cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
649
Views
0
Helpful
2
Replies

ZBF firewall and GRC ShieldsUP!

MJB_Cisco
Level 1
Level 1

Hi,

I moved from a CBAC firewall to a ZBF firewall today on my 1841 and for some reason when I run GRC ShieldsUP it shows all ports as closed instead of stealth as it did with CBAC. Here is my config, can someone point me to what i'm doing wrong? Many thanks!

zone security Internet
zone security Untrusted
zone security Trusted

interface Dialer0
zone-member security Internet

interface FastEthernet0/0
zone-member security Trusted

interface FastEthernet0/1
zone-member security Untrusted

class-map type inspect match-any Trusted_Protocols
match protocol tcp
match protocol udp
match protocol icmp

class-map type inspect match-any Untrusted_Protocols
match protocol http
match protocol https
match protocol dns

policy-map type inspect Untrusted_to_Internet
class type inspect Untrusted_Protocols
inspect
class class-default
drop

policy-map type inspect Trusted_to_Internet
class type inspect Trusted_Protocols
inspect
class class-default
drop

zone-pair security Trusted->Internet source Trusted destination Internet
service-policy type inspect Trusted_to_Internet

zone-pair security Untrusted->Internet source Untrusted destination Internet
service-policy type inspect Untrusted_to_Internet

 

1 Accepted Solution

Accepted Solutions

Please see the link below it might help to solve the problem:-

https://forum.networklessons.com/t/zone-based-firewall-configuration-example/1024/51

#Rate if it helps

View solution in original post

2 Replies 2

MJB_Cisco
Level 1
Level 1

Hi all,

The solution was to add the following lines.

policy-map type inspect Internet_to_Self
class class-default
drop

zone-pair security Internet->Self source Internet destination self
service-policy type inspect Internet_to_Self

This question can be marked as answered.

Many thanks.

Please see the link below it might help to solve the problem:-

https://forum.networklessons.com/t/zone-based-firewall-configuration-example/1024/51

#Rate if it helps

Review Cisco Networking for a $25 gift card