About florian.hanig1

florian.hanig1 · 08-27-2025

i, my Hardware:C1131X-8PLTEPWEIOS Version 17.15.3aI’m currently trying to map my classic ACLs into ZBF.That has worked fine so far, but I don’t understand the Self-Zone logic. Even if I activate the zone member to my wan interface:interface GigabitEt...

florian.hanig1 · 05-29-2025

Hi,my deployment contains C9800-CL WLAN controller and a few C9120 WLAN AP's.Now I try to switch from WPA2 to WPA3 for our ios only Clients.All devices supports it and are brand new. I configured WPA3 Only mode, PMF: requiredFT + SAE and FT Enabled (...

florian.hanig1 · 07-14-2023

Hi,I try to configure Route-Map to route Traffic to the local Internet Breakout (GigabitEthernet0/0/0).Hardware: ISR-4331iOS-Version: 17.06.05The Client IP "10.9.1.25" should have Internet access via the Route-Map...This do not work.On other old Rout...

florian.hanig1 · 09-04-2022

Hi.We have 2 of "Firepower 1120" and 1 "Firepower Management Center (FMC)", all in Version "6.6.4".We like to Upgrade to newer Release.How is the update routine?First FMC?Then the FTD ?Can I go directly to 6.6.7 and then to 7.0.4 ?...Which intermedi...

florian.hanig1 · 05-27-2022

Hello, we've CUCM and Cisco IMP on Version 11.5.1.12900-25. We are initially configure persistent chat rooms.External Database is connected on IMP with MS-SQL Server 2019.All fine there. But if I create any Rooms in Jabber Client, the room not appear...

florian.hanig1 · 08-29-2025

Found the Solution...have to pass ssh and icmp instead of inspect on both sides.Thats worked for me now.And the Match-All also works !!!

florian.hanig1 · 08-27-2025

Please read the documentation..https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html#toc-hId--728739031 Here it says exactly the way I described it.

florian.hanig1 · 08-27-2025

No, it doesnt matter..If a class-map has only one match statement, it makes no difference whether you use match-all or match-any, because there’s nothing to combine with AND/OR logic.The difference only matters when you configure multiple match state...

florian.hanig1 · 08-27-2025

I don’t think it’s because of the object-group.The rule for SSH and ICMP isn’t using an object-group anyway… And by “Match any” you mean for example:class-map type inspect match-any CM_SELF_INmatch access-group name ACL_SELF_IN ?? I thought that sinc...

florian.hanig1 · 08-27-2025

I’m sorry, but I don’t quite understand. Can you give an example of what you mean by “object Network” where I should use “subnet” instead!? And “Match-all” is correct, isn’t it?Because only 1 match is entered on 1 ACL, right?

Member Since	‎09-10-2016 10:08 AM
Date Last Visited	‎08-31-2025 01:58 PM
Posts	84
Total Helpful Votes Received	18

User Statistics

User Activity

Struggeling with Self Zone Security

Cisco 9800-CL / C9120 WPA3/FT/Flexconnect/Central-Auth

Route-Map Internet Access on ISR-4331

FMC / FTD Update Routine

Jabber Rooms not working reliably

Re: Struggeling with Self Zone Security

Re: Struggeling with Self Zone Security

Re: Struggeling with Self Zone Security

Re: Struggeling with Self Zone Security

Re: Struggeling with Self Zone Security