Hey Guys,
I'm studying for my CCNA security and I'm trying to get down zone based firewall, probably a little more in-depth that I need too, but it helps to really know what's going on, and the section where I have questions about I believe applies deeper then just firewall configuration.
Right now I'm trying to create zone based firewall rules from scratch, not using the gui. I get to a point where I want to make a class map. This class map will essentially be used to permit ICMP packets in from the outside. Now when I got and create my ACL identifying traffic from the outside, should my ACL contain ICMP as a protocol type? Because I also see that you specify the protocol type when you create the policy map in the next step...
Basically if I'm going to use an ACL for a class_map and eventually a policy map - should the TYPE of traffic ever be specified in that ACL - or should I really just leave it for identifying the networks which the traffic is expected from?
Thanks.