Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
325
Views
0
Helpful
1
Replies

Access List to ZBF

adamgibs7
Level 6
Level 6

ā€Ž08-14-2017 07:50 AM - edited ā€Ž03-08-2019 11:44 AM

Dears,

I have a internet router configured and controlled with plenty deny and permit access-list, i am moving to the zone based firewall ,i am planning to call all the permit statement leaving the deny statement becz deny by default  will fall in class-default  which is configured to drop the packets, but i get a error as below is it will affect the traffic flow. And also confirm to me is it the correct way of migration.

%No specific protocol configured in class outbound-to-internet for inspection. All protocols will be inspected

For example as below

ip access-list extended outbound-leased-line

permit udp host X.X.X.X host 2.2.2.2 eq isakmp

permit etc etc etc

class-map type inspect outbound-to-internet

match access-group name outbound-leased-line

Policy-map type inspect outbound-inspection

class type inspect outbound-to-internet

inspect

class class-default

drop

Thanks

Labels:
0 Helpful
1 Reply 1

adamgibs7
Level 6
Level 6

ā€Ž08-14-2017 11:44 PM

Dear Experts

Suggestion please, is the correct way ??

thanks

0 Helpful
Customers Also Viewed These Support Documents