Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Firewall config for UC520

What do you all think of this as part of my firewall config?  Should I do anything different to be as secure as possible.  I have changed my external IP's to mostly 'x's' to protect my company.  There are multiple IP addresses on the Fa0/0 interface.

ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.83.51 443 x.x.x.9 443 route-map FIREMAP extendable
ip nat inside source static udp 192.168.83.51 123 x.x.x.1 123 route-map FIREMAP extendable
ip nat inside source static tcp 192.168.83.58 8080 x.x.x.1 8080 route-map FIREMAP extendable
ip nat inside source static tcp 192.168.83.57 21 x.x.x.2 21 route-map FIREMAP extendable
ip nat inside source static tcp 192.168.83.57 80 x.x.x.2 80 route-map FIREMAP extendable
ip nat inside source static tcp 192.168.83.57 443 x.x.x.2 443 route-map FIREMAP extendable

route-map FIREMAP permit 1
match ip address 151

ACL 151
10 permit udp any host x.x.x.1 eq ntp
20 permit tcp any host x.x.x.1 eq 8080
30 permit tcp any host x.x.x.2 eq ftp
40 permit tcp any host x.x.x.2 eq www
50 permit tcp any host x.x.x.9 eq 443
60 permit tcp any host x.x.x.2 eq 443
70 deny ip any any (712217 matches)

1 REPLY

Re: Firewall config for UC520

Hi,

You're using CBAC which was the method use to enable Firewalling on a router.

The new and better method is Zone-Based Policy Firewall, take a look:

http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a008060f6dd.htmlhttp://www.cisco.com/en/US/partner/products/ps6441/products_feature_guide09186a008060f6dd.html

Federico.

222
Views
0
Helpful
1
Replies
CreatePlease to create content