11-30-2011 06:11 PM - edited 03-11-2019 02:57 PM
Hello all,
I'm very very new to cisco IOS and could use assistance/enlightenment with it and how it works.
In comparing the 891 (IOS 15.1) firewalling/security features to that of the small business routers, how does one go about setting up the same basic firewall attributes?
with the small business line, you have simple "enable/disable: SPI, DOS, Block WAN request, etc..."
how do you go about enabling those same simple things in this router, in particular the "Block WAN request"?
before i go getting really granular with the security, i'd like it so that if the ISP pings me, they don't get a response, and same with anyone who pings me for that matter..
Thanks in advance!
-Jeff
11-30-2011 08:16 PM
Well, It is really complicated to say "Basic security". There are 2 types of Firewall that you can configure using IOS, one is CBAC and the other one (little bit more complicated) called Zone based firewall. First you need to know what services are permitted from inside to outside and from outside to inside and so on....
Here are a couple of documents that may help you to sort this out,
Cbac
www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a0080094e8b.shtml
Zone based
http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a008060f6dd.html
If you put what services you need to allow for both directions, I may be able to give you some config so you can check it and apply it to your routers.
Mike
12-02-2011 07:43 PM
Hey Mike,
Thanks for the response!
I'm sorry to say but I'm very very novice with cisco and while i sorta get the point of cbac and zone based firewalls, i don't know enough at the moment to get really granular with them.
I have an 891 router which i need to put into service at home because I'm changing service providers and the new one will need the gigabit wan port.
currently i have a simple rv042 v3 router for firewall duties. I have dhcp on it disabled because my switch (SG300) handles everything on the vlan side of things. so as i said, the router just handles firewalling, thats it..
on the RV042, the only firewall services that are active are: SPI, DoS, and Block WAN Request.
I just want to enable those same simple things on the 891. I figure SPI will be more involved, and i see the documentation on it is out there to follow, but i haven't seen anything on "Block WAN Request" specifically.
I basically (for starters) just want to have it so that if someone pings the wan ip address from outside, i don't want it to respond.
I don't need anything absolutely crazy, i just want to have the same basic, simple firewalling that the RV042 does, on my 891.
Hope that explains things better.
Thanks for your time!
-Jeff
12-02-2011 07:58 PM
heres a bit of additional info to clear things up.
the following are the firewall settings on my RV042:
I haven't added any of my own access rules to the rv042, and i disabled DMZ and the 2nd WAN port because I have no use for them.
it's all really simple and it's just what i need at the moment.
I hope this further clarifies what I'm looking for.
Thanks again!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide