07-16-2019 05:31 PM - edited 07-16-2019 05:32 PM
When configuring ZBFW, I have configs like this:
policy-map type inspect MYPMAP class type inspect everything inspect
If I configure a bypass rule, it will be appended in the end, after everything but before class-default. Is there a way to add a classification before an existing class without removing existing classification rule?
07-16-2019 09:16 PM
07-16-2019 09:24 PM
There is a problem though. Removing inspect rules could have the effect of locking myself out. I will need to apply the commands in a file and use the copy to running-config method. Also, it will also mean that system is not protected the way it was meant to. I am surprised that there is no way to insert consider even ACL has line numbers now.
07-17-2019 01:58 AM
07-17-2019 09:41 AM
@Mohammed al Baqari wrote:
You can create a bypass rule for mgmt access. this can be at the bottom.
usually mgmt access isn't inspected.
How does that work? I thought ZBFW enforcement orders are always top to bottom.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: