Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- object-group network remote-pcs
- host hoszt-1-ip
- host hoszt-2-ip
- object-group network voip-providers
- host voip-provider-1-ip
- host voip-provider-1-ip
- ip access-list extended FW_EXCLUSIONS_ACL
- permit udp any host 255.255.255.255 range 67 68
- permit tcp object-group remote-pcs any eq SSH_PORT
- permit udp object-group voip-providers any eq SIP_PORT
- permit udp any any eq STUN_PORT
- permit udp any any range RTP_PORT_RANGES log
- class-map type inspect match-any IN_TO_OUT_CLASS
- match protocol http
- match protocol https
- match protocol pop3s
- match protocol smtp
- match protocol dns
- match protocol tcp
- match protocol udp
- class-map type inspect match-all FW_EXCLUSIONS_CLASS
- match access-group name FW_EXCLUSIONS_ACL
- policy-map type inspect IN_TO_OUT
- class IN_TO_OUT_CLASS
- inspect
- class class-default
- drop
- policy-map type inspect FW_EXCLUSIONS
- class FW_EXCLUSIONS_CLASS
- inspect
- class class-default
- drop
- zone security INSIDE
- zone security OUTSIDE
- zone-pair security INSIDE-to-OUTSIDE source INSIDE destination OUTSIDE
- service-policy type inspect IN_TO_OUT
- zone-pair security OUTSIDE-to-INSIDE source OUTSIDE destination INSIDE
- service-policy type inspect FW_EXCLUSIONS
- interface BVI1
- zone-member security INSIDE
- interface Vlan 600
- zone-member security INSIDE
- interface Vlan 700
- zone-member security INSIDE
- interface Fa4
- zone-member security OUTSIDE
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement