: Re: protocol removal from inspection

suthomas1 · ‎11-26-2010

we see sunrpc & imap being present under inspect policy-map in a cisco zone based firewall.

Attempts to remove both these from the policy doesnt succeed. I have used following methods for removal -

RtrBr(config-pmap)#class type inspect Lan-to-internet

no service-policy sunrpc

no service-policy imap

After this, when output of policy-map type inspect for this policy is seen, both these protocols among others are still seen under inspection list.

Why does this not get removed completely by above steps. Any other recommendations to achieve it.

Also if it still remains in place, how can we view if it indeed is doing the inspection, any dropped packets or so?

TIA

Kureli Sankar · ‎11-28-2010

I believe the command is

sh policy-map type inspect zone-pair sessions

or

sh policy-map type inspect zone-pair sessions

I am just typing it you may want to question mark it and complete the command.

-KS

Kureli Sankar · ‎11-26-2010

Could you pls. copy and paste the output of

sh run | s zone

sh run policy-map

sh run class-map

To remove the inspections you should go under the policy and then under the class and issue "no inspect sunrc" and "no insect imap".

Thanks,

KS

suthomas1 · ‎11-26-2010

Thanks. I see that the no inspect has to be used under the policy for removal.I will have it used this way.

Unfortunately i dont have visibility on this device and part of this config was given by another business subsidary.

is there any command to verify that protocol inspection for rest of remaining protocols are still happening.

I recall having seen some {process switch: fast switch} packets besides each protocol, using show policy-map type inspect

what does those stand for.

Kureli Sankar · ‎11-28-2010

I believe the command is

sh policy-map type inspect zone-pair sessions

or

sh policy-map type inspect zone-pair sessions

I am just typing it you may want to question mark it and complete the command.

-KS