cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

716
Views
0
Helpful
4
Replies
williampa1980
Beginner

ZBFW Default Inspection Specification

This may be a newbie question but I've been going at it for a few days now.  I can't find any specific information on the implementation of packet inspection in a zone based policy firewall.  In other words, is there a specification or even just a set of values that define the default inspection parameters for all protocols?  With DPI I can manage 'some' of the inspection capabilities but I have some fairly rigorous and specific requirements to meet and I need to validate that the IOS ZBFW will meet those requirements.  Specifically, I'm interested in HTTP, DNS, and ICMP but all other protocols would be useful as well.

I'm working with basic routers; 871's, 2811's, 1841's, etc.  The IOS in use in most cases is adventerprisek9-mz.151-3.T.

Any assistance will be greatly appreciated.

Regards,

Will

1 ACCEPTED SOLUTION

Accepted Solutions

i hv downloaded and attached the chapter.

and speaking of default config, when you create zones and assign interfaces. then only hte traffic that you matched in the class map will be permitted/dropped (based on action selected). rest all traffic will be dropped by default. as it automatically creates a class named class-default which matches all the other traffic.

you can configure advanced inspection for the protocols using the protocol specific class maps. like http header length check, contect type, request method, url, port misuse etc.

View solution in original post

4 REPLIES 4
Jitendra Siyag
Beginner

Hi Will,

plz find below the link for ZBF implementation for HTTP and various protocols. it has some config examples also.

http://www.cisco.com/en/US/partner/docs/ios/sec_data_plane/configuration/guide/sec_zone_polcy_firew_ps10592_TSD_Products_Configuration_Guide_Chapter.html#wp1122809

hope this helps.

Thanks, but it appears that either I don't have permission to view the link or the link is invalid.  I've read throught most of the implementation guides out there and all is well so far.  I just need to know what's going on under the hood by default.

i hv downloaded and attached the chapter.

and speaking of default config, when you create zones and assign interfaces. then only hte traffic that you matched in the class map will be permitted/dropped (based on action selected). rest all traffic will be dropped by default. as it automatically creates a class named class-default which matches all the other traffic.

you can configure advanced inspection for the protocols using the protocol specific class maps. like http header length check, contect type, request method, url, port misuse etc.

View solution in original post

I'm not sure why I couldn't get to this on my own but thank you very much.  This provides a bit more detailed information which will certainly help me out.

Content for Community-Ad

This widget could not be displayed.