SlideShare une entreprise Scribd logo

Ios zone based-firewall

Swapnil Kapate
Swapnil Kapate
1  sur  1
Télécharger pour lire hors ligne
IOS ZONE-BASED FIREWALL packetlife.net Terminology Inspection Class Configuration Security Zone ! Match by protocol A group of interfaces which share a common level of security class-map type inspect match-any ByProtocol Zone Pair match protocol tcp A unidirectional pairing of source and destination zones to which a match protocol udp security policy is applied match protocol icmp Inspection Policy ! Match by access list An inspect-type policy map used to statefully filter traffic by ip access-list extended MyACL matching one or more inspect-type class maps permit ip 10.0.0.0 255.255.0.0 any ! Parameter Map class-map type inspect match-all ByAccessList An optional configuration of protocol-specific parameters referenced match access-group name MyACL by an inspection policy Security Zones Parameter Map Configuration parameter-map type inspect MyParameterMap Trusted Internet alert on audit-trail off dns-timeout 5 G0/0 G0/1 max-incomplete low 20000 MPLS WAN Internet max-incomplete high 25000 icmp idle-time 3 tcp synwait-time 3 Guest Inspection Policy Actions Drop Traffic is prevented from passing Corporate Guest Traffic is permitted to pass without LAN G0/2.10 G0/2.20 Wireless LAN Pass stateful inspection Traffic is subjected to stateful Inspect inspection; legitimate return traffic is ! Defining security zones permitted in the opposite direction zone security Trusted zone security Guest Inspection Policy Configuration zone security Internet policy-map type inspect MyInspectionPolicy ! Assigning interfaces to security zones ! Pass permitted stateless traffic interface GigabitEthernet0/0 class VPN-Tunnel zone-member security Trusted pass ! ! Inspect permitted stateful traffic interface GigabitEthernet0/1 class Allowed-Traffic1 zone-member security Internet inspect ! ! Stateful inspection with a parameter map interface GigabitEthernet0/2.10 class Allowed-Traffic2 zone-member security Trusted inspect MyParameterMap ! ! Drop and log unpermitted traffic interface GigabitEthernet0/2.20 class class-default zone-member security Guest drop log Zone Pair Configuration Troubleshooting ! Service policies are applied to zone pairs show zone security zone-pair security T2I source Trusted destination Internet show zone-pair security service-policy type inspect Trusted2Internet show policy-map type inspect zone-pair security G2I source Guest destination Internet service-policy type inspect Guest2Internet show class-map type inspect show parameter-map type inspect zone-pair security I2T source Internet destination Trusted service-policy type inspect Internet2Trusted debug zone security events by Jeremy Stretch v1.0

Recommandé

IOS Zone based Firewall
IOS Zone based FirewallIOS Zone based Firewall
IOS Zone based FirewallNetwax Lab
 
Zone Based Policy Firewall
Zone Based Policy FirewallZone Based Policy Firewall
Zone Based Policy Firewallpitt2k
 
Simplified Call Flow Signaling: Registration - The Attach Procedure
Simplified Call Flow Signaling: Registration - The Attach ProcedureSimplified Call Flow Signaling: Registration - The Attach Procedure
Simplified Call Flow Signaling: Registration - The Attach Procedure3G4G
 
ss7 and M3UA
ss7 and M3UAss7 and M3UA
ss7 and M3UAEng Ahmed Bakaal
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
BICC protocol and application
BICC protocol and applicationBICC protocol and application
BICC protocol and applicationIsybel Harto
 
Sigtran protocol
Sigtran protocolSigtran protocol
Sigtran protocolIsybel Harto
 
PPP(Point-to-Point Protocol): Components & Characteristics
PPP(Point-to-Point Protocol): Components & CharacteristicsPPP(Point-to-Point Protocol): Components & Characteristics
PPP(Point-to-Point Protocol): Components & CharacteristicsAnuj Parajuli
 

Recommandé

IOS Zone based Firewall
IOS Zone based FirewallIOS Zone based Firewall
IOS Zone based FirewallNetwax Lab
 
Zone Based Policy Firewall
Zone Based Policy FirewallZone Based Policy Firewall
Zone Based Policy Firewallpitt2k
 
