Filter
Top Products
Chapter 8 Create Firewall
Advanced Firewall Configuration Wizard
8-12
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Apply access rule to the inbound direction to deny traffic sourced
from broadcast, local loopback address.
Apply access rule to the inbound direction to permit all other
traffic.
Apply application security policy SDM_HIGH to the inbound direction.
This example shows the Cisco SDM Application Security policy SDM_HIGH
applied to inbound traffic on this interface.
Outside (untrusted) Interface(s)
Cisco SDM lists the router logical and physical interfaces that you designated as
outside interfaces in this wizard session, along with their IP addresses.
Underneath, plain-language descriptions are given for each configuration
statement applied to the outside interfaces. The following are examples:
FastEthernet0/1 (142.120.12.1)
Turn on unicast reverse path forwarding check for non-tunnel
interfaces.
Apply access rule to the inbound direction to permit IPSec tunnel
traffic if necessary.
Apply access rule to the inbound direction to permit GRE tunnel
traffic for interfaces if necessary.
Apply access rule to the inbound direction to permit ICMP traffic.
Apply access rule to the inbound direction to permit NTP traffic if
necessary.
Apply access rule to the inbound direction to deny spoofing traffic.
Apply access rule to the inbound direction to deny traffic sourced
from broadcast, local loopback and private address.
Apply access rule to the inbound direction to permit service traffic
going to DMZ interface.
Service ftp at 10.10.10.1 to 10.10.10.20
Apply access rule to the inbound direction to permit secure SDM access
from 140.44.3.0 255.255.255.0 host/network
Apply access rule to the inbound direction to deny all other traffic.
Note that this configuration turns on reverse path forwarding, a feature that allows
the router to discard packets that lack a verifiable source IP address, and permits
ftp traffic to the DMZ addresses 10.10.10.1 through 10.10.10.20.