Home > IT Blogs > TechStop > Cisco ZFW Logging
>>VIEW ALL POSTS  

TechStop

«
»
Apr 30 2012   1:58PM GMT

Cisco ZFW Logging



Posted by: Joshua Wood
Cisco, Firewall, Logging, ZFW

Hi all, so last post I noted how to create a basic implementation of the Cisco ZFW. The ZFW is Cisco’s newest IOS or router based firewall. It has many benefits over the older CBAC implementation but the biggest one is that Cisco is going to be doing away with their support for CBAC. But what about logging in the ZFW? How would you enable that? Well, it is very straight forward. In the previous post that I wrote titled “Cisco ZFW Config Example” I gave you part of the configuration.

In the previous post all of the lines that had “inspect” on them also had the line “FW-LOG” on them. Well that was 50% of the work and if you already have those your config then this is going to be really easy. You simply add the lines below to the router in global configuration mode.

parameter-map type inspect FW-LOG
audit-trail on

Yep that’s it. Well, you also have to have logging turned on (logging buffered 4096 in case you need to know) and you have view the firewall log by using the command “show log”. There will be more than your firewall events in that log but at those can be filtered out.

Until next time,
TechStop (JW)

  Bookmark and Share     Comment     RSS Feed     Email a friend

Comment on this Post

Leave a comment:

Robert925  |   Apr 30, 2012  4:42 PM (GMT)

Neither Cisco IOS ZFW or Classic Firewall include stateful inspection ….. ZFW offers logging options for traffic that is dropped or inspected [A href="http://www.lionleaf.com"]Connecticut Web Design[/A]


 

Joshua Wood  |   Apr 30, 2012  4:50 PM (GMT)

According to Cisco the “ZFW can provide basic stateful inspection to permit or deny the traffic, as well as granular Layer 7 …” Where are you getting the information that it doesn’t provide stateful inspection?