[c-nsp] Cisco zone based firewall - 12.4(6)T

Brandon Bennett bennetb+cisco-nsp at gmail.com
Fri May 5 17:56:41 EDT 2006


We just implemented here for an IOS firewall we have in production.

We called tac on the "ERROR"'s and they said it is just cosmetic and
will be fixed the next release.

We've also experiance some crashes (expecially when DNS is not
inspected through the zone-pair).  The workaround was just to use
inspect.

There are also some align-trace errors that seem to come up with
12.4(6)T,  but that was expected.

-Brandon

On 5/5/06, Kenny Sallee <k_sallee at yahoo.com> wrote:
> Has anyone played around w/ zone based firewalls yet?
> Any opinions?  I've got it setup in the lab but seeing
> some things that don't make sense like:
>
> r-1841-r1#show policy-map type inspect
>   Policy Map type inspect p1
>     Class no_websense
>       Inspect ERROR
>     Class c1
>       Inspect ERROR
>      urlfilter websense
>     Class class-default
>       Drop
>
> Shows ERROR but everything seems to be working.
> Kenny
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list