Marco, > On 29 Dec 2025, at 11:51, Marco Moock via cisco-nsp > <[email protected]> wrote: > > On 28.12.2025 16:34 Lukasz Bromirski wrote: > >> a) no, if it’s not there, it’s not supported in this code and I don’t >> believe it ever was; the last IOS on these boxes was built in >> November 2020 > > Ok, did that then include inspection of router-traffic or was that > never supported?
I'm not authoritative for this, my limited internal search turned nothing and command reference doesn't seem to show this as an option as well. So I'd guess the answer is "not". > I am thinking about moving to the zones, but as the other answers were, > it does not give me any benefit except that is is the "supported" way > on current platforms. Actually, it does. ZBFW has dedicated "self" zone that can be used to control traffic to and from the router itself: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html -- Łukasz Bromirski | "There's no sense in being precise when you don’t infosec.exchange/@mr0vka | know what you're talking about.” John von Neumann _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
