Apr 30 2012   1:58PM GMT

Cisco ZFW Logging

Joshua Wood Joshua Wood Profile: Joshua Wood

Hi all, so last post I noted how to create a basic implementation of the Cisco ZFW. The ZFW is Cisco’s newest IOS or router based firewall. It has many benefits over the older CBAC implementation but the biggest one is that Cisco is going to be doing away with their support for CBAC. But what about logging in the ZFW? How would you enable that? Well, it is very straight forward. In the previous post that I wrote titled “Cisco ZFW Config Example” I gave you part of the configuration.

In the previous post all of the lines that had “inspect” on them also had the line “FW-LOG” on them. Well that was 50% of the work and if you already have those your config then this is going to be really easy. You simply add the lines below to the router in global configuration mode.

parameter-map type inspect FW-LOG
audit-trail on

Yep that’s it. Well, you also have to have logging turned on (logging buffered 4096 in case you need to know) and you have view the firewall log by using the command “show log”. There will be more than your firewall events in that log but at those can be filtered out.

Until next time,
TechStop (JW)

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Joshua Wood
    According to Cisco the "ZFW can provide basic stateful inspection to permit or deny the traffic, as well as granular Layer 7 ..." Where are you getting the information that it doesn't provide stateful inspection?
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: