10-12-2019 07:56 AM
Hi All,
We have a Cisco 1941 running IOS 15.5M and the Zone Based Firewall with inspect rules.
I need to de-configure zone-based firewall completely off the router.
Unfortunately I have only remote connectivity.
What is the best way to do this?
Does anyone have any suggestions?
Solved! Go to Solution.
10-12-2019 02:36 PM
I have not been able to find any documentation that says the platform inspect disable-all command is supported on the IOS15.5M.
However, by default all traffic to the router itself is allowed. So, if you do not have any policies that go to the "self" zone, you should not lose connectivity.
If you do have policies that go to the self zone, then I would suggest leaving those for last, before you remove them set a reload in 6 so that if you do lose connectivity the router will reload and your changes will be set back and you wont have to go onsite or have someone go onsite for console access.
10-12-2019 08:02 AM
Hi All,
Just to clarify, I notice in IOS-XE there is the command 'platform inspect disable-all 'command
Is there the equivalent in IOS 15.5M?
After removing ACLs from interfaces, is there a better way if it doesn't exist?
10-12-2019 02:36 PM
I have not been able to find any documentation that says the platform inspect disable-all command is supported on the IOS15.5M.
However, by default all traffic to the router itself is allowed. So, if you do not have any policies that go to the "self" zone, you should not lose connectivity.
If you do have policies that go to the self zone, then I would suggest leaving those for last, before you remove them set a reload in 6 so that if you do lose connectivity the router will reload and your changes will be set back and you wont have to go onsite or have someone go onsite for console access.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide