cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


226
Views
0
Helpful
0
Replies
Highlighted
Beginner

ZBF - Inspection with AVC

Hello, 

 

I would like to know more details about ZBF Inspections using "policy-map type inspect avc" option in IOS XE 16.9.1

This means that ZBF can inspect nbar applications , such as dropbox or ms-office365.

What kind of inspections are performed

 

Here one Snippet of code:

 

class-map match-any AVC-CLASS
match protocol ms-office-365
match protocol skype
match protocol youtube
match protocol dropbox
!
policy-map type inspect avc AVC-POLICY
class AVC-CLASS
allow
class class-default
deny
!
class-map type inspect match-any INSIDE_TO_OUTSIDE_CLASS
match protocol http
match protocol https
match protocol tcp
match protocol udp
!
policy-map type inspect INSIDE_TO_OUTSIDE_POLICY
class type inspect INSIDE_TO_OUTSIDE_CLASS
inspect
service-policy avc AVC-POLICY
class class-default
drop log

 

Best Regards,

Daniel Stefani

Everyone's tags (7)