Zoned-Based policy FW

Inside----(f0/0)IOSFW(f1/0)-----Outsite


Zoned-Based policy FW 


zone security Outside 
zone security Inside  


inteface fastethernet 0/0 
 ip address 10.1.1.10 255.255.255.0 
 zone-member security Inside 


interface fastethernet 1/0 
 ip address 202.100.1.10 255.255.255.0 
 zone-member security Oustside 


class-map type inspect match-any Inside-to-Outside.Class
 match protocol http 
 match protocol smtp 
 match protocol ftp 
 match protocol telnet 
 match protocol icmp 


ip access-list extended Internet-to-Inside.Web.Traffic 
 permit ip any host 10.1.1.100 
class-map type inspect match-all Outside-to-Inside.Class 
 match protocol http 
 match access-group name Internet-to-Inside.Web.Traffic 


parameter-map type inspect Inside-to-Outside.Pa 
 max-incomplete low 800 
 max-incomplete high 1000 
 tcp synwait-time 15 


parameter-map type inspect Outside-to-Inside.Pa 
 max-incomplete low 80 
 max-incomplete high 100 


policy-map type inspect Inside-to-Outside.Policy 
 class type inspect Inside-to-Outside.Class 
  inspect Inside-to-Outside.Pa 


policy-map type inspect Outside-to-Inside.Policy 
 class type inspect Outside-to-Inside.Class 
  inspect Outside-to-Inside.Pa 


zone-pair security Inside-to-Outside.ZonePairs source Inside destination Outside 
 service-policy type inspect Inside-to-Outside.Policy 


zone-pair security Outside-to-Inside.ZonePairs source Outside destination Inside  
 service-policy type inspect Outside-to-Inside.Policy 


show zone security 


show zone-pair security 


show class-map type inspect 


show parameter-map type inspect 


show policy-map type inspect 


show policy-map type inspect zone-pair sessions