Hello experts,

Please provide your valued inputs, suggestions on following FWSM configuration. Please provide your valued inputs on following points.

1)      What we are going to achieve by doing this configuration ?

2)      If any than what will be the impact on other services if this configuration is configured in live working environment ?

Step -1 :- I have created an access-list called “microhttp”.

access-list microhttp extended deny ip host 172.30.30.44 host 172.20.2.79
access-list microhttp extended deny ip host 172.30.30.45 host 172.20.2.79
access-list microhttp extended deny ip host 172.20.2.79 host 172.30.30.44
access-list microhttp extended deny ip host 172.20.2.79 host 172.30.30.45
access-list microhttp extended permit ip any any


Step -2 :- I have created a class-map called “microhttp”

class-map microhttp
match access-list microhttp


Step-3 :- In global policy-map I have called this class-map.

FWSM-CORE1(config)# policy-map global_policy
FWSM-CORE1(config-pmap)#  class microhttp

Step-4 :- In class-map microhttp, I am inspecting ‘http’ packets.

FWSM-CORE1(config-pmap-c)#inspect http


Step -5 :- I went back to the global policy-map.

FWSM-CORE1(config-pmap-c)# exit
FWSM-CORE1(config-pmap)#


Step-6 :- I went into the default class-map and I have removed the http inspection from global policy-map.

FWSM-CORE1(config-pmap)#  class inspection_default
FWSM-CORE1(config-pmap)#
FWSM-CORE1(config-pmap)# no inspect http

Thank you,

Best Regards,

Shahnawaz Khot