Solved

IOS Zone Based Policy Firewall self zone

Posted on 2013-12-16
2
331 Views
Last Modified: 2013-12-17
Is it ok to implement a zone out-to-self but not self-to-out?  The end result I want is to restrict inbound UDP traffic to a particular source address.  But I want any traffic originating from the router to be permitted outbound.  I wondered if simply omitting the self-to-out zone would be the same.  Thanks.
0
Comment
Question by:amigan_99
2 Comments
 
LVL 13

Accepted Solution

by:
Quori earned 500 total points
ID: 39725210
If you want to restrict inbound traffic to the router to specific ports and drop all else you'll need to configure a drop statement in the default class, because the self zone doesn't have the implicit deny function of normal zones.

That said, because you've got to configure an explicit deny, any traffic leaving the router will have its return traffic dropped so you'll need to configure inspection policies (where supported) to make sure pin holes are punched in the firewall for return traffic.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39725219
Thank you.  I put the proposed config here.  If you have a minute - let me know if I'm on the right track.  Thank you.  http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_28320610.html
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question