Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
430
Views
0
Helpful
1
Replies

877w Firewall to restrictive

Ga22at1709
Level 1
Level 1

‎03-14-2012 05:39 AM - edited ‎03-11-2019 03:42 PM

Sorry if this is not the right forum.

I have attached a config for my cisco 877w which i have now setup and have most things working.

I followed the following website (http://http://www.sans.org/reading_room/whitepapers/firewalls/secure-configuration-cisco-837-adsl-firewall-router_1194) to harden the router but i think i have made it a bit to restrictive as i cannot download some PDF`s or Windows Updates.

Could someone have a look over the config and see where i have gone wrong.

I am not a cisco expert and am not sure where or how to troubleshoot the problem so any help would be much appreciated.

Many Thanks

     Gareth

Labels:
Preview file
11 KB
0 Helpful
1 Reply 1

mirober2
Cisco Employee
Cisco Employee

‎03-23-2012 08:12 AM

Hi Gareth,

You can try removing HTTP and HTTPS inspection and see if this helps. The traffic will still be inspected at layer 4 through the TCP inspection.

Also, if the traffic is being fragmented into more than 2 packets, this line would need to be adjusted:

ip inspect name InOutCheck fragment maximum 2 timeout 1

Finally, keep in mind that with CBAC, you only need to inspect traffic in 1 direction (the initiating direction). The firewall will then build a stateful session and inspect the return traffic in the other direction automatically. Applying the inspections inbound and outbound on the same interface might be affecting your downloads as well.

-Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card