API tools faq
paste
Advertisement
Guest User

ZBF

a guest
Jan 20th, 2020
750
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.42 KB | None | 0 0
raw download clone embed print report
  1. !
  2. class-map type inspect match-all INSIDE-TO-OUTSIDE-CLASS
  3. match access-group name INSIDE-TO-OUTSIDE
  4. class-map type inspect match-all OUTSIDE-TO-INSIDE-CLASS
  5. match access-group name OUTSIDE-TO-INSIDE
  6. class-map type inspect match-all V80-TO-OUTSIDE-CLASS
  7. match access-group name V80-TO-OUTSIDE
  8. class-map type inspect match-all OUTSIDE-TO-V80-CLASS
  9. match access-group name OUTSIDE-TO-V80
  10. class-map type inspect match-all V30-TO-OUTSIDE-CLASS
  11. match access-group name V30-TO-OUTSIDE
  12. class-map type inspect match-all OUTSIDE-TO-V30-CLASS
  13. match access-group name OUTSIDE-TO-V30
  14. class-map type inspect match-all V20-TO-OUTSIDE-CLASS
  15. match access-group name V20-TO-OUTSIDE
  16. match access-group name ip620-TO-OUTSIDE
  17. class-map type inspect match-all OUTSIDE-TO-V20-CLASS
  18. match access-group name OUTSIDE-TO-V20
  19. match access-group name OUTSIDE-TO-ip620
  20. class-map type inspect match-all V70-TO-OUTSIDE-CLASS
  21. match access-group name V70-TO-OUTSIDE
  22. class-map type inspect match-all OUTSIDE-TO-V70-CLASS
  23. match access-group name OUTSIDE-TO-V70
  24. class-map type inspect match-all V60-TO-OUTSIDE-CLASS
  25. match access-group name V60-TO-OUTSIDE
  26. class-map type inspect match-all OUTSIDE-TO-V60-CLASS
  27. match access-group name OUTSIDE-TO-V60
  28. class-map type inspect match-all V50-TO-OUTSIDE-CLASS
  29. match access-group name V50-TO-OUTSIDE
  30. class-map type inspect match-all OUTSIDE-TO-V50-CLASS
  31. match access-group name OUTSIDE-TO-V50
  32. class-map type inspect match-all V40-TO-OUTSIDE-CLASS
  33. match access-group name V40-TO-OUTSIDE
  34. class-map type inspect match-all OUTSIDE-TO-V40-CLASS
  35. match access-group name OUTSIDE-TO-V40
  36. !
  37. policy-map type inspect V60-TO-OUTSIDE-POLICY
  38. class type inspect V60-TO-OUTSIDE-CLASS
  39. inspect
  40. class class-default
  41. pass
  42. policy-map type inspect V40-TO-OUTSIDE-POLICY
  43. class type inspect V40-TO-OUTSIDE-CLASS
  44. inspect
  45. class class-default
  46. pass
  47. policy-map type inspect OUTSIDE-TO-V60-POLICY
  48. class type inspect OUTSIDE-TO-V60-CLASS
  49. drop
  50. class class-default
  51. drop
  52. policy-map type inspect V20-TO-OUTSIDE-POLICY
  53. class type inspect V20-TO-OUTSIDE-CLASS
  54. inspect
  55. class class-default
  56. pass
  57. policy-map type inspect V70-TO-OUTSIDE-POLICY
  58. class type inspect V70-TO-OUTSIDE-CLASS
  59. inspect
  60. class class-default
  61. pass
  62. policy-map type inspect OUTSIDE-TO-V40-POLICY
  63. class type inspect OUTSIDE-TO-V40-CLASS
  64. drop
  65. class class-default
  66. drop
  67. policy-map type inspect V30-TO-OUTSIDE-POLICY
  68. class type inspect V30-TO-OUTSIDE-CLASS
  69. inspect
  70. class class-default
  71. pass
  72. policy-map type inspect OUTSIDE-TO-V80-POLICY
  73. class type inspect OUTSIDE-TO-V80-CLASS
  74. drop
  75. class class-default
  76. drop
  77. policy-map type inspect OUTSIDE-TO-V30-POLICY
  78. class type inspect OUTSIDE-TO-V30-CLASS
  79. drop
  80. class class-default
  81. drop
  82. policy-map type inspect OUTSIDE-TO-V50-POLICY
