[c-nsp] zone based FW -- inside to inside
Gabriel
jarod125 at gmail.com
Sun Feb 26 11:07:10 EST 2012
On Wed, Feb 22, 2012 at 9:12 PM, Oliver Garraux <oliver at g.garraux.net> wrote:
> On Wed, Feb 22, 2012 at 8:28 AM, Chris Mason <chris at noodles.org.uk> wrote:
>>> when you do zone based firewalling on an ISR router..... traffic from one
>>> inside interface to another inside interface should not be affected by the
>>> firewall correct?
>>
>> That is my understanding as long as the traffic is intra-zone and not
>> inter-zone (i.e. between interfaces within the same zone).
>
> I think you can create intra-zone policies in some of the newer
> versions of IOS. I'm not sure what specific version that feature was
> added in though.
>
> Oliver
Jeremy Stretch blogged about this recently. Depending on IOS version,
you may or may not need to explicitly allow intra-zone traffic.
See http://packetlife.net/blog/2012/jan/30/ios-zone-based-firewall/
More information about the cisco-nsp
mailing list