Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

IOS Zone Based Policy Firewall self zone

Posted on 2013-12-16
2
Medium Priority
?
337 Views
Last Modified: 2013-12-17
Is it ok to implement a zone out-to-self but not self-to-out?  The end result I want is to restrict inbound UDP traffic to a particular source address.  But I want any traffic originating from the router to be permitted outbound.  I wondered if simply omitting the self-to-out zone would be the same.  Thanks.
0
Comment
Question by:amigan_99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
Quori earned 2000 total points
ID: 39725210
If you want to restrict inbound traffic to the router to specific ports and drop all else you'll need to configure a drop statement in the default class, because the self zone doesn't have the implicit deny function of normal zones.

That said, because you've got to configure an explicit deny, any traffic leaving the router will have its return traffic dropped so you'll need to configure inspection policies (where supported) to make sure pin holes are punched in the firewall for return traffic.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39725219
Thank you.  I put the proposed config here.  If you have a minute - let me know if I'm on the right track.  Thank you.  http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_28320610.html
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question