2.1 Zone-Based Firewall
FROM->INSIDE->TO->OUTSIDE
Allow TCP and UDP sessions initiated from the inside to the outside.
class-map type inspect match-any ALLOWED_TRAFFIC_CMAP
match protocol tcp
match protocol udp
match protocol icmp
policy-map type inspect INSIDE_TO_OUTSIDE_PMAP
class type inspect ALLOWED_TRAFFIC_CMAP
inspect class class-default
drop
zone-pair security INSIDE_TO_OUTSIDE source INSIDE destination OUTSIDE
service-policy type inspect INSIDE_TO_OUTSIDE_पम्प
FROM->OUTSIDE->TO->INSIDE
Permit HTTP and HTTPS access to an internal web server with the IP address of 183.X.46.100
ip access-list extended INSIDE_HTTP_SERVER_ACL
permit tcp any host 183.1.46.100 eq www
permit tcp any host 183.1.46.100 eq 443
class-map type inspect match-all INSIDE_HTTP_SERVER_CMAP
match access-group name INSIDE_HTTP_SERVER_ACL
match protocol tcp
policy-map type inspect OUTSIDE_TO_INSIDE_PMAP
class type inspect INSIDE_HTTP_SERVER_CMAP
inspect class class-default
drop
zone-pair security OUTSIDE_TO_INSIDE source OUTSIDE destination INSIDE
service-policy type inspect OUTSIDE_TO_INSIDE_PMAP
No comments:
Post a Comment