05-07-2011 12:17 PM - edited 03-11-2019 01:30 PM
This may be a newbie question but I've been going at it for a few days now. I can't find any specific information on the implementation of packet inspection in a zone based policy firewall. In other words, is there a specification or even just a set of values that define the default inspection parameters for all protocols? With DPI I can manage 'some' of the inspection capabilities but I have some fairly rigorous and specific requirements to meet and I need to validate that the IOS ZBFW will meet those requirements. Specifically, I'm interested in HTTP, DNS, and ICMP but all other protocols would be useful as well.
I'm working with basic routers; 871's, 2811's, 1841's, etc. The IOS in use in most cases is adventerprisek9-mz.151-3.T.
Any assistance will be greatly appreciated.
Regards,
Will
Solved! Go to Solution.
05-09-2011 03:47 AM
i hv downloaded and attached the chapter.
and speaking of default config, when you create zones and assign interfaces. then only hte traffic that you matched in the class map will be permitted/dropped (based on action selected). rest all traffic will be dropped by default. as it automatically creates a class named class-default which matches all the other traffic.
you can configure advanced inspection for the protocols using the protocol specific class maps. like http header length check, contect type, request method, url, port misuse etc.
05-09-2011 12:10 AM
Hi Will,
plz find below the link for ZBF implementation for HTTP and various protocols. it has some config examples also.
hope this helps.
05-09-2011 03:16 AM
Thanks, but it appears that either I don't have permission to view the link or the link is invalid. I've read throught most of the implementation guides out there and all is well so far. I just need to know what's going on under the hood by default.
05-09-2011 03:47 AM
i hv downloaded and attached the chapter.
and speaking of default config, when you create zones and assign interfaces. then only hte traffic that you matched in the class map will be permitted/dropped (based on action selected). rest all traffic will be dropped by default. as it automatically creates a class named class-default which matches all the other traffic.
you can configure advanced inspection for the protocols using the protocol specific class maps. like http header length check, contect type, request method, url, port misuse etc.
05-09-2011 05:36 AM
I'm not sure why I couldn't get to this on my own but thank you very much. This provides a bit more detailed information which will certainly help me out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide