To set the rules of traffic passing from “WAN” zone to “LAN” zone, create a couple of zones and add a rule
prohibiting the application traffic from passing and a rule allowing the rest of traffic to pass. Rules are applied
with the enable command:
esr(config)# security zone-pair WAN LAN
esr(config-zone-pair)# rule 1
esr(config-zone-pair-rule)# action deny
esr(config-zone-pair-rule)# match application APP
esr(config-zone-pair-rule)# enable
esr(config-zone-pair-rule)# exit
esr(config-zone-pair)# rule 2
esr(config-zone-pair-rule)# action permit
esr(config-zone-pair-rule)# enable
esr(config-zone-pair-rule)# exit
esr(config-zone-pair-pair)# exit
To set the rules for passing traffic from the "LAN" zone to the "WAN" zone, create a pair of zones and add a
rule that prohibits the passage of application traffic and a rule that allows all other traffic to pass. Rules are
applied with the enable command:
esr(config)# security zone-pair LAN WAN
esr(config-zone-pair)# rule 1
esr(config-zone-pair-rule)# action deny
esr(config-zone-pair-rule)# match application APP
esr(config-zone-pair-rule)# enable
esr(config-zone-pair-rule)# exit
esr(config-zone-pair)# rule 2
esr(config-zone-pair-rule)# action permit
esr(config-zone-pair-rule)# enable
esr(config-zone-pair-rule)# exit
esr(config-zone-pair-pair)# exit
To view port membership in zones, use the following command:
To view zone pairs and their configuration, use the following commands:
esr# show security zone-pair
esr# show security zone-pair configuration
To view active sessions, use the following commands:
esr# show ip firewall sessions
13.5 Access list (ACL) configuration
Access Control List or ACL is a list that contains rules defining traffic transmission through the interface.
To Next Page
Loading...
