02-14-2017 12:37 AM - edited 03-12-2019 01:55 AM
Hi,
I moved from a CBAC firewall to a ZBF firewall today on my 1841 and for some reason when I run GRC ShieldsUP it shows all ports as closed instead of stealth as it did with CBAC. Here is my config, can someone point me to what i'm doing wrong? Many thanks!
zone security Internet
zone security Untrusted
zone security Trusted
interface Dialer0
zone-member security Internet
interface FastEthernet0/0
zone-member security Trusted
interface FastEthernet0/1
zone-member security Untrusted
class-map type inspect match-any Trusted_Protocols
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-any Untrusted_Protocols
match protocol http
match protocol https
match protocol dns
policy-map type inspect Untrusted_to_Internet
class type inspect Untrusted_Protocols
inspect
class class-default
drop
policy-map type inspect Trusted_to_Internet
class type inspect Trusted_Protocols
inspect
class class-default
drop
zone-pair security Trusted->Internet source Trusted destination Internet
service-policy type inspect Trusted_to_Internet
zone-pair security Untrusted->Internet source Untrusted destination Internet
service-policy type inspect Untrusted_to_Internet
Solved! Go to Solution.
02-14-2017 02:13 PM
Please see the link below it might help to solve the problem:-
https://forum.networklessons.com/t/zone-based-firewall-configuration-example/1024/51
#Rate if it helps
02-14-2017 12:11 PM
Hi all,
The solution was to add the following lines.
policy-map type inspect Internet_to_Self
class class-default
drop
zone-pair security Internet->Self source Internet destination self
service-policy type inspect Internet_to_Self
This question can be marked as answered.
Many thanks.
02-14-2017 02:13 PM
Please see the link below it might help to solve the problem:-
https://forum.networklessons.com/t/zone-based-firewall-configuration-example/1024/51
#Rate if it helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide