Solved

IOS Zone Based Policy Firewall self zone

Posted on 2013-12-16
2
328 Views
Last Modified: 2013-12-17
Is it ok to implement a zone out-to-self but not self-to-out?  The end result I want is to restrict inbound UDP traffic to a particular source address.  But I want any traffic originating from the router to be permitted outbound.  I wondered if simply omitting the self-to-out zone would be the same.  Thanks.
0
Comment
Question by:amigan_99
2 Comments
 
LVL 13

Accepted Solution

by:
Quori earned 500 total points
ID: 39725210
If you want to restrict inbound traffic to the router to specific ports and drop all else you'll need to configure a drop statement in the default class, because the self zone doesn't have the implicit deny function of normal zones.

That said, because you've got to configure an explicit deny, any traffic leaving the router will have its return traffic dropped so you'll need to configure inspection policies (where supported) to make sure pin holes are punched in the firewall for return traffic.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39725219
Thank you.  I put the proposed config here.  If you have a minute - let me know if I'm on the right track.  Thank you.  http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_28320610.html
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now