Home
Certification Preparation
Cisco
CCNA & CCENT
CCNA Security
ip inspect
_maurice
I have configured my cisco 871 to use the zone based firewall, not the classic firewall with CBAC.
I have the following commands left over in my running-config:
ip insp log drop-pkt
ip inspect max-incomplete low 500
ip inspect max-incomplete high 500
ip inspect dns-timeout 7
Can these commands be removed? CBAC has nothing to do with the zone based firewall, right?
Find more posts tagged with
Comments
APA
yes they can be removed....
Unless you actually have the ip inspect (name) out|in still actively used on the interface???
But seeing as you aren't telling it to inspect any protocols I can't see that being the case
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
