Is it possible to turn off even layer 4 inspection for a traffic flow?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Is it possible to turn off even layer 4 inspection for a traffic flow?

L2 Linker

I had a request to turn off not only layer 7 inspection (which I understand can be done with an application override)

but to turn off all inspection such that the flow only NATs? 

1 accepted solution

Accepted Solutions

  1. Create an any-any application override policy
  2. Create an any-any-allow security policy without adding any profiles
  3. Do not add any zone protection profiles to the zones
  4. Create your required NAT policy
  5. Have fun with your pretty expensive NAT router 😉

View solution in original post

6 REPLIES 6

Cyber Elite
Cyber Elite

Hello,

Do you mean only allow traffic by ports?

 

Please advise,

I mean to allow the traffic to be NATted but don't inspect the traffic at layer 4 say for proper sequencing and other typical layer 4 inspection. It's something I was requested to do and will likely not do. But I want to know if you even wanted to do it could you make a specific traffic like pass through like a router with NAT?

Hello,

I suppose you could by not adding any of hte security policies to the policy you have that allows the traffic. However I would not recommend it for security reasons.

 

image.png

 

Hope that helps.

  1. Create an any-any application override policy
  2. Create an any-any-allow security policy without adding any profiles
  3. Do not add any zone protection profiles to the zones
  4. Create your required NAT policy
  5. Have fun with your pretty expensive NAT router 😉

Hey - don't rub it in. 

 

🙂

 

Thanks.

And after all that - we tested at another time with another machine and got smooth live video via the PAN. 

So it's looking like it could be an issue of non-guaranteed interwebs or local machine or who knows what.

But our infrastructure is way over built so it's not saturation and now not likely the PAN. So no need for

the costly NAT router. Woot.

  • 1 accepted solution
  • 3614 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!