02-13-2019 11:00 PM - edited 02-21-2020 08:48 AM
If I want to configure ZBFW to inspect everything, I need to
ip access-list extended everything
permit ip any any
class-map type inspect match-any everything
match access-group name everything
policy-map type inspect MYPMAP
class type inspect everything
inspect
Because class-default does not have option for inspect. That seems like a lot of config. Is there an easier way? Or am I getting it wrong?
Solved! Go to Solution.
02-13-2019 11:24 PM
Hi,
There is no easier way. You have to create your access list, class-map and policy map. Have a look at the following doc;
https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html
Thanks
John
02-13-2019 11:20 PM
02-13-2019 11:24 PM
Hi,
There is no easier way. You have to create your access list, class-map and policy map. Have a look at the following doc;
https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html
Thanks
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide