ip inspect
_maurice
Member Posts: 142
I have configured my cisco 871 to use the zone based firewall, not the classic firewall with CBAC.
I have the following commands left over in my running-config:
ip insp log drop-pkt
ip inspect max-incomplete low 500
ip inspect max-incomplete high 500
ip inspect dns-timeout 7
Can these commands be removed? CBAC has nothing to do with the zone based firewall, right?
I have the following commands left over in my running-config:
ip insp log drop-pkt
ip inspect max-incomplete low 500
ip inspect max-incomplete high 500
ip inspect dns-timeout 7
Can these commands be removed? CBAC has nothing to do with the zone based firewall, right?
Comments
-
APA
Member Posts: 959
yes they can be removed....
Unless you actually have the ip inspect (name) out|in still actively used on the interface???
But seeing as you aren't telling it to inspect any protocols I can't see that being the case
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP