Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

877w Firewall to restrictive

Sorry if this is not the right forum.

I have attached a config for my cisco 877w which i have now setup and have most things working.

I followed the following website (http://http://www.sans.org/reading_room/whitepapers/firewalls/secure-configuration-cisco-837-adsl-firewall-router_1194) to harden the router but i think i have made it a bit to restrictive as i cannot download some PDF`s or Windows Updates.

Could someone have a look over the config and see where i have gone wrong.

I am not a cisco expert and am not sure where or how to troubleshoot the problem so any help would be much appreciated.

Many Thanks

     Gareth

1 REPLY
Cisco Employee

877w Firewall to restrictive

Hi Gareth,

You can try removing HTTP and HTTPS inspection and see if this helps. The traffic will still be inspected at layer 4 through the TCP inspection.

Also, if the traffic is being fragmented into more than 2 packets, this line would need to be adjusted:

ip inspect name InOutCheck fragment maximum 2 timeout 1

Finally, keep in mind that with CBAC, you only need to inspect traffic in 1 direction (the initiating direction). The firewall will then build a stateful session and inspect the return traffic in the other direction automatically. Applying the inspections inbound and outbound on the same interface might be affecting your downloads as well.

-Mike

200
Views
0
Helpful
1
Replies
CreatePlease to create content