Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

zone based firewall: select multiple zones as source zones

Hello,

I have 4 security zones defined on my 2611XM - 12.4.15T8 router. The customer defined its security policy as a destination policy to all 4 zones, eg

from 10 hosts/networks to zone1

from 20 hosts/networks to zone2, etc,

where the hosts/networks are located on all different zones.

Unfortunately, in my zone-pair definition I cannot select multiple zones as source zone. This would reduce my zone pailr definition from 12 to 4. Does anyone know any alternative to this ?

thx Karien

4 REPLIES
Community Member

Re: zone based firewall: select multiple zones as source zones

Does your customer has 12 different policies?. As of now the number of zone-pairs cannot be less than the number of policies. Are you trying to say defining multiple zone-pairs using one zone-pair command and attaching multiple policies to that for each zone-pair?. Pardon me if i dont understand your problem.

Community Member

Re: zone based firewall: select multiple zones as source zones

I have only 4 policies, defined on destination zone level.

Problem is that I cannot select more then 1 source zone in a policy

Eg

Policy_1 defines from host_in_zone2, host_in_zone3, ... to zone 1 allow.

Policy_2 defines from host_in_zone1, host_in_zone3,... to zone 2 allow.

Any idea ?

thanks Karien

Community Member

Re: zone based firewall: select multiple zones as source zones

Hello

Solution is to create 12 zone pairs, but administration is restricted because I have only 4 policies (Policy maps)

Regards

Cisco Employee

Re: zone based firewall: select multiple zones as source zones

Can you create 12 policies?

Alex Yeung

142
Views
0
Helpful
4
Replies
CreatePlease to create content