Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
664
Views
0
Helpful
0
Replies

ZBF - Inspection with AVC

Daniel Stefani
Level 1
Level 1

‎10-26-2018 01:41 PM - edited ‎02-21-2020 08:24 AM

Hello, 

 

I would like to know more details about ZBF Inspections using "policy-map type inspect avc" option in IOS XE 16.9.1

This means that ZBF can inspect nbar applications , such as dropbox or ms-office365.

What kind of inspections are performed

 

Here one Snippet of code:

 

class-map match-any AVC-CLASS
match protocol ms-office-365
match protocol skype
match protocol youtube
match protocol dropbox
!
policy-map type inspect avc AVC-POLICY
class AVC-CLASS
allow
class class-default
deny
!
class-map type inspect match-any INSIDE_TO_OUTSIDE_CLASS
match protocol http
match protocol https
match protocol tcp
match protocol udp
!
policy-map type inspect INSIDE_TO_OUTSIDE_POLICY
class type inspect INSIDE_TO_OUTSIDE_CLASS
inspect
service-policy avc AVC-POLICY
class class-default
drop log

 

Best Regards,

Daniel Stefani

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card