• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 341
  • Last Modified:

IOS Zone Based Policy Firewall self zone

Is it ok to implement a zone out-to-self but not self-to-out?  The end result I want is to restrict inbound UDP traffic to a particular source address.  But I want any traffic originating from the router to be permitted outbound.  I wondered if simply omitting the self-to-out zone would be the same.  Thanks.
0
amigan_99
Asked:
amigan_99
1 Solution
 
QuoriCommented:
If you want to restrict inbound traffic to the router to specific ports and drop all else you'll need to configure a drop statement in the default class, because the self zone doesn't have the implicit deny function of normal zones.

That said, because you've got to configure an explicit deny, any traffic leaving the router will have its return traffic dropped so you'll need to configure inspection policies (where supported) to make sure pin holes are punched in the firewall for return traffic.
0
 
amigan_99Network EngineerAuthor Commented:
Thank you.  I put the proposed config here.  If you have a minute - let me know if I'm on the right track.  Thank you.  http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_28320610.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now