RE: ZONE-BASED-FIREWALL from Mohammad Mousa on 2012-10-03 (Ccielab archives 10/2012)

From: Mohammad Mousa <mohd-mousa_at_hotmail.com>
Date: Wed, 3 Oct 2012 15:31:17 +0000

Hello All, Sorry, My time for the rack-session just finished, I think Sadiq is right because I just read about the inspect key word that create the state information table, but unfortunately I haven't time to test it. My configuration looks like this : zone security x
zone security yclass-map type inspect match-all ICMP
match protocol icmp
class type inspect ICMP
pass
class class-default
passpolicy-map type inspect POLICY
class type inspect ICMP
pass
class class-default
passzone-pair security Y-X source y destination x
service-policy type inspect POLICY -Interface facing R5 is in X zone. Thanks guys for the support, Jay both exams yours and mine are coming shortly. My exam will be on OCT-14 :-)))
> CC: ccielab_at_groupstudy.com
> From: marco207p_at_gmail.com
> Subject: Re: ZONE-BASED-FIREWALL
> Date: Wed, 3 Oct 2012 10:06:16 -0500
> To: mohd-mousa_at_hotmail.com
>
> Mousa, post your config for the ZBFW
>
> Regards,
> Joe Sanchez
>
> ( please excuse the brevity of this email as it was sent via a mobile device. Please excuse misspelled words or sentence structure.)
>
> On Oct 3, 2012, at 9:54 AM, Mohammad Mousa <mohd-mousa_at_hotmail.com> wrote:
>
> > Hi Guys, I have a question about ZBF, as far as I know that the ZBF is taking the concept from the CBAC by permiting all the traffic that initiated from inside to the outside and permit the return traffic.I defined the policy-map to pass the ICMP and class-default as well. R1------R2----R5 (Router2) have four interfaces, one of them is in Zone X (interface facing R5) and the others in zone Y. When I pinged from R1-R5, I saw the output of the ICMP debuging and the packets reached R5, but the traffice didn't come back to R1. When I put the zone-pair both direction, it worked fine! please advice me, correct me if I'm wrong !Thank you all.
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Oct 03 2012 - 15:31:17 ART

This archive was generated by hypermail 2.2.0 : Thu Nov 01 2012 - 10:53:33 ART