Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1036
Views
0
Helpful
5
Replies

Changing from ZBF back to the old style firewall

grunger106
Level 1
Level 1

‎09-30-2011 10:37 AM - edited ‎03-11-2019 02:32 PM

Hi

I have an 887, I'm having trouble wrapping my head around the ZBF.

I would like to change it to the old style firewall, but using the CCP it says I must delete the ZBF policys first - fair enough, I deleted all the rules so the firewall looks blank, but it still doesn't want to let me change the firewall mode - saying I must remove all the policies first...

What am I doing wrong? I'd prefer no to have to reset the router and start over....

Thanks

Labels:
0 Helpful
5 Replies 5

cadet alain
VIP Alumni
VIP Alumni

‎09-30-2011 11:15 AM

Hi,

to configure CBAC just remove the interfce from zones with the command:

interface x/x

no zone sec

to see the zone name to which interface belongs just type show run int x/x

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

grunger106
Level 1
Level 1
In response to cadet alain

‎10-01-2011 11:51 PM

Thanks for your help!

Should I remove all the rules, zone pairs etc first?

I presume I'd need to do this on both the dialer and vlan1 interfaces?

Do you know how to do this via CCP? I'm still learning the terminal....

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to grunger106

‎10-02-2011 03:07 AM

Hi,

I can only help you with the CLI as I rarely use GUIs to configure.

You just need to remove the interfaces from the zones to be able to configure CBAC on them.

But to get a clean config and get rid of self zone policies just do a show run to get the config and delete

class-maps , policy-maps, zones and service-policies by prepending them with a no.

eg: class-map type inspect TEST ----> no class-map type inspect TEST.

if you've got a problem just post your show run then i'll post back the commands to enter to get rid of all zbf config.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

ilwadhi.r
Level 1
Level 1
In response to cadet alain

‎10-02-2011 12:52 PM

Hey

Just a word of caution,  make sure you remove zone from all interfaces at the same time,Else it may bring down your network, Also make sure you do it in an appropriate down time.

check all interface and remove zone from them in a single go.

To Check interface  run

Sh run | beg interface

Find out interfaces on which a zone is applied

Remove Zones from all the interfaces in a single go

interface x/x

no zone sec

!

interface y/y

no zone sec

!

HTH

Rahul


0 Helpful

grunger106
Level 1
Level 1
In response to ilwadhi.r

‎10-03-2011 01:10 PM

GRE now passing perfectly over CBAC...

And I'll need to be learning IOS and then ZBF then!

Thank you both

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card