cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
519
Views
5
Helpful
2
Replies

Is there a simpler way for ZBFW to inspect everything?

pingduck
Level 1
Level 1

If I want to configure ZBFW to inspect everything, I need to

 

ip access-list extended everything

permit ip any any

class-map type inspect match-any everything

match access-group name everything

policy-map type inspect MYPMAP

class type inspect everything

  inspect

 

Because class-default does not have option for inspect. That seems like a lot of config. Is there an easier way? Or am I getting it wrong?

1 Accepted Solution

Accepted Solutions

johnd2310
Level 8
Level 8

Hi,

There is no easier way. You have to create your access list, class-map and policy map. Have a look at the following doc;

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html

 

Thanks

John

**Please rate posts you find helpful**

View solution in original post

2 Replies 2

Nope, you are doing it the right way. The minimum is class-map and
policy-map. Under class-map you can use match any or config an access-list
as you did.

johnd2310
Level 8
Level 8

Hi,

There is no easier way. You have to create your access list, class-map and policy map. Have a look at the following doc;

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html

 

Thanks

John

**Please rate posts you find helpful**
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: