Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1067
Views
0
Helpful
4
Replies

ZBFW Default Inspection Specification

Go to solution
williampa1980
Level 1
Level 1

‎05-07-2011 12:17 PM - edited ‎03-11-2019 01:30 PM

This may be a newbie question but I've been going at it for a few days now.  I can't find any specific information on the implementation of packet inspection in a zone based policy firewall.  In other words, is there a specification or even just a set of values that define the default inspection parameters for all protocols?  With DPI I can manage 'some' of the inspection capabilities but I have some fairly rigorous and specific requirements to meet and I need to validate that the IOS ZBFW will meet those requirements.  Specifically, I'm interested in HTTP, DNS, and ICMP but all other protocols would be useful as well.

I'm working with basic routers; 871's, 2811's, 1841's, etc.  The IOS in use in most cases is adventerprisek9-mz.151-3.T.

Any assistance will be greatly appreciated.

Regards,

Will

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jitendra Siyag
Level 1
Level 1
In response to williampa1980

‎05-09-2011 03:47 AM

i hv downloaded and attached the chapter.

and speaking of default config, when you create zones and assign interfaces. then only hte traffic that you matched in the class map will be permitted/dropped (based on action selected). rest all traffic will be dropped by default. as it automatically creates a class named class-default which matches all the other traffic.

you can configure advanced inspection for the protocols using the protocol specific class maps. like http header length check, contect type, request method, url, port misuse etc.

View solution in original post

Preview file
818 KB
0 Helpful
4 Replies 4

Go to solution
Jitendra Siyag
Level 1
Level 1

‎05-09-2011 12:10 AM

Hi Will,

plz find below the link for ZBF implementation for HTTP and various protocols. it has some config examples also.

http://www.cisco.com/en/US/partner/docs/ios/sec_data_plane/configuration/guide/sec_zone_polcy_firew_ps10592_TSD_Products_Configuration_Guide_Chapter.html#wp1122809

hope this helps.

0 Helpful

Go to solution
williampa1980
Level 1
Level 1
In response to Jitendra Siyag

‎05-09-2011 03:16 AM

Thanks, but it appears that either I don't have permission to view the link or the link is invalid.  I've read throught most of the implementation guides out there and all is well so far.  I just need to know what's going on under the hood by default.

0 Helpful

Go to solution
Jitendra Siyag
Level 1
Level 1
In response to williampa1980

‎05-09-2011 03:47 AM

i hv downloaded and attached the chapter.

and speaking of default config, when you create zones and assign interfaces. then only hte traffic that you matched in the class map will be permitted/dropped (based on action selected). rest all traffic will be dropped by default. as it automatically creates a class named class-default which matches all the other traffic.

you can configure advanced inspection for the protocols using the protocol specific class maps. like http header length check, contect type, request method, url, port misuse etc.

Preview file
818 KB
0 Helpful

Go to solution
williampa1980
Level 1
Level 1
In response to Jitendra Siyag

‎05-09-2011 05:36 AM

I'm not sure why I couldn't get to this on my own but thank you very much.  This provides a bit more detailed information which will certainly help me out.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card