Simplified Call Flow Signaling: Registration - The Attach Procedure
Simplified Call Flow Signaling: Registration - The Attach ProcedureSimplified Call Flow Signaling: Registration - The Attach Procedure
Simplified Call Flow Signaling: Registration - The Attach Procedure3G4G
 
ss7 and M3UA
ss7 and M3UAss7 and M3UA
ss7 and M3UAEng Ahmed Bakaal
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
BICC protocol and application
BICC protocol and applicationBICC protocol and application
BICC protocol and applicationIsybel Harto
 
Sigtran protocol
Sigtran protocolSigtran protocol
Sigtran protocolIsybel Harto
 
PPP(Point-to-Point Protocol): Components & Characteristics
PPP(Point-to-Point Protocol): Components & CharacteristicsPPP(Point-to-Point Protocol): Components & Characteristics
PPP(Point-to-Point Protocol): Components & CharacteristicsAnuj Parajuli
 
SS7 & SIGTRAN
SS7 & SIGTRANSS7 & SIGTRAN
SS7 & SIGTRANStephanie Galloway-Williams
 
The Private Mobile Network Gsm Solution
The Private Mobile Network Gsm SolutionThe Private Mobile Network Gsm Solution
The Private Mobile Network Gsm SolutionRight ToSpectrum
 
How to configure eo c services for huawei ol ts
How to configure eo c services for huawei ol tsHow to configure eo c services for huawei ol ts
How to configure eo c services for huawei ol tsHuanetwork
 
S1ap lte-attach-eps-bearer-setup
S1ap lte-attach-eps-bearer-setupS1ap lte-attach-eps-bearer-setup
S1ap lte-attach-eps-bearer-setupPrashant Sengar
 
sigtran
sigtransigtran
sigtrankrsgowri
 
PCRF as an EPC component
PCRF as an EPC componentPCRF as an EPC component
PCRF as an EPC componentMohamed Daif
 
Lte random-access-procedure
Lte random-access-procedureLte random-access-procedure
Lte random-access-procedurePrashant Sengar
 
RACH procedure in LTE
RACH procedure in LTERACH procedure in LTE
RACH procedure in LTEdebamoha
 
5G NR MIB and SIBs
5G NR MIB and SIBs5G NR MIB and SIBs
5G NR MIB and SIBsIman Mohammadi
 
Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Peter R. Egli
 
20786641 lte-whitepaper
20786641 lte-whitepaper20786641 lte-whitepaper
20786641 lte-whitepaperMuhammad Ali Basra
 
Point to-point-protocol
Point to-point-protocolPoint to-point-protocol
Point to-point-protocolamigurumi21
 
Layer 2 & layer 3 switching
Layer 2 & layer 3 switchingLayer 2 & layer 3 switching
Layer 2 & layer 3 switchingMuhd Mu'izuddin
 
Best practices-lte-call-flow-guide
Best practices-lte-call-flow-guideBest practices-lte-call-flow-guide
Best practices-lte-call-flow-guideMorg
 
UMTS/WCDMA Call Flows for PS services
UMTS/WCDMA Call Flows for PS servicesUMTS/WCDMA Call Flows for PS services
UMTS/WCDMA Call Flows for PS servicesJustin MA (馬嘉昌)
 
Rach procedure in lte
Rach procedure in lteRach procedure in lte
Rach procedure in lteSaurav Banerjee
 
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetHow to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetPositive Hack Days
 
GSM Channel Concept
GSM Channel ConceptGSM Channel Concept
GSM Channel ConceptMd Mustafizur Rahman
 
Lte epc trial experience
Lte epc trial experienceLte epc trial experience
Lte epc trial experienceHussien Mahmoud
 
Attach flow & srb
Attach flow & srbAttach flow & srb
Attach flow & srbMausam Panchal
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Yury Chemerkin
 
PAN PA2000 series
PAN PA2000 seriesPAN PA2000 series
PAN PA2000 seriesAltaware, Inc.
 

