3 hours
Finished up this lab, and it brought up some points that I’m not well versed in. Zone Based Firewalls was one of them. Here’s a sample of what I applied today.
zone security inside
zone security outside
int s0/0/0
zone-member security outside
int s0/1/0
zone-member security inside
int s0/1/1
zone-member security inside
int lo1
zone-member security inside
int lo6
zone-member security inside
zone-pair security in_to_out source inside des outside
class-map type inspect p2p
match protocol bittorrent
match protocol kazaa2
match protocol gnutella
match protocol fasttrack
match protocol edonkey
class-map type inspect ftp
match protocol ftp
class-map type inspect allow
match protocol http
match protocol https
match protocol ftp
match protocol telnet
match protocol ssh
match protocol smtp
match protocol pop3
match protocol icmp
policy-map type inspect fw-policy
class type inspect allow
inspect
class type inspect ftp
inspect
police rate 2000000 burst 37500
class type inspect p2p
drop
zone-pair security in_to_out
service-policy type inspect fw-policy