Solved: Re: Does a 1811 Router have an internal firewall?

jsandau · ‎10-15-2010

Here's the situation, my network has a Cisco 1811 router. This network is going to be mostly used for remote field operators to VPN into the system (via SSL vpn) and once they have established a VPN cnnection they will use a remote desktop protocol (VNC) to remote into a computer where they can access a porgram that was custom built for thier work. The workers and management are concerned about the field operators getting a virus on thier computer and it spreading to the main computer. The main computer dosen't have any antivirus programs on it as those tend to conflict with the custom built program. So they want a firewall on the internal network that will have all the ports blocked except a few non standard ports for the remote desktop program. That way if the field operators do get a virus then they won't spread it to the main computer once they are inside the VPN.

Marcin Latosiewicz · ‎10-15-2010

CBAC is quite simple.

You define a set of protocols you want to inspect and apply it on an interface (best practive - outbound on the WAN interface)

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_content_ac_ps6441_TSD_Products_Configuration_Guide_Chapter.html

ZBF is much more powerful but MUCH more complicated:

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_zone_polcy_firew_ps6441_TSD_Products_Configuration_Guide_Chapter.html

Marcin

View solution in original post

Marcin Latosiewicz · ‎10-15-2010

You should have CBAC and ZBF which are your two variations of stateful firewall on IOS.

It does a bit of layer 7 inspection but I would not consider it a 100% fool-proof way to stop viruses :-)

Marcin

jsandau · ‎10-15-2010

Ok Thanks. Now I just have to figure out how to configure them.

Marcin Latosiewicz · ‎10-15-2010

CBAC is quite simple.

You define a set of protocols you want to inspect and apply it on an interface (best practive - outbound on the WAN interface)

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_content_ac_ps6441_TSD_Products_Configuration_Guide_Chapter.html

ZBF is much more powerful but MUCH more complicated:

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_zone_polcy_firew_ps6441_TSD_Products_Configuration_Guide_Chapter.html

Marcin

jsandau · ‎10-15-2010

Thanks, those links are very helpful. I should be able to set it up using the links as guides.

Rudresh Veerappaji · ‎10-15-2010

Hi,

Yes you can configure 1811 router for firewall features. You can use application inspection,Transparent, Stateful firewall, URL filtering, Intrusion prevention system, and more features. You may choose to use these features as per your requirement.

Here is the link confirming the firewall and security features of 1811 router:

http://www.cisco.com/en/US/prod/collateral/routers/ps5853/ps6184/product_data_sheet0900aecd8028a95f_ps5853_Products_Data_Sheet.html

Here is the link to configure basic Firewall feature:

http://www.cisco.com/en/US/docs/routers/access/1800/1801/software/configuration/guide/secconf.html

Here is the link to conifure more security features. You may configure as per your requirement:

http://www.cisco.com/en/US/docs/routers/access/1800/1801/software/configuration/guide/secconf.html

Let me know if this helps,

Cheers,

Rudresh V