Skip to content

    Configure IOS Zone-based Firewall (ZBF)

    1. Create zones
      2. zone security INSIDE
zone security OUTSIDE
    2. Map zones to interfaces
      3. interface Serial1/0
  zone-member security OUTSIDE
!
interface GigabitEthernet0/0
  zone-member security INSIDE
!
    3. Create class-maps to classify inter-zone traffic
      4. class-map type inspect match-any SERVERS
  match protocol http
  match protocol smtp
!
    4. Create policy-maps to filter inter-zone traffic
      5. policy-map type inspect INBOUND_POLICY
  class type inspect SERVERS
    pass
!
policy-map type inspect OUTBOUND_POLICY
  class-default
    inspect
!
    5. Configure zone-pairs to apply policies to traffic
      6. zone-pair security IN2OUT source INSIDE destination OUTSIDE
  service-policy type inspect OUTBOUND_POLICY
!
zone-pair security OUT2IN source OUTSIDE destination INSIDE
  service-policy type inspect INBOUND_POLICY
!
    6. Verify
      7. show policy-map type inspect zone-pair

    Posted in CCIE R&S, CCIE Security.

    Tagged with .

    1 comment

    By Brian February 7, 2010

    One Response

    Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

    1. Bradley Freeman says

      I like your style of this, its a very handy short quick reference. Just want I need to tick off the IOS IPS box on the R&S blueprint.

      February 9, 2010, 5:49 pm



    Some HTML is OK

    or, reply to this post via trackback.

    «