Contenu connexe

Tendances

The Private Mobile Network Gsm Solution
The Private Mobile Network Gsm SolutionThe Private Mobile Network Gsm Solution
The Private Mobile Network Gsm SolutionRight ToSpectrum
 
How to configure eo c services for huawei ol ts
How to configure eo c services for huawei ol tsHow to configure eo c services for huawei ol ts
How to configure eo c services for huawei ol tsHuanetwork
 
S1ap lte-attach-eps-bearer-setup
S1ap lte-attach-eps-bearer-setupS1ap lte-attach-eps-bearer-setup
S1ap lte-attach-eps-bearer-setupPrashant Sengar
 
PCRF as an EPC component
PCRF as an EPC componentPCRF as an EPC component
PCRF as an EPC componentMohamed Daif
 
Lte random-access-procedure
Lte random-access-procedureLte random-access-procedure
Lte random-access-procedurePrashant Sengar
 
RACH procedure in LTE
RACH procedure in LTERACH procedure in LTE
RACH procedure in LTEdebamoha
 
Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Peter R. Egli
 
Point to-point-protocol
Point to-point-protocolPoint to-point-protocol
Point to-point-protocolamigurumi21
 
Layer 2 & layer 3 switching
Layer 2 & layer 3 switchingLayer 2 & layer 3 switching
Layer 2 & layer 3 switchingMuhd Mu'izuddin
 
Best practices-lte-call-flow-guide
Best practices-lte-call-flow-guideBest practices-lte-call-flow-guide
Best practices-lte-call-flow-guideMorg
 
UMTS/WCDMA Call Flows for PS services
UMTS/WCDMA Call Flows for PS servicesUMTS/WCDMA Call Flows for PS services
UMTS/WCDMA Call Flows for PS servicesJustin MA (馬嘉昌)
 
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetHow to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetPositive Hack Days
 
Lte epc trial experience
Lte epc trial experienceLte epc trial experience
Lte epc trial experienceHussien Mahmoud
 

Tendances (20)

SS7 & SIGTRAN
SS7 & SIGTRANSS7 & SIGTRAN
SS7 & SIGTRAN
 
The Private Mobile Network Gsm Solution
The Private Mobile Network Gsm SolutionThe Private Mobile Network Gsm Solution
The Private Mobile Network Gsm Solution
 
How to configure eo c services for huawei ol ts
How to configure eo c services for huawei ol tsHow to configure eo c services for huawei ol ts
How to configure eo c services for huawei ol ts
 
S1ap lte-attach-eps-bearer-setup
S1ap lte-attach-eps-bearer-setupS1ap lte-attach-eps-bearer-setup
S1ap lte-attach-eps-bearer-setup
 
sigtran
sigtransigtran
sigtran
 
PCRF as an EPC component
PCRF as an EPC componentPCRF as an EPC component
PCRF as an EPC component
 
Lte random-access-procedure
Lte random-access-procedureLte random-access-procedure
Lte random-access-procedure
 
RACH procedure in LTE
RACH procedure in LTERACH procedure in LTE
RACH procedure in LTE
 
5G NR MIB and SIBs
5G NR MIB and SIBs5G NR MIB and SIBs
5G NR MIB and SIBs
 
Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)
 
20786641 lte-whitepaper
20786641 lte-whitepaper20786641 lte-whitepaper
20786641 lte-whitepaper
 
Point to-point-protocol
Point to-point-protocolPoint to-point-protocol
Point to-point-protocol
 
Layer 2 & layer 3 switching
Layer 2 & layer 3 switchingLayer 2 & layer 3 switching
Layer 2 & layer 3 switching
 
Best practices-lte-call-flow-guide
Best practices-lte-call-flow-guideBest practices-lte-call-flow-guide
Best practices-lte-call-flow-guide
 
UMTS/WCDMA Call Flows for PS services
UMTS/WCDMA Call Flows for PS servicesUMTS/WCDMA Call Flows for PS services
UMTS/WCDMA Call Flows for PS services
 
Rach procedure in lte
Rach procedure in lteRach procedure in lte
Rach procedure in lte
 
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetHow to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the Planet
 
GSM Channel Concept
GSM Channel ConceptGSM Channel Concept
GSM Channel Concept
 
Lte epc trial experience
Lte epc trial experienceLte epc trial experience
Lte epc trial experience
 
Attach flow & srb
Attach flow & srbAttach flow & srb
Attach flow & srb
 

Similaire à Ios zone based-firewall

Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Yury Chemerkin
 
Cyberoam Firewall Presentation
Cyberoam Firewall PresentationCyberoam Firewall Presentation
Cyberoam Firewall PresentationManoj Kumar Mishra
 
Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Michael Graves
 
Rina converged network operator - etsi workshop
Rina converged network operator - etsi workshopRina converged network operator - etsi workshop
Rina converged network operator - etsi workshopARCFIRE ICT
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_diveNur Shiqim Chok
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding FirewallsLikan Patra
 
AWS - Security and Compliance Overview
AWS - Security and Compliance OverviewAWS - Security and Compliance Overview
AWS - Security and Compliance OverviewRightScale
 
Marrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga
 
Clavister security for virtualized environment
Clavister security for virtualized environmentClavister security for virtualized environment
Clavister security for virtualized environmentnicolasotira
 
CCNxCon2012: Session 3: NDN Applicability to V2V and V2R Networks
CCNxCon2012: Session 3: NDN Applicability to V2V and V2R NetworksCCNxCon2012: Session 3: NDN Applicability to V2V and V2R Networks
CCNxCon2012: Session 3: NDN Applicability to V2V and V2R NetworksPARC, a Xerox company
 
50357 a enu-module02
50357 a enu-module0250357 a enu-module02
50357 a enu-module02Bố Su
 
Malabocchia_ TELECOM
Malabocchia_ TELECOMMalabocchia_ TELECOM
Malabocchia_ TELECOMGoWireless
 

Similaire à Ios zone based-firewall (20)

Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
 
PAN PA2000 series
PAN PA2000 seriesPAN PA2000 series
PAN PA2000 series
 
PAN PA2000 series
PAN PA2000 seriesPAN PA2000 series
PAN PA2000 series
 
PAN 5000
PAN 5000PAN 5000
PAN 5000
 
1. introduzione a TMG
1. introduzione a TMG1. introduzione a TMG
1. introduzione a TMG
 
Cyberoam Firewall Presentation
Cyberoam Firewall PresentationCyberoam Firewall Presentation
Cyberoam Firewall Presentation
 
Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010
 
Contrail Enabler for agile cloud services
Contrail Enabler for agile cloud servicesContrail Enabler for agile cloud services
Contrail Enabler for agile cloud services
 
Rina converged network operator - etsi workshop
Rina converged network operator - etsi workshopRina converged network operator - etsi workshop
Rina converged network operator - etsi workshop
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding Firewalls
 
AWS - Security and Compliance Overview
AWS - Security and Compliance OverviewAWS - Security and Compliance Overview
AWS - Security and Compliance Overview
 
Marrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga ; Firewalls
Marrion Kujinga ; Firewalls
 
Clavister security for virtualized environment
Clavister security for virtualized environmentClavister security for virtualized environment
Clavister security for virtualized environment
 
CCNxCon2012: Session 3: NDN Applicability to V2V and V2R Networks
CCNxCon2012: Session 3: NDN Applicability to V2V and V2R NetworksCCNxCon2012: Session 3: NDN Applicability to V2V and V2R Networks
CCNxCon2012: Session 3: NDN Applicability to V2V and V2R Networks
 
50357 a enu-module02
50357 a enu-module0250357 a enu-module02
50357 a enu-module02
 
Firewalls
FirewallsFirewalls
Firewalls
 
PAN PA4000
PAN PA4000PAN PA4000
PAN PA4000
 
ALOE Transit SBC rev.1 Brochure
ALOE Transit SBC rev.1 BrochureALOE Transit SBC rev.1 Brochure
ALOE Transit SBC rev.1 Brochure
 
Malabocchia_ TELECOM
Malabocchia_ TELECOMMalabocchia_ TELECOM
Malabocchia_ TELECOM
 

Plus de Swapnil Kapate

Training development382
Training development382Training development382
Training development382Swapnil Kapate
 
The itil foundation_certificate_syllabus (2) (1)
The itil foundation_certificate_syllabus (2) (1)The itil foundation_certificate_syllabus (2) (1)
The itil foundation_certificate_syllabus (2) (1)Swapnil Kapate
 
Ccnp workbook network bulls
Ccnp workbook network bullsCcnp workbook network bulls
Ccnp workbook network bullsSwapnil Kapate
 
Cloud computing e gov-12
Cloud computing e gov-12Cloud computing e gov-12
Cloud computing e gov-12Swapnil Kapate
 
Advanced troubleshooting
Advanced troubleshootingAdvanced troubleshooting
Advanced troubleshootingSwapnil Kapate
 
Ip addressing and subnetting instructors workbook
Ip addressing and subnetting instructors workbookIp addressing and subnetting instructors workbook
Ip addressing and subnetting instructors workbookSwapnil Kapate
 

Plus de Swapnil Kapate (20)

Training development382
Training development382Training development382
Training development382
 
E governance
E governanceE governance
E governance
 
D2014082010
D2014082010D2014082010
D2014082010
 
The itil foundation_certificate_syllabus (2) (1)
The itil foundation_certificate_syllabus (2) (1)The itil foundation_certificate_syllabus (2) (1)
The itil foundation_certificate_syllabus (2) (1)
 
Ccnp workbook network bulls
Ccnp workbook network bullsCcnp workbook network bulls
Ccnp workbook network bulls
 
Cloud computing e gov-12
Cloud computing e gov-12Cloud computing e gov-12
Cloud computing e gov-12
 
Cctns trg syllabus
Cctns trg syllabusCctns trg syllabus
Cctns trg syllabus
 
Advanced troubleshooting
Advanced troubleshootingAdvanced troubleshooting
Advanced troubleshooting
 
Ccna read
Ccna readCcna read
Ccna read
 
certificate
certificatecertificate
certificate
 
Networking
NetworkingNetworking
Networking
 
Ip addressing and subnetting instructors workbook
Ip addressing and subnetting instructors workbookIp addressing and subnetting instructors workbook
Ip addressing and subnetting instructors workbook
 
Voip basics
Voip basicsVoip basics
Voip basics
 
Vla ns
Vla nsVla ns
Vla ns
 
Tcpdump
TcpdumpTcpdump
Tcpdump
 
Spanning tree
Spanning treeSpanning tree
Spanning tree
 
Scapy
ScapyScapy
Scapy
 
Rip
RipRip
Rip
 
Qo s
Qo sQo s
Qo s
 
Ppp
PppPpp
Ppp
 

Ios zone based-firewall

  • 1. IOS ZONE-BASED FIREWALL packetlife.net Terminology Inspection Class Configuration Security Zone ! Match by protocol A group of interfaces which share a common level of security class-map type inspect match-any ByProtocol Zone Pair match protocol tcp A unidirectional pairing of source and destination zones to which a match protocol udp security policy is applied match protocol icmp Inspection Policy ! Match by access list An inspect-type policy map used to statefully filter traffic by ip access-list extended MyACL matching one or more inspect-type class maps permit ip 10.0.0.0 255.255.0.0 any ! Parameter Map class-map type inspect match-all ByAccessList An optional configuration of protocol-specific parameters referenced match access-group name MyACL by an inspection policy Security Zones Parameter Map Configuration parameter-map type inspect MyParameterMap Trusted Internet alert on audit-trail off dns-timeout 5 G0/0 G0/1 max-incomplete low 20000 MPLS WAN Internet max-incomplete high 25000 icmp idle-time 3 tcp synwait-time 3 Guest Inspection Policy Actions Drop Traffic is prevented from passing Corporate Guest Traffic is permitted to pass without LAN G0/2.10 G0/2.20 Wireless LAN Pass stateful inspection Traffic is subjected to stateful Inspect inspection; legitimate return traffic is ! Defining security zones permitted in the opposite direction zone security Trusted zone security Guest Inspection Policy Configuration zone security Internet policy-map type inspect MyInspectionPolicy ! Assigning interfaces to security zones ! Pass permitted stateless traffic interface GigabitEthernet0/0 class VPN-Tunnel zone-member security Trusted pass ! ! Inspect permitted stateful traffic interface GigabitEthernet0/1 class Allowed-Traffic1 zone-member security Internet inspect ! ! Stateful inspection with a parameter map interface GigabitEthernet0/2.10 class Allowed-Traffic2 zone-member security Trusted inspect MyParameterMap ! ! Drop and log unpermitted traffic interface GigabitEthernet0/2.20 class class-default zone-member security Guest drop log Zone Pair Configuration Troubleshooting ! Service policies are applied to zone pairs show zone security zone-pair security T2I source Trusted destination Internet show zone-pair security service-policy type inspect Trusted2Internet show policy-map type inspect zone-pair security G2I source Guest destination Internet service-policy type inspect Guest2Internet show class-map type inspect show parameter-map type inspect zone-pair security I2T source Internet destination Trusted service-policy type inspect Internet2Trusted debug zone security events by Jeremy Stretch v1.0