Hey, now. Don't you worry. I haven't forgotten about The Guide.
As it happens, I've been perusing Ivan Pepelnjak's digital shortcut, Deploying Zone-Based Firewalls. "Why?" you might currently be screaming at the top of your lungs. Well, partially because the man is quite brilliant, but mostly because ZBFs are suspiciously simple to implement...and because I've found that emulating ASAs in Qemu on GNS3 has been nothing short of abysmal.
Qemu bashing aside, I've just finished making final tweaks to my latest lab. It's a fairly straight-forward Inside/DMZ/Outside zone design, but it's a good base configuration that's easy to extrapolate and build upon -- oh, and it takes into account that, unlike in Ivan's book (which was written using IOS 12.4, I believe), I'm using 15.0 on my edge router, which doesn't allow the use of inspect with class-default on the zone-pair's policy-map.
So, fun stuff coming down the pipe! If the ZBF lab isn't up by tomorrow, look for it on Friday.
No comments:
Post a Comment