Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
400
Views
0
Helpful
1
Replies

IOS zone-based firewall without protocol inspection

r.spiandorello
Level 1
Level 1

‎08-03-2009 04:33 AM - edited ‎03-11-2019 09:01 AM

Hi, I defined about 20 zone-pair between 10 zone/vlan in a 2800 router.

Zone-based firewall runs very well but I'd like to avoid specific protocol inspection (now it inspects evry protocols) and to realize a simple L4 firewall, based on the class access-lists.

How to ?

thanks

Labels:
0 Helpful
1 Reply 1

sadsiddi
Level 1
Level 1

‎08-03-2009 09:08 PM

You can combine the match access-group filter with Layer 4 specific filters like "match protocol tcp/udp/icmp" for Layer4 only inspection.For non-transport protocol like GRE, you need to have a "match access-list" with pass action.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card