  83. class type inspect OUTSIDE-TO-V50-CLASS
  84. drop
  85. class class-default
  86. drop
  87. policy-map type inspect INSIDE-TO-OUTSIDE-POLICY
  88. class type inspect INSIDE-TO-OUTSIDE-CLASS
  89. inspect
  90. class class-default
  91. pass
  92. policy-map type inspect V50-TO-OUTSIDE-POLICY
  93. class type inspect V50-TO-OUTSIDE-CLASS
  94. inspect
  95. class class-default
  96. pass
  97. policy-map type inspect OUTSIDE-TO-V20-POLICY
  98. class type inspect OUTSIDE-TO-V20-CLASS
  99. drop
  100. class class-default
  101. drop
  102. policy-map type inspect OUTSIDE-TO-INSIDE-POLICY
  103. class type inspect OUTSIDE-TO-INSIDE-CLASS
  104. drop
  105. class class-default
  106. drop
  107. policy-map type inspect V80-TO-OUTSIDE-POLICY
  108. class type inspect V80-TO-OUTSIDE-CLASS
  109. inspect
  110. class class-default
  111. pass
  112. policy-map type inspect OUTSIDE-TO-V70-POLICY
  113. class type inspect OUTSIDE-TO-V70-CLASS
  114. drop
  115. class class-default
  116. drop
  117. !
  118. zone security INSIDE
  119. zone security OUTSIDE
  120. zone security vlan20
  121. zone security vlan30
  122. zone security vlan40
  123. zone security vlan50
  124. zone security vlan60
  125. zone security vlan70
  126. zone security vlan80
  127. zone-pair security IN-TO-OUT source INSIDE destination OUTSIDE
  128. service-policy type inspect INSIDE-TO-OUTSIDE-POLICY
  129. zone-pair security OUT-TO-IN source OUTSIDE destination INSIDE
  130. service-policy type inspect OUTSIDE-TO-INSIDE-POLICY
  131. zone-pair security 20-TO-OUT source vlan20 destination OUTSIDE
  132. service-policy type inspect V20-TO-OUTSIDE-POLICY
  133. zone-pair security 30-TO-OUT source vlan30 destination OUTSIDE
  134. service-policy type inspect V30-TO-OUTSIDE-POLICY
  135. zone-pair security 40-TO-OUT source vlan40 destination OUTSIDE
  136. service-policy type inspect V40-TO-OUTSIDE-POLICY
  137. zone-pair security 50-TO-OUT source vlan50 destination OUTSIDE
  138. service-policy type inspect V50-TO-OUTSIDE-POLICY
  139. zone-pair security 60-TO-OUT source vlan60 destination OUTSIDE
  140. service-policy type inspect V60-TO-OUTSIDE-POLICY
  141. zone-pair security 70-TO-OUT source vlan70 destination OUTSIDE
  142. service-policy type inspect V70-TO-OUTSIDE-POLICY
  143. zone-pair security 80-TO-OUT source vlan80 destination OUTSIDE
  144. service-policy type inspect V80-TO-OUTSIDE-POLICY
  145. zone-pair security OUT-TO-20 source OUTSIDE destination vlan20
  146. service-policy type inspect OUTSIDE-TO-V20-POLICY
  147. zone-pair security OUT-TO-30 source OUTSIDE destination vlan30
  148. service-policy type inspect OUTSIDE-TO-V30-POLICY
  149. zone-pair security OUT-TO-40 source OUTSIDE destination vlan40
  150. service-policy type inspect OUTSIDE-TO-V40-POLICY
  151. zone-pair security OUT-TO-50 source OUTSIDE destination vlan50
  152. service-policy type inspect OUTSIDE-TO-V50-POLICY
  153. zone-pair security OUT-TO-60 source OUTSIDE destination vlan60
  154. service-policy type inspect OUTSIDE-TO-V60-POLICY
  155. zone-pair security OUT-TO-70 source OUTSIDE destination vlan70
  156. service-policy type inspect OUTSIDE-TO-V70-POLICY
  157. zone-pair security OUT-TO-80 source OUTSIDE destination vlan80
  158. service-policy type inspect OUTSIDE-TO-V80-POLICY
  159. !
  160.  
  161. !
  162. ip access-list extended INSIDE-TO-OUTSIDE
  163. ip access-list extended OUTSIDE-TO-INSIDE
  164. ip access-list extended OUTSIDE-TO-V20
  165. ip access-list extended OUTSIDE-TO-V30
  166. ip access-list extended OUTSIDE-TO-V40
  167. ip access-list extended OUTSIDE-TO-V50
  168. ip access-list extended OUTSIDE-TO-V60
  169. ip access-list extended OUTSIDE-TO-V70
  170. ip access-list extended OUTSIDE-TO-V80
  171. ip access-list extended V20-TO-OUTSIDE
  172. permit ip 192.168.20.0 0.0.0.255 any
  173. ip access-list extended V30-TO-OUTSIDE
  174. permit ip 192.168.30.0 0.0.0.255 any
  175. ip access-list extended V40-TO-OUTSIDE
  176. permit ip 192.168.40.0 0.0.0.255 any
  177. ip access-list extended V50-TO-OUTSIDE
  178. permit ip 192.168.50.0 0.0.0.255 any
  179. ip access-list extended V60-TO-OUTSIDE
  180. permit ip 192.168.60.0 0.0.0.255 any
  181. ip access-list extended V70-TO-OUTSIDE
  182. permit ip 192.168.70.0 0.0.0.255 any
  183. ip access-list extended V80-TO-OUTSIDE
  184. permit ip 192.168.80.0 0.0.0.255 any
  185. ! show run
  186.  
  187. ipv6 route ::/0 Tunnel0
  188. ipv6 ioam timestamp
  189. !
  190. !
  191. access-list 1 permit 192.168.20.0 0.0.0.255
  192. access-list 1 permit 192.168.30.0 0.0.0.255
  193. access-list 1 permit 192.168.40.0 0.0.0.255
  194. access-list 1 permit 192.168.50.0 0.0.0.255
  195. access-list 1 permit 192.168.60.0 0.0.0.255
  196. access-list 1 permit 192.168.70.0 0.0.0.255
  197. access-list 1 permit 192.168.80.0 0.0.0.255
  198. access-list 1 permit 192.168.2.0 0.0.0.255
  199. !
  200. !
  201. !
  202. ipv6 access-list OUTSIDE-TO-ip620
  203. permit icmp any any unreachable
  204. permit icmp any any packet-too-big
  205. permit icmp any 2001:470:1F19:AB:2000::/68
  206. permit icmp any any reassembly-timeout
  207. permit icmp any any header
  208. permit icmp any any next-header
  209. permit icmp any any parameter-option
  210. permit icmp any any echo-request
  211. permit icmp any any echo-reply
  212. permit icmp any any dhaad-request
  213. permit icmp any any dhaad-reply
  214. permit icmp any any mpd-solicitation
  215. permit icmp any any mpd-advertisement
  216. permit icmp any any nd-na
  217. permit icmp any any nd-ns
  218. !
  219. ipv6 access-list ip620-TO-OUTSIDE
  220. permit ipv6 2001:470:1F19:AB:2000::/68 any
  221. sequence 30 permit icmp any 2001:470:1F19:AB:2000::/68
  222. control-plane host
  223. !
  224. !
  225. control-plane
  226. !
  227.  
  228. My zone based firewall config.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!