Zoned-Based policy FW
2017-01-19 15:49
405 查看
Inside----(f0/0)IOSFW(f1/0)-----Outsite
Zoned-Based policy FW
zone security Outside
zone security Inside
inteface fastethernet 0/0
ip address 10.1.1.10 255.255.255.0
zone-member security Inside
interface fastethernet 1/0
ip address 202.100.1.10 255.255.255.0
zone-member security Oustside
class-map type inspect match-any Inside-to-Outside.Class
match protocol http
match protocol smtp
match protocol ftp
match protocol telnet
match protocol icmp
ip access-list extended Internet-to-Inside.Web.Traffic
permit ip any host 10.1.1.100
class-map type inspect match-all Outside-to-Inside.Class
match protocol http
match access-group name Internet-to-Inside.Web.Traffic
parameter-map type inspect Inside-to-Outside.Pa
max-incomplete low 800
max-incomplete high 1000
tcp synwait-time 15
parameter-map type inspect Outside-to-Inside.Pa
max-incomplete low 80
max-incomplete high 100
policy-map type inspect Inside-to-Outside.Policy
class type inspect Inside-to-Outside.Class
inspect Inside-to-Outside.Pa
policy-map type inspect Outside-to-Inside.Policy
class type inspect Outside-to-Inside.Class
inspect Outside-to-Inside.Pa
zone-pair security Inside-to-Outside.ZonePairs source Inside destination Outside
service-policy type inspect Inside-to-Outside.Policy
zone-pair security Outside-to-Inside.ZonePairs source Outside destination Inside
service-policy type inspect Outside-to-Inside.Policy
show zone security
show zone-pair security
show class-map type inspect
show parameter-map type inspect
show policy-map type inspect
show policy-map type inspect zone-pair sessions
Zoned-Based policy FW
zone security Outside
zone security Inside
inteface fastethernet 0/0
ip address 10.1.1.10 255.255.255.0
zone-member security Inside
interface fastethernet 1/0
ip address 202.100.1.10 255.255.255.0
zone-member security Oustside
class-map type inspect match-any Inside-to-Outside.Class
match protocol http
match protocol smtp
match protocol ftp
match protocol telnet
match protocol icmp
ip access-list extended Internet-to-Inside.Web.Traffic
permit ip any host 10.1.1.100
class-map type inspect match-all Outside-to-Inside.Class
match protocol http
match access-group name Internet-to-Inside.Web.Traffic
parameter-map type inspect Inside-to-Outside.Pa
max-incomplete low 800
max-incomplete high 1000
tcp synwait-time 15
parameter-map type inspect Outside-to-Inside.Pa
max-incomplete low 80
max-incomplete high 100
policy-map type inspect Inside-to-Outside.Policy
class type inspect Inside-to-Outside.Class
inspect Inside-to-Outside.Pa
policy-map type inspect Outside-to-Inside.Policy
class type inspect Outside-to-Inside.Class
inspect Outside-to-Inside.Pa
zone-pair security Inside-to-Outside.ZonePairs source Inside destination Outside
service-policy type inspect Inside-to-Outside.Policy
zone-pair security Outside-to-Inside.ZonePairs source Outside destination Inside
service-policy type inspect Outside-to-Inside.Policy
show zone security
show zone-pair security
show class-map type inspect
show parameter-map type inspect
show policy-map type inspect
show policy-map type inspect zone-pair sessions
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Cisco IOS Zoned-Based Policy Firewall
- FW:UI Components Based on Web Standards - Menu (2)
- SQL Server 2008------Policy Based Management
- Neutron Group Based Policy 印象 (by quqi99)
- Modern C++ Design 第一章 Policy-Based Class Design
- spoj ORDERSET - Order statistic set Hash+树状数组。附另一种解法,使用了policy based data structrue
- Logback (6) | SizeAndTimeBasedFNATP is deprecated. Use SizeAndTimeBasedRollingPolicy instead
- Reading Notes: Chapter 1. Policy-Based Class Design(Modern C++ Design By Andrei Alexandrescu)
- Method and system for providing security policy for linux-based security operating system
- Policy-based data structures (GNC)系列译文总序
- Logback (5) | The FileNamePattern option must be set before using TimeBasedRollingPolicy
- WRH$_ACTIVE_SESSION_HISTORY Does Not Get Purged Based Upon the Retention Policy (文档 ID 387914.1)
- WRH$_ACTIVE_SESSION_HISTORY Does Not Get Purged Based Upon the Retention Policy (文档 ID 387914.1)
- 关于Policy Based Class Design--《Modern C++ Design》读后感一
- 学习 Policy based design - 读C++设计新思维-泛型编程与设计模式的应用
- 在 OS X 中安裝 GNU GCC 以及使用 bits/stdc++.h 头文件 Policy-Based Data Structure
- Policy-Based Class Design
- logback TimeBasedRollingPolicy遇到的问题
- [GP][Modern C++ Design]Policy-Based Class Design
- Modern C++ Design 笔记 第一章 Policy-Based Class Design