Zone based firewall from Maarten Vervoorn on 2010-06-23 (Ccielab archives 06/2010)

From: Maarten Vervoorn <mr.vervoorn_at_gmail.com>
Date: Wed, 23 Jun 2010 14:12:22 +0200

Hi,

A question regarding zone based firewall.
When you are questioned to inspect FTP traffic to a specific
destination will both anwsers below give you the points?

1:
ip access-list ext FTP
permit tcp any host 172.16.1.1 eq ftp
permit tcp any host 172.16.1.1 eq ftp-data
!
class-map type inspect FTP
match access-group name FTP
!
policy-map ty inspect INT-EXT
class FTP
inspect
--------------------------------------------------
2:
ip access-list ext R1
permit ip any host 172.16.1.1
!
class-map type inspect match-all FTP
match protocol ftp
match access-group name R1
!
policy-map ty inspect INT-EXT
class FTP
inspect
--------------------------------------------------

Kind regards,

Maarten

Blogs and organic groups at http://www.ccie.net
Received on Wed Jun 23 2010 - 14:12:22 ART

This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 09:11:38 ART