mocah
join:2003-04-11
Slovenia | [HELP] ZBF and shared folder (windows)Hello all,
I have two VLAN's on router and VLAN's are in different ZBF zones. From VLAN 2 I would like to allow access to shared folder on computer which is in VLAN1. I have configured following in ZBF:
class-map type inspect match-all cifs-cmap
match protocol cifs
policy-map type inspect cifs-pmap
class type inspect cifs-cmap
inspect
class class-default
drop
zone-pair security AP2LAN source AP destination LAN
service-policy type inspect cifs-pmap
Firewall is still blocking access to computer. Does anybody knows what to add to configuration file?
Thank you and kind regards, M |
|
1 edit | I am guessing you will need to add some other protocols besides cifs, though i am not sure what all that would be off hand (netbios ports like 135, 139, and other possibily)
As long as you dont have tons of other traffic going on to fill up the log, change the drop of the class default to drop log, and try to access a share and see what packes get dropped. |
|
1 edit | reply to mocah
Ports 135 (WINS), 137 (Name), 138 (Datagram), 139 (Session) and 445 (Shares / SMB) if I remember right.
Regards |
|
|
|
mocah
join:2003-04-11
Slovenia | reply to mocah
thank you both. It is working :)
Following config:
ip access-list extended port135
permit tcp any any eq 135
class-map type inspect match-any CIFS-cmap
match protocol cifs
match access-group name port135
match protocol netbios-dgm
match protocol netbios-ns
match protocol netbios-ssn
policy-map type inspect cifs-pmap
class type inspect CIFS-cmap
inspect
class class-default
drop
|
|
