×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Does a 1811 Router have an internal firewall?

Answered Question
Oct 15th, 2010
User Badges:

Here's the situation, my network has a Cisco 1811 router. This network is going to be mostly used for remote field operators to VPN into the system (via SSL vpn) and once they have established a VPN cnnection they will use a remote desktop protocol (VNC) to remote into a computer where they can access a porgram that was custom built for thier work. The workers and management are concerned about the field operators getting a virus on thier computer and it spreading to the main computer. The main computer dosen't have any antivirus programs on it as those tend to conflict with the custom built program. So they want a firewall on the internal network that will have all the ports blocked except a few non standard ports for the remote desktop program. That way if the field operators do get a virus then they won't spread it to the main computer once they are inside the VPN. 

Correct Answer by Marcin Latosiewicz about 6 years 10 months ago

CBAC is quite simple.


You define a set of protocols you want to inspect and apply it on an interface (best practive - outbound on the WAN interface)

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_content_ac_ps6441_TSD_Products_Configuration_Guide_Chapter.html



ZBF is much more powerful but MUCH more complicated:

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_zone_polcy_firew_ps6441_TSD_Products_Configuration_Guide_Chapter.html


Marcin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
Loading.
Marcin Latosiewicz Fri, 10/15/2010 - 09:38
User Badges:
  • Cisco Employee,

You should have CBAC and ZBF which are your two variations of stateful firewall on IOS.


It does a bit of layer 7 inspection but I would not consider it a 100% fool-proof way to stop viruses :-)


Marcin

Correct Answer
Marcin Latosiewicz Fri, 10/15/2010 - 09:46
User Badges:
  • Cisco Employee,

CBAC is quite simple.


You define a set of protocols you want to inspect and apply it on an interface (best practive - outbound on the WAN interface)

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_content_ac_ps6441_TSD_Products_Configuration_Guide_Chapter.html



ZBF is much more powerful but MUCH more complicated:

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_zone_polcy_firew_ps6441_TSD_Products_Configuration_Guide_Chapter.html


Marcin

jsandau@mpe.ca Fri, 10/15/2010 - 09:48
User Badges:

Thanks, those links are very helpful. I should be able to set it up using the links as guides.

Rudresh V Fri, 10/15/2010 - 09:46
User Badges:
  • Cisco Employee,

Hi,


Yes you can configure 1811 router for firewall features. You can use application inspection,Transparent, Stateful firewall, URL filtering, Intrusion prevention system, and more features. You may choose to use these features as per your requirement.


Here is the link confirming the firewall and security features of 1811 router:

http://www.cisco.com/en/US/prod/collateral/routers/ps5853/ps6184/product_data_sheet0900aecd8028a95f_ps5853_Products_Data_Sheet.html


Here is the link to configure basic Firewall feature:

http://www.cisco.com/en/US/docs/routers/access/1800/1801/software/configuration/guide/secconf.html


Here is the link to conifure more security features. You may configure as per your requirement:

http://www.cisco.com/en/US/docs/routers/access/1800/1801/software/configuration/guide/secconf.html


Let me know if this helps,


Cheers,

Rudresh V

Actions

This Discussion