Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

disabling firewall feature

in a router runnning ios with ip firewall feature set, how do we disable the firewall and use the normal ios. is this possible at all?

thx

1 REPLY
New Member

Re: disabling firewall feature

Hi,

Yes

If you wish to completely remove ip inspect, you will have in the config:

ip inspect name xxxxx [protocol]

i.e.

ip inspect name OUTRULE http java-list 15 alert on audit-trail on

ip inspect name OUTRULE tcp alert on audit-trail on

ip inspect name OUTRULE udp alert on audit-trail on

remove all the entries and remove the "ip inspect [name] out/in" from the interface that it is applied to...

i.e.

interface FastEthernet0/0

ip inspect OUTRULE out

IOS will run as normal, but be aware that you may have to change the ACL's on the inside or outside interface if you wish to adjust the traffic permitted/denied. It depends on the configuration and what traffic was being inspected.

Conversely you could just remove the ip inspect from the interface and leave the inspection rules in place in the config to allow you to re-use/adjust them if necessary.

The following URL will help shed some light on CBAC

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt3/sccbac.htm

HTH

Ali

91
Views
0
Helpful
1
Replies