I got a Cisco 877W set up and have problems with the Firewall setup using Cisco Configuration Professional.
I am new to the security field so I decided to use CCP to configure the firewall. I would like to block all traffic from the internet and allow all traffic originating inside the LAN, I do not care which traffic is originating as I consider the LAN to be completely trusted.
After I configured the default template of Low Security my connection dropped dramatically, from a 10Mbps ADSL connection that I fully utilized, I started getting 150kbps just after I enabled the firewall.
I checked the router's CPU and it showed peaks of up to 87% (Usually was jumping around between 20%-87%).
I turned the firewall off since I need to use my connection, but am I missing something? How come my $20 D-Link router blocks incoming traffic from the internet and performs well while my pricey 877W can't run the firewall.
If I will drop the zone based firewall and go back to the classic one will it be better?
Thanks a lot!
choosing inspection rules is your choice depending what you need
for example you might or might not need ftp depending on whether it is active or passive
but definately http is not advisable becuase it will leed to slowing of traffic especially if you line has lot of out of order packets
as far as layer 7 inspections r concerned you will need them only if the server/client on the outside needs to open any ports
with cbac you are options are as such limited to basic inspection, so i think u can probably continue with just icmp, tcp and udp and if there is requirement you can use layer 7 inspection for ftp or voice or something like that
hope this answers your questions, if so i request you to mark this as answered for the benifit of the other users