internet router configuration

Unanswered Question
Dec 3rd, 2007

hi pro's,

This is my internet router configuration which is directly connected to internet and other interface is connected to firewall .is this configuration sufficient enough against any attacks.

please review this and post your suggestions.

best regards


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Jon Marshall Mon, 12/03/2007 - 00:15


1) access-list "Fortigate" is not applied to any interface. If it is meant to be applied to the outside interface not such a good idea. Routers should route rather than do the function of a firewall although there is some basic filtering you can do (see 3).

2) You don't show the config for vty access but you should lock it down to who can access and if possible use ssh only.

3) Make sure you have done the standard router hardening eg. turn off small-services, no ip directed-broadcast etc.

4) You can do some basic filtering for networks in an access-list on the outside interface eg RFC 1918 address space filtering. Attached is a link for more details.



csc010854800 Mon, 12/03/2007 - 00:30


Thnx for the reply.

i don't have my routers and switches in any domain.and for SSH that is the first requirement, can i put my routers and switches in domain one by one without disturbing my network.


This Discussion