I would like to know more details about ZBF Inspections using "policy-map type inspect avc" option in IOS XE 16.9.1
This means that ZBF can inspect nbar applications , such as dropbox or ms-office365.
What kind of inspections are performed
Here one Snippet of code:
class-map match-any AVC-CLASS match protocol ms-office-365 match protocol skype match protocol youtube match protocol dropbox ! policy-map type inspect avc AVC-POLICY class AVC-CLASS allow class class-default deny ! class-map type inspect match-any INSIDE_TO_OUTSIDE_CLASS match protocol http match protocol https match protocol tcp match protocol udp ! policy-map type inspect INSIDE_TO_OUTSIDE_POLICY class type inspect INSIDE_TO_OUTSIDE_CLASS inspect service-policy avc AVC-POLICY class class-default drop log
Radius server configuration for 802.1XServer radius test1Address ipv4 10.1.1.1Key 1234!Server radius test2Address ipv4 10.1.1.2Key 1234!aaa group server radius TEST-grserver name test1server name test2!aaa authentication dot1x default group TEST-graaa aut...
One of the biggest concept in VPN Technologies is NAT Traversal, like NAT Traversal in VOIP deployment with SIP Protocol, the history is always inside the payload to solve the Incompatibility between NAT and IPSEC like the Incompatibility between SIP prot...
"What is this 'Orbital Query Corner' thing", you ask? It's the name of an occasional series of articles, each discussing one particular point or use case for the Orbital advanced search feature that is available in Cisco Secure Endpoint starting at ...
0. The Issue
On 20 July 2021, Microsoft issued an alert for CVE-2021-36934 "Windows Elevation of Privilege Vulnerability".  The problem in this case is an overly permissive Access Control List (ACL) applied to system files, including the Se...