class-map type inspect match-any web-to-dmzServer-cmap
match access-group web-to-dmzServer-acl
policy-map type inspect web-to-dmzServer-pmap
class type inspect web-to-dmzServer-cmap
zone security dmz
description DMZ services
zone security web
zone-pair security web-to-dmz-pair source web destination dmz
zone-member security web
zone-member security dmz
show policy-map type inspect zone web
show policy-map type inspect zone dmz
show policy-map type inspect zone-pair web-to-dmz-pair
Keep in mind that inspect allows return traffic of the same flow. However if you require the DMZ servers to initiate traffic to other servers, PCs, or the internet, then this needs to be taken into account and added into the configuration. The configuration I have provided only allows for HTTP and HTTPS towards the DMZ server.
-- Please remember to rate and select a correct answer
Setting up some 3rd party devices for my Fire and Rescue trucks that will VPN back to our FPR-2110. I can blatantly see what's going on with the IKEv2 platform and protocol debugs on. It's selecting the wrong dynamic map!IKEv2-PLAT-4: (32): Cry...
On January 22, 2020, the Cisco Product Security Incident Response Team (PSIRT) disclosed a vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC). The vulnerability could allow an unauthenticated, remote attac...
Meet the Authors Event - A Cybersecurity Deep Dive with Omar Santos
(Live event – Thursday, January 23rd, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event will have place on Thursday 23rd, January 2020 at 10hrs PDT
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...