11.39 ZFB.Need some clarification

Hi , 

I need some clarification about some points on  SG.I appreciate for any possible help/idea to understand.

1) ip access-list extended ACL_SSH_HTTPS

         permit tcp any any eq 22

         permit tcp any any eq 443

   class-map type inspect match-all CMAP_HTTPS_SSH

         match access-group name ACL_SSH_HTTPS

         match protocol tcp  ------------------------------------------------------> Why did we need that statement? Doesn't ACL already match the TCP-traffic above?


2) What is the difference between selecting http traffic by acl "permit tcp any any eq 80 " and selecting it by using class-map matchprotocol http ? (where there

is no port-mapping)


Happy Studies      


Sign In or Register to comment.