cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5438
Views
4
Helpful
5
Replies

ISR 4331 Zone Firewall Setup

Brandon Rebbe
Level 1
Level 1

I am a telepresnce/CUCM person and i know enough about everything else to be dangerous.  I have some new ISR 4331 routers with the Security add on. These are going to be internet routers that i am using for my VCS and expressway CUCM infrastructure.  I am setting up some basic Private, public, DMZ zones on this.  

I am not the best with all the configurations and on my current setup i am using an ASA that allowed me to use the SDM for configuration.  Is there any type of GUI interface to setup the security config on these routers?

1 Accepted Solution

Accepted Solutions

Philip D'Ath
VIP Alumni
VIP Alumni

I don't believe there is a GUI option.  The closest would be Cisco Configuration Professional, but I don't believe it supports the 4000 series family yet.

http://www.cisco.com/c/en/us/products/cloud-systems-management/configuration-professional/index.html

If you are desperate you could try using by Cisco 897 series configuration wizard.  It doesn't do a DMZ, but does do a lot of everything else you want.

http://www.ifm.net.nz/cookbooks/890-isr-wizard.html

View solution in original post

5 Replies 5

Philip D'Ath
VIP Alumni
VIP Alumni

I don't believe there is a GUI option.  The closest would be Cisco Configuration Professional, but I don't believe it supports the 4000 series family yet.

http://www.cisco.com/c/en/us/products/cloud-systems-management/configuration-professional/index.html

If you are desperate you could try using by Cisco 897 series configuration wizard.  It doesn't do a DMZ, but does do a lot of everything else you want.

http://www.ifm.net.nz/cookbooks/890-isr-wizard.html

The Ifm page is great. Thanks!! 

I figured there would be no GUI so i guess no time like the present to learn CLI for this!

I have wizards written for a lot of things we do a lot, and make some of the more common ones available on line.

It makes for faster and cheaper deployments for customers when you can spit out repeatedly known to work configurations.  It also means it doesn't matter which one of our engineers does the job - all the devices will be very similarly configured. It makes fixing things and doing changes much faster.

If you have Prime or CSM already installed in your network, you could use these.  Other than that you would need to go with Philip's suggestions or configure it using the CLI

http://packetlife.net/blog/2012/jan/30/ios-zone-based-firewall/

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Ricky Sandhu
Level 3
Level 3

This reply is probably irrelevant now after 1 year but I had the hardest time switching over to the 4Ks.  I've spent years configuring ZBFW configuration on ISRG2s using CCP which sort of came back and bit me in the arse when 4Ks came around.  Had to "re-learn" CLI commands and the whole policy-framework, which turned out to be a good thing.  GUI is for the newbies, CLI is for the elite! 

Also like one of the other posters mentioned above, I created several configuration snippets that I use for various scenarios.  Haven't used the buggy CCP in a while. 

So for anyone reading this and hoping to get an answer about using GUI for 4Ks and other routers, give up your quest and learn CLI because CLI is King!

Review Cisco Networking for a $25 gift card