Marco, First of all, you should move to ZBFW from CBAC, CBAC is deprecated.
Yes, that's expected behavior, CBAC inspect rule opens up channels in any of the other interfaces if the session is allowed to be established. You have to check ingress traffic using ACL *before* it creates state via inspect engine to stop it from allowing traffic to go through. -- Ćukasz Bromirski CCIE R&S/SP #15929, CCDE #2012::17, PGP Key ID: 0xFD077F6A _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
