Cisco IOS Basic Zone-based firewall

Download Template
Basic Zone-based firewall which inspects dns, smtp, pop3, http, https, ntp, ftp and icmp. Enter inside interface (for example vlan1 or gig0/0) and outside interface (for example fa4 or gig0/1)

stroemblad
March 11, 2014
Name of outside interface, (for example fa4 or gig0/1)

Name of outside interface, (for example vlan1 or gig0/0)

class-map type inspect match-any L4-cmap
 match protocol dns
 match protocol smtp extended
 match protocol pop3
 match protocol https
 match protocol http
 match protocol ntp
 match protocol ftp
 match protocol icmp
policy-map type inspect L4-pmap
 class type inspect L4-cmap
  inspect
class class-default
  drop log
zone security inside
zone security outside
interface %{OUTSIDEINTERFACE}%
 zone-member security outside
interface %{INSIDEINTERFACE}%
 zone-member security inside
!
zone-pair security inside-to-outside source inside destination outside
service-policy type inspect L4-pmap

You must be logged in to comment.