Class Maps: Identifies the traffic for example by: protocols, access-lists etc. For example:
access-list ICMP_ACCESSLIST extended permit icmp any any
class-map ICMP_TRAFFIC
match access-list ICMP_ACCESSLIST
exit
Policy Maps: Tell you what to do with the traffic e.g. PASS, DROP, INSPECT, LOG. For example:
policy-map ALLOW_ICMP
description xAllow ICMP Trafficx
match ICMP_TRAFFIC
police input 100000
exit
exit
Service Policy: Applied to a zone pair to do actions like control traffic flow between different zone pairs:
service-policy ALLOW_ICMP interface inside
So we have identified the traffic firstly, applied a rate limit on the traffic and then applied this policy to an interface / zone.
Zone Pairs: Traffic flow is between two zones, an explicit rule must be in place to allow traffic between the different zones. They are uni-
directional. For example: Inside Zone to Outside Zone.
Interface Security Levels: From 0 to 100 - indcates how trusted traffic from that interface is:
- 100 Indicates flow can go to all other interfaces freely.
- 0 Indicates that all traffic origniating from the interface is untrusted.
Interfaces with a higher security-level than others can freely access them - although by default interfaces with the same security-level are
unable to access each other.
0 comments:
Post a Comment