11.41 -- ZFW Application Inspection (errors in workbook)
BIG VERIFICATION MISTAKES in 11.41 ZFW Application Inspection
Below are the fixes:
All testing is done from R4(inside-fw) to SW2(outside-fw) NOT from R1-to-R2 as in the SG (no firewall on R3)
When told to "Notice the message logged in R3", nothing happens.
Again this is because we should be looking at R5(firewall). Logs will show correctly on R5(firewall) if testing is done from R4-to-SW2
2nd verification test incorrect: below changes must be made to R5 (firewall) NOT R3
access-list 99 permit 150.x.8.8
ip port-map pop3 port tcp 7 list 99
Also, it is necessary to enable service tcp-small-servers on sw2 for the 2nd verfication ECHO test to work.
Reminder: testing must be done from R4-to-SW2(150.x.8.8)
Plus side of this task? The SG got the lengthy solution correct this time (as far as I can tell). The issue is in the verification/testing, because it was done in a completely different area of the network.
NOTE: if anyone wants these type of INE Workbook errors to be corrected, just post a +1 or something (if you have more information).This way support can make the adjustments to the workbook(s). Support Ticket ID: XDQ-451227