IPX Vol3 lab 1 finished- Zone Based Firewalls

Posted on September 15, 2011 by Jay McMickle

3 hours
Finished up this lab, and it brought up some points that I’m not well versed in.  Zone Based Firewalls was one of them.  Here’s a sample of what I applied today.

zone security inside
zone security outside

int s0/0/0
 zone-member security outside
int s0/1/0
 zone-member security inside
int s0/1/1
 zone-member security inside
int lo1
 zone-member security inside
int lo6
 zone-member security inside

zone-pair security in_to_out source inside des outside

class-map type inspect p2p
 match protocol bittorrent
 match protocol kazaa2
 match protocol gnutella
 match protocol fasttrack
 match protocol edonkey
class-map type inspect ftp
 match protocol ftp
class-map type inspect allow
 match protocol http
 match protocol https
 match protocol ftp
 match protocol telnet
 match protocol ssh
 match protocol smtp
 match protocol pop3
 match protocol icmp

policy-map type inspect fw-policy
 class type inspect allow
  inspect
 class type inspect ftp
  inspect
  police rate 2000000 burst 37500
 class type inspect p2p
  drop 

zone-pair security in_to_out
 service-policy type inspect fw-policy

About Jay McMickle

I've been in IT for about 15 years, starting on the help desk and building PC's for a small company here in Houston (PanTex). Over the years, I've worked on server, desktop, network, Citrix, Security, and other teams. I've started with my A certification back in 1997, and over the years, I have earned many certifications that include CCNA, CCNA Security, CCDA, CCDP, CCSP, and CCNP. I have passed the written qualification exams for the CCIE Routing and Switching, as well as, the CCIE Security exam. In only makes sense to move towards the CCIE R&S first and complete that. I started this journey in May 2010 and plan to have the CCIE by Sept. 2011.
This entry was posted in CCIE Routing and Switching Lab Prep and tagged , , . Bookmark the permalink.

Leave a comment