Sample Configuration of the Cisco IOS Zone-based Policy Firewall with IPv6

Now that we have studied several practical scenarios for the Cisco IOS Zone-based Policy Firewall (ZFW), it is time to apply this knowledge to IPv6 environments. It is very important to emphasize that the logic of policy construction (as well as the building blocks) are identical to those employed for IPv4.
Our reference topology brings a simple network containing two security zones and an L4-only policy that defines the rules to allow the initiation of  outbound connections. The figure also documents the output of a typical debug command used to gain visibility about session creation.

Basic Zone-based Firewall configuration for IPv6

** Topics for Study:

  • By reviewing the contents of previous posts in the ZFW series, would you be able to insert L3 restrictions in this scenario ? (For example, the client host in the INSIDE should only be able to access FTP and HTTP on the OUTSIDE server).
  • How can you enable logging ? (both for connection setup/teardown and dropped packets)
  • What are the commands used to display information about existent security zones and structure of policy elements ?

** Related Posts:

About these ads

Leave a comment

Filed under English, Firewalls, IPv6, Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s