Posted by: Joshua Wood
Cisco, Firewall, Logging, ZFW
Hi all, so last post I noted how to create a basic implementation of the Cisco ZFW. The ZFW is Cisco’s newest IOS or router based firewall. It has many benefits over the older CBAC implementation but the biggest one is that Cisco is going to be doing away with their support for CBAC. But what about logging in the ZFW? How would you enable that? Well, it is very straight forward. In the previous post that I wrote titled “Cisco ZFW Config Example” I gave you part of the configuration.
In the previous post all of the lines that had “inspect” on them also had the line “FW-LOG” on them. Well that was 50% of the work and if you already have those your config then this is going to be really easy. You simply add the lines below to the router in global configuration mode.
parameter-map type inspect FW-LOG
Yep that’s it. Well, you also have to have logging turned on (logging buffered 4096 in case you need to know) and you have view the firewall log by using the command “show log”. There will be more than your firewall events in that log but at those can be filtered out.
Until next time,