Cont int gig 10 zone member security out exit int gig

Info icon This preview shows pages 98–110. Sign up to view the full content.

Cont’ Int gig 1/0 Zone-member security OUT Exit Int gig 2/0 Zone-member security IN Exit Int gig 3/0 Zone-member security DMZ exit
Image of page 98

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Cont’ Do show zone security Ip access-list extended IN-OUT-ACL Permit ip any any Exit Class-map type inspect match-all IN-OUT-CLASS Match access-group name IN-OUT-ACL Exit Do show class-map type inspec
Image of page 99
Cont’ Policy-map type inspect IN-OUT-POLICY Class type inspect IN-OUT-CLASS Inspect exit Exit Do show policy-map type inspect Zone-pair security IN-OUT-ZP Source IN dest OUT Service-policy type inspect IN-OUT-POLICY EXIT Do show zone-pair secuirty Do show policy-map type inspect zone-pair
Image of page 100

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Cont’ Do show policy-map type inspect zone-pair session do show ip port-map | include http Class-map type inspect match-any WEB-CLASS Match protocol http Exit Do show class-map type inspect Policy-map type inspect WEB-POLICY Class type inspect WEB-CLASS Inspect Exit Exit Do show policy-map type inspect
Image of page 101
Cont’ Zone-pair security OUT-DMZ-ZP source OUT dest DMZ Service-policy type inspet WEB-POLICY Do show zone-pair security Do show policy-map type inspect zone-pair sessions
Image of page 102

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Cont’ Application layer inspection uses To protect violation:if the packet is not complete universal standard drop it Regular exprssion:to block site end with .com Parameter-map type regex COM Patter .+\. [Cc][Oo][Mm] exit
Image of page 103
Cont’ Class-map type inspect http match-any BAD-HTTP-CLASS Match request uri regex COM Match req-resp protocol-violation Exit Do show class-map type inpect http Policy-map type inspect http BAD-HTTP-POLICY Class type inspect http BAD-HTTP-CLASS Log Reset Exit Exit
Image of page 104

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Cont’ Do show policy-map type inspect http Policy-may type inspect WEB-POLICY Class type inspect WEB-CLASS Inspect Service-policy http BAD-HTTP-POLICY Exit exit
Image of page 105
17-09 IOS Firewall Fundamentals Firewalls separate one part of a network, form another part. We use router as firewall by using its like Packer filtering:ACL Proxy:usefull deep packet inspection, to block site State full filtering(it use state full table which consists source and destination address and port) Reflexive ACLs(it create dynamically inverted access list)
Image of page 106

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Cont’ ip access-list extended GOING-OUT Permit tcp any any reflect REMEMBER Permit udp any any reflect REMEMBER Permit icmp any any reflect REMEMBER Deny ip any any log Exit Int fa 4/0 Ip access-group GOING-OUT out
Image of page 107
Cont’ Do show access-list Ip access-list extended COMING-IN Evaluate REMEMBER Deny ip any any log Exit Int fa 4/0 Ip access-group COMING-IN in
Image of page 108

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Cont’ CBAC(context based access control):this work like State full filtering Ip access-list exetended DENY Deny ip any any log Int fa4/0
Image of page 109
Image of page 110
This is the end of the preview. Sign up to access the rest of the document.
  • Winter '18
  • Rita
  • IP address, Exit, Cont

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern