zone-based firewall issue
hi
i am tryig to do simple setup only i wanted to test how to allow routing protocoll to work with the local router using ZFW
i used bgp and ospf it seems to be working with bgp only i used the bellow ACL first and class map
by the way i used zone out and zone-pair out as source and self as destination
access-list 100 permit ospf any any
access-list 100 permit tcp any eq bgp any
access-list 100 permit tcp any any eq bgp
class-map type inspect match-all route
match access-group 100
when i made the actio in the policy for this class as drop only bgp droped !!!
then i added the bellow two line to the ACL but no luck
access-list 100 permit ip any host 224.0.0.5
access-list 100 permit ip any host 224.0.0.6
however when i add the bellow ACL as interfce ACL it block ospf
access-list 100 deny ospf any any
access-list 100 permit IP any any
any idea why ?