02-13-2019 11:00 PM - edited 02-21-2020 08:48 AM
If I want to configure ZBFW to inspect everything, I need to
ip access-list extended everything
permit ip any any
class-map type inspect match-any everything
match access-group name everything
policy-map type inspect MYPMAP
class type inspect everything
inspect
Because class-default does not have option for inspect. That seems like a lot of config. Is there an easier way? Or am I getting it wrong?
Solved! Go to Solution.
02-13-2019 11:24 PM
Hi,
There is no easier way. You have to create your access list, class-map and policy map. Have a look at the following doc;
https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html
Thanks
John
02-13-2019 11:20 PM
02-13-2019 11:24 PM
Hi,
There is no easier way. You have to create your access list, class-map and policy map. Have a look at the following doc;
https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html
Thanks
John
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: