cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

709
Views
0
Helpful
2
Replies
babiojd01
Beginner

difference between class class-default sfr and custom match ip any any class

I do not think this is a difference between using the default class class-map and creating an acl matching ip any any.

Can someone correct me because all FP documentation says create class-map sfr. 

policy-map global_policy

class class-default

sfr fail-open

vs

class-map sfr

match ip any any

policy-map global_policy

class sfr

sfr fail-open

1 ACCEPTED SOLUTION

Accepted Solutions
Aastha Bhardwaj
Cisco Employee

Hi ,

By default :


class-map class-default
match any

So its one and the same thing , all documents show class sfr because its easy to track and you can modify and create access-lists accordingly .

Regards,

Aastha Bhardwaj

Rate if that helps!!!

View solution in original post

2 REPLIES 2
Aastha Bhardwaj
Cisco Employee

Hi ,

By default :


class-map class-default
match any

So its one and the same thing , all documents show class sfr because its easy to track and you can modify and create access-lists accordingly .

Regards,

Aastha Bhardwaj

Rate if that helps!!!

View solution in original post

I thought so. I imagine the access list version is useful when you want to bypass something completely from going to inspection. With the addition of pre-filters policy in FPM 6.1 i imagine you don't even need to do it that way unless its super latency sensitive.

Content for Community-Ad

This widget could not be displayed.