Solved

IOS Zone Based Policy Firewall self zone

Posted on 2013-12-16
2
333 Views
Last Modified: 2013-12-17
Is it ok to implement a zone out-to-self but not self-to-out?  The end result I want is to restrict inbound UDP traffic to a particular source address.  But I want any traffic originating from the router to be permitted outbound.  I wondered if simply omitting the self-to-out zone would be the same.  Thanks.
0
Comment
Question by:amigan_99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
Quori earned 500 total points
ID: 39725210
If you want to restrict inbound traffic to the router to specific ports and drop all else you'll need to configure a drop statement in the default class, because the self zone doesn't have the implicit deny function of normal zones.

That said, because you've got to configure an explicit deny, any traffic leaving the router will have its return traffic dropped so you'll need to configure inspection policies (where supported) to make sure pin holes are punched in the firewall for return traffic.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39725219
Thank you.  I put the proposed config here.  If you have a minute - let me know if I'm on the right track.  Thank you.  http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_28320610.html
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Boot Camp 3 56
Certification Follow-up 2 58
Simple Fibre Question 6 33
Problems with VPN 4 19
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question