07-01-2015 04:05 PM - edited 03-11-2019 11:12 PM
Hi
I have a Cisco 887 router up and running however it is currently wide open on the internet due to no access list or ZBF config.
I have tried to use CCP to configure the firewall which works fine however the default options in the wizard look messy and I want to build the rules from scratch.
Dialer0 set as WAN zone
VLAN1 set as LAN zone
Outbound policy map has a match class map called Outbound map with the usual, http, https, dns, included.
When I create the zone pair of LAN to WAN to use the policy the outbound rules work.
How can i now secure the router from the outside as when I ping the router's Dialer0 IP address it responds. I want to stop it from responding.using the ZBF.
Thanks
Mark
07-01-2015 04:56 PM
Hi,
You need to create a SELF zone and create a policy between WAN zone and SELF zone which denies all traffic. You control traffic to the router using the SELF zone.
Thanks
John
07-02-2015 05:37 AM
Hi John
Thanks for the point in direction. I will take another go at it following your advice.
Mark
07-03-2015 06:11 AM
Hi John
Thanks for the tip. It seemed to work when I set the self zone to use default class drop with WAN to self. I had to add another rule for self to wan to inspect tcp and udp as well but it all seems to work how I would like it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide