Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
381
Views
0
Helpful
2
Replies

Firewall Rule Building

b_harvey92
Level 1
Level 1

‎10-04-2016 06:37 AM - edited ‎03-12-2019 01:21 AM

Hi All,

I have a task to create some rules for a Firewall that is in production and currently does not have any rules on the Firewall.

I've managed to look onto the Firewall and see the top protocols going through the Firewall and generic protocols being used, eg: HTTP/HTTPS. But I wondered if anyone had any tips as to a way to build rules and to not end up blocking any traffic!

Thanks in advance!

Ben

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-05-2016 04:24 AM

I've used Netflow to export all the flows and used analysis of that data set as a basis to create rules.

You can use a free flow collector/analyzer like ntop or a trial version of one of the commercial ones like SolarWinds NTA, ManageEngine or PRTG's free version.

0 Helpful

Pulkit Saxena
Cisco Employee
Cisco Employee

‎10-05-2016 05:03 AM

Ben,

I think this pretty much required manual effort, since we need to ensure that we do not block legitimate traffic. "show conn detail" output can help from the device to provide top talkers but again even those who are making less connections can be legitimate.

I think, from "inside" to "outside", you are going to allow most of the traffic, care needs to be taken from "outside" to "inside" where you will be allowing access to only your public facing servers, corresponding to NAT statements.

Regards,

Pulkit

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card