ZBF firewall and GRC ShieldsUP!

MJB_Cisco — Tue, 12 Mar 2019 08:55:51 GMT

Hi,

I moved from a CBAC firewall to a ZBF firewall today on my 1841 and for some reason when I run GRC ShieldsUP it shows all ports as closed instead of stealth as it did with CBAC. Here is my config, can someone point me to what i'm doing wrong? Many thanks!

zone security Internet
zone security Untrusted
zone security Trusted

interface Dialer0
zone-member security Internet

interface FastEthernet0/0
zone-member security Trusted

interface FastEthernet0/1
zone-member security Untrusted

class-map type inspect match-any Trusted_Protocols
match protocol tcp
match protocol udp
match protocol icmp

class-map type inspect match-any Untrusted_Protocols
match protocol http
match protocol https
match protocol dns

policy-map type inspect Untrusted_to_Internet
class type inspect Untrusted_Protocols
inspect
class class-default
drop

policy-map type inspect Trusted_to_Internet
class type inspect Trusted_Protocols
inspect
class class-default
drop

zone-pair security Trusted->Internet source Trusted destination Internet
service-policy type inspect Trusted_to_Internet

zone-pair security Untrusted->Internet source Untrusted destination Internet
service-policy type inspect Untrusted_to_Internet

Hi all,

MJB_Cisco — Tue, 14 Feb 2017 20:11:27 GMT

Hi all,

The solution was to add the following lines.

policy-map type inspect Internet_to_Self
class class-default
drop

zone-pair security Internet->Self source Internet destination self
service-policy type inspect Internet_to_Self

This question can be marked as answered.

Many thanks.

Please see the link below it

Farhan Mohamed — Tue, 14 Feb 2017 22:13:29 GMT

Please see the link below it might help to solve the problem:-

https://forum.networklessons.com/t/zone-based-firewall-configuration-example/1024/51

#Rate if it helps

topic Hi all, in Network Security

ZBF firewall and GRC ShieldsUP!

Hi all,

Please see the link below it