cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

178
Views
0
Helpful
3
Replies
markpj
Beginner

ZBF driving me crazy!!!

Hi

 

I have a Cisco 887 router up and running however it is currently wide open on the internet due to no access list or ZBF config.

 

I have tried to use CCP to configure the firewall which works fine however the default options in the wizard look messy and I want to build the rules from scratch.

 

Dialer0 set as WAN zone

VLAN1 set as LAN zone

 

Outbound policy map has a match class map called Outbound map with the usual, http, https, dns, included.

 

When I create the zone pair of LAN to WAN to use the policy the outbound rules work.

 

How can i now secure the router from the outside as when I ping the router's Dialer0 IP address it responds. I want to stop it from responding.using the ZBF.

 

Thanks

 

Mark

 

 

3 REPLIES 3
johnd2310
Collaborator

Hi,

 

You need to create a SELF zone and create a policy between WAN zone and SELF zone which denies all traffic. You control traffic to the router using the SELF zone.

 

Thanks

John

**Please rate posts you find helpful**

Hi John

 

Thanks for the point in direction. I will take another go at it following your advice.

 

Mark

Hi John

 

Thanks for the tip. It seemed to work when I set the self zone to use default class drop with WAN to self. I had to add another rule for self to wan to inspect tcp and udp as well but it all seems to work how I would like it.

Create
Recognize Your Peers
Content for Community-Ad