I've been carefully reading through the ZFW configuration guide. I
can understand easily how the inspect, drop or pass action determines
ingress and egress interface(s) based on the source and destination
zones. However, I'm struggling a bit with police. Police within ZFW
model is only applicable in conjunction with inspect. However, it
seems that a police action should have a direction associated with it.
Inspect is done on initial traffic, thus and a session is created.
At that point the Cisoc Policy Language that created the session sort
of moves out of the way. So my question is has anyone messed with
policing in ZFW? If so, does policing only happen in the direction of
egress with the source zone being the ingress and the destination zone
being the egress? No policing on return traffic? The inspect
certainly wouldn't apply to the return traffic. See my confusion...
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
