Solved: Of course you can. I wouldn

marcio.tormente · ‎03-03-2016

Hello friends,

I installed a 2911 router with IOS firewall in a very small office, they don´t know nothing about IT, and now I have to configure the firewall feature to protect they network, but I never did it before and I have no idea what is the best practice to configure this feature to protect they network for the main problems.

I made the configuration using ip inspect:

ip inspect name FWOUT tcp
ip inspect name FWOUT udp
ip inspect name FWOUT http
ip inspect name FWOUT https
ip inspect name FWOUT smtp
ip inspect name FWOUT dns
ip inspect name FWOUT icmp
ip inspect name FWOUT ssh

Anyone knows what do I have to configure?

Thanks

Marcio

Philip D'Ath · ‎03-03-2016

I have a configuration wizard for doing these configurations for Cisco 897 routers. It will be substantially the same on the 2911. I would start that that.

http://www.ifm.net.nz/cookbooks/890-isr-wizard.html

View solution in original post

Philip D'Ath · ‎03-03-2016

I have a configuration wizard for doing these configurations for Cisco 897 routers. It will be substantially the same on the 2911. I would start that that.

http://www.ifm.net.nz/cookbooks/890-isr-wizard.html

marcio.tormente · ‎03-03-2016

Hello Philip,

Thanks for this link, is very good, is possible to configure many things that I need.

My router is alredy configured as voice gw, have two ADSL links and others things, I will see your script and split to use only the security part.

If you don't mind I wold like to send this page to some friends that have low level in Cisco.

Thanks

Philip D'Ath · ‎03-03-2016

Of course you can. I wouldn't have put it on the public Internet otherwise. :-)

You might like some of the other cookbook recipes I have written.

http://www.ifm.net.nz/cookbooks/

If you this this has been helpful it would be great if you could rate and mark as the answer.

IOS Firewall best practice