Cisco Community
English
Register
The War in Ukraine - Supporting customers, partners and communities. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

178
Views
0
Helpful
3
Replies
markpj
Beginner
Beginner
‎07-01-2015 04:05 PM
‎07-01-2015 04:05 PM

ZBF driving me crazy!!!

Hi

 

I have a Cisco 887 router up and running however it is currently wide open on the internet due to no access list or ZBF config.

 

I have tried to use CCP to configure the firewall which works fine however the default options in the wizard look messy and I want to build the rules from scratch.

 

Dialer0 set as WAN zone

VLAN1 set as LAN zone

 

Outbound policy map has a match class map called Outbound map with the usual, http, https, dns, included.

 

When I create the zone pair of LAN to WAN to use the policy the outbound rules work.

 

How can i now secure the router from the outside as when I ping the router's Dialer0 IP address it responds. I want to stop it from responding.using the ZBF.

 

Thanks

 

Mark

 

 

Labels:
0 Helpful
3 REPLIES 3
johnd2310
Collaborator
Collaborator
‎07-01-2015 04:56 PM
‎07-01-2015 04:56 PM

Hi,

 

You need to create a SELF zone and create a policy between WAN zone and SELF zone which denies all traffic. You control traffic to the router using the SELF zone.

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful
markpj
Beginner
Beginner
In response to johnd2310
‎07-02-2015 05:37 AM
‎07-02-2015 05:37 AM

Hi John

 

Thanks for the point in direction. I will take another go at it following your advice.

 

Mark

0 Helpful
markpj
Beginner
Beginner
In response to johnd2310
‎07-03-2015 06:11 AM
‎07-03-2015 06:11 AM

Hi John

 

Thanks for the tip. It seemed to work when I set the self zone to use default class drop with WAN to self. I had to add another rule for self to wan to inspect tcp and udp as well but it all seems to work how I would like it.

0 Helpful
Latest Contents
Cisco ISE Integration With F5 BIG-IP LTM Load Balancer for G...
Created by Meddane on 05-15-2022 02:24 AM
0
0
0
0
I shared with you this detailed document I created with 27 pages about Cisco ISE Integration With F5 BIG-IP Locar Traffic Manager LTM Load Balancer for Guest Acces.   The method used for Guest Access is the Self-Registration. Healt Monitor using HTTP... view more
Cisco ASA 9.714 version SNMP not working in EVE-NG LAB Envir...
Created by waqas.muhammad49 on 05-10-2022 06:56 AM
0
0
0
0
I created an IPSEC Site to site Tunnel between two ASA Firewalls in EVE-NG topology and i want to plot the IPSEC Site to Site VPN graph on PRTG ? The SNMP Walk command is not getting any output . As the firewall is making SNMP inbound connections with the... view more
ISE Integration with Eduroam External Server
Created by deepuvarghese1 on 05-09-2022 08:31 PM
3
20
3
20
The purpose of this document is to demonstrate how ISE can integrate with an eduroam external server which is a WI-Fi roaming service that provides international access to devices in education, research, and higher education. Students, teachers, and resea... view more
SSL Decryption with Decrypt-Resign On Cisco FTD In-depth lec...
Created by Meddane on 05-05-2022 04:44 AM
0
0
0
0
On Cisco Firepower Threat Defense there are two ways to do SSL Decryption (two actions in the SSL Policy).Decrypt-Resign: for outbound connection (from an inside PC to an external server).Decrypt-Known-Key: for inbound connection (from an external PC to y... view more
Stop ransomware and zero-day threats with Cisco Secure Endpo...
Created by Sohaib Ahmed on 04-26-2022 05:24 PM
0
5
0
5
Cisco Secure Endpoint offers several protection engines which fight against threats like ransomware and zero-day. Are you an admin looking for protection on a short to mid-term basis or beginning to roll out protection across your organisation? The best p... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad