Hi Adil,
Forgot to mention that from IOS 12.4(20)T you have "debug policy-firewall
[detail]" command. But, as always, use it carefully with logging buffer.
HTH,
--
Piotr Matusiak
CCIE #19860 (R&S, Security), CCSI #33705
Technical Instructor
website: www.MicronicsTraining.com
blog: www.ccie1.com
�If you can't explain it simply, you don't understand it well enough� -
Albert Einstein
2011/1/3 Adil Pasha <aspasha_at_gmail.com>
> You are the best Piotr.
>
>
>
> Thank you so much.
>
>
>
> Adil.
>
>
>
> *From:* Piotr Matusiak [mailto:pitt2k_at_gmail.com]
> *Sent:* Sunday, January 02, 2011 2:23 PM
> *To:* Adil Pasha
> *Cc:* Cisco certification
> *Subject:* Re: Zone Based Firewall.
>
>
>
> sh policy-map type inspect zone-pair
>
> or "log" keyword in policy-map
>
> HTH,
> --
> Piotr Matusiak
> CCIE #19860 (R&S, Security), CCSI #33705
> Technical Instructor
> website: www.MicronicsTraining.com
> blog: www.ccie1.com
>
> �If you can't explain it simply, you don't understand it well enough� -
> Albert Einstein
>
> 2011/1/2 Adil Pasha <aspasha_at_gmail.com>
>
> Could someone please let me know what is the best command to check the logs
> of the router configured for zone based firewall?
>
>
>
> I am trying to check the traffic passing through the firewall or being
> dropped by the firewall.
>
>
>
> On ASA I use "sho log" and it is the best to troubleshoot the non-working
> rules.
>
>
>
> Thanks in advance.
>
>
>
> Adil.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Jan 03 2011 - 07:52:13 ART