Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

877w Firewall to restrictive

Sorry if this is not the right forum.

I have attached a config for my cisco 877w which i have now setup and have most things working.

I followed the following website (http:// to harden the router but i think i have made it a bit to restrictive as i cannot download some PDF`s or Windows Updates.

Could someone have a look over the config and see where i have gone wrong.

I am not a cisco expert and am not sure where or how to troubleshoot the problem so any help would be much appreciated.

Many Thanks


Cisco Employee

877w Firewall to restrictive

Hi Gareth,

You can try removing HTTP and HTTPS inspection and see if this helps. The traffic will still be inspected at layer 4 through the TCP inspection.

Also, if the traffic is being fragmented into more than 2 packets, this line would need to be adjusted:

ip inspect name InOutCheck fragment maximum 2 timeout 1

Finally, keep in mind that with CBAC, you only need to inspect traffic in 1 direction (the initiating direction). The firewall will then build a stateful session and inspect the return traffic in the other direction automatically. Applying the inspections inbound and outbound on the same interface might be affecting your downloads as well.


CreatePlease to create content