Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1346
Views
5
Helpful
4
Replies

Best way to deploy ISO firewall feature

Go to solution
ciscobigcat
Level 1
Level 1

‎02-14-2012 07:44 PM - edited ‎03-11-2019 03:29 PM

What is the best way to deploy the IOS firewall feature?

I have a Cisco 1841 router running 12.4. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rizwanr74
Level 7
Level 7

‎02-16-2012 12:44 PM

Well, if you have featured licensed on your router for ZoneBase firewall then stick with Zone Base, which is more flexible, if there ZoneBase Firewall is not licensed then stick with CBAC.

Hope that answers your question.

Thanks

Rizwan Rafeek

View solution in original post

4 Replies 4

Go to solution
rizwanr74
Level 7
Level 7

‎02-16-2012 12:44 PM

Well, if you have featured licensed on your router for ZoneBase firewall then stick with Zone Base, which is more flexible, if there ZoneBase Firewall is not licensed then stick with CBAC.

Hope that answers your question.

Thanks

Rizwan Rafeek

Go to solution
ciscobigcat
Level 1
Level 1
In response to rizwanr74

‎02-16-2012 06:46 PM

Well, I think on the 12.4 versions on those 1841s, so can really enable any of those features as long as you have the enterprise IOS version right?  and I also believe that there is no license per se on these platforms.

For the new 15 versions I believe you do need the respective licenses to have certain features.

Please confirm.

Now, with regards to those 2 features, are they 2 totally different features? and if so, what is the difference?

What I am trying to accomplish here is simply make an 1841 running 12.4 enterprise behave like a real full stateful inspection engine (firewall). I know that the router CPU is gonna be taxed a bit, but I really needed and the load is not that heavy on this environment.

I also have another environment with a 2911 router and we purchased the IOS Firewall feature license. This license enabled us to activate the IP Inspect commands. What is this called? I thought it was only called IOS Firewall feature.

thank you

0 Helpful

Go to solution
rizwanr74
Level 7
Level 7
In response to ciscobigcat

‎02-16-2012 08:18 PM

"What is this called? I thought it was only called IOS Firewall feature."

Yes there is feature called IOS firewall but nobody use it because it is not so flexialbe with applications.

So, best bet is CBAC or Zone Firewall.

thanks

Rizwan Rafeek

0 Helpful

Go to solution
ciscobigcat
Level 1
Level 1
In response to rizwanr74

‎02-17-2012 09:09 PM

The "IOS Firewall Feature" is the one that you enable with the IP Inspect command and then apply it to an interface?

And are CBAC and Zone Firewall two different things or are they the same thing?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card