cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
713
Views
0
Helpful
3
Replies

Zone based firewall question

allanc16
Level 1
Level 1

Hello... here is the question...

Based on the following configuration which option is correct?

class-map type inspect match-all myprotocols

match protocol http

match protocol dns

policy-map type inspect myfwpolicy

class type inspect myprotocols

inspect

zone security private

zone security public

int fa0/0

zone-member security private

int fa0/1

zone-member security public

zone-pair security priv-to-pub source private destination public

service-policy type inspect myfwpolicy

What will result from this config?

a) all traffic from the private zone to the public zone will be dropped

b)all traffic from the private zone to the public zone will be permitted but not inspected

c)all traffic from the private zone to the public zone will be permitted and inspected

d)all traffic from the public zone to the private zone will be permitted but not inspected

e) only HTTP and DNS traffic from the private zone to the public zone will be permitted and inspected

f)only HTTP and DNS traffic from the public zone to the private zone will be permitted and inspected

The test says that the correct answer is A but I say is E.

which one is right?

Thanks

3 Replies 3

Alex Yeung
Cisco Employee
Cisco Employee

E is the correct answer.

Alex Yeung

I knew it !!! Thanks a lot!!

I have the SNRS exam today so I want to clear that out.. :)

Hi Allan,

the correct answer is A, because your class-map is defined with "match-all" statemant witch says that the traffic must match both rules. In your case the traffic must be http and dns at the same time witch is impossible. To correct this you have to do:

class-map type inspect match-any my protocols

match protocol http

match protocol dns

Now the correct answer will be "E"

Best Regards

Tihomir Yosifov

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: