ip inspect

_maurice_maurice Posts: 142Member
I have configured my cisco 871 to use the zone based firewall, not the classic firewall with CBAC.

I have the following commands left over in my running-config:

ip insp log drop-pkt
ip inspect max-incomplete low 500
ip inspect max-incomplete high 500
ip inspect dns-timeout 7

Can these commands be removed? CBAC has nothing to do with the zone based firewall, right?

Comments

  • APAAPA Posts: 959Member
    yes they can be removed....

    Unless you actually have the ip inspect (name) out|in still actively used on the interface???

    But seeing as you aren't telling it to inspect any protocols I can't see that being the case :)

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
Sign In or Register to comment.