Hello,
I would like to know more details about ZBF Inspections using "policy-map type inspect avc" option in IOS XE 16.9.1
This means that ZBF can inspect nbar applications , such as dropbox or ms-office365.
What kind of inspections are performed
Here one Snippet of code:
class-map match-any AVC-CLASS
match protocol ms-office-365
match protocol skype
match protocol youtube
match protocol dropbox
!
policy-map type inspect avc AVC-POLICY
class AVC-CLASS
allow
class class-default
deny
!
class-map type inspect match-any INSIDE_TO_OUTSIDE_CLASS
match protocol http
match protocol https
match protocol tcp
match protocol udp
!
policy-map type inspect INSIDE_TO_OUTSIDE_POLICY
class type inspect INSIDE_TO_OUTSIDE_CLASS
inspect
service-policy avc AVC-POLICY
class class-default
drop log
Best Regards,
Daniel Stefani