07-16-2019 05:31 PM - edited 07-16-2019 05:32 PM
When configuring ZBFW, I have configs like this:
policy-map type inspect MYPMAP class type inspect everything inspect
If I configure a bypass rule, it will be appended in the end, after everything but before class-default. Is there a way to add a classification before an existing class without removing existing classification rule?
07-16-2019 09:16 PM
07-16-2019 09:24 PM
There is a problem though. Removing inspect rules could have the effect of locking myself out. I will need to apply the commands in a file and use the copy to running-config method. Also, it will also mean that system is not protected the way it was meant to. I am surprised that there is no way to insert consider even ACL has line numbers now.
07-17-2019 01:58 AM
07-17-2019 09:41 AM
@Mohammed al Baqari wrote:
You can create a bypass rule for mgmt access. this can be at the bottom.
usually mgmt access isn't inspected.
How does that work? I thought ZBFW enforcement orders are always top to bottom.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide