December 25, 2024

Do Cisco Routers Have Firewalls?

0
cisco routers firewall | TeQBlogs

When you have cisco routers with a firewall, why you need to go for an expensive device that provides firewall functionalities. The Cisco IOS offers an IOS firewall feature that comes built-in with the device.

Previously, Cisco referred to the IOS firewall as CBAC or Context-Based Access Control, which many books and videos still use, but don’t get confused. It’s the same IOS firewall that offers similar features and commands.

When it comes to the IOS firewall, it monitors TCP and UDP packets of the OSI model’s application layer. It would look after the outgoing requests, and for the return traffic, it would open reciprocal, inbound ports.

About the Cisco IOS Firewall

IOS is a stateful firewall that maintains the state of the TCP connection’s reach. It allows return traffic only when allowed and matches the TCP packet’s stored state information.

Below are some of the features of the Cisco IOS firewall:

Filtering of traffic

Traffic is filtered at the port and application level.

  • Inspection of traffic

This is the IOS firewall core feature; it keeps the TCP connection state and prevents unauthorized accesses.

  • Audit trails and Alerts

It offers real-time, Syslog audit trails and alerts.

  • Prevention of intrusion

ISO Firewall comes with an intrusion detection system that can cover more than 50 most common attack signatures.

How to Configure Firewall in Cisco Routers?

Before you start configuring the Cisco firewall router, you must make sure that you have proper IOS. Enter the IP inspect? At Global Configuration Mode prompt, only if you happen to have an IOS that includes a firewall. 

After the command, you may see a list of options. If the router shows Unrecognized Command, know that you don’t have an IOS Firewall. Now, let’s configure the inspection and filtering of the basic IOS Firewall.

And make sure you configure this first on a test system and traffic as a wrong configuration can disrupt the entire network communication. Follow the below steps to start configuring Cisco firewall in networking:

  • First, you need to choose an interface to protect the network from the internet. Therefore, choose the external WAN public interface.
  • Now, you’ll need to configure and apply the ACP network because this ACP would block everything that is permitted to the IOS Firewall by you.
  • Create your firewall inspection rules and define the protocols required to inspect and monitor the firewall’s state. If you want to monitor, filter, and check TCP and UDP, Real Audio, Citrix ICA, and FTP.

Note: Some of the protocols uses multiple port numbers or use large ranges. When creating an ACL network makes it difficult in the creation process. But, it can recognize these protocols because IOS Firewall works at the application layer.

  • Apply the inspection rule to your interface’s in and out decision. It would help monitor the outgoing traffic that is creating inbound opening and creates the ACL inbound openings dynamically.
  • Lastly, you’ll need to configure the firewall’s traffic, where you would log and audit the traffic. Below are some of the commands using which you verify IOS Firewall operations:
show IP access-lists
show IP inspect the name
show IP inspect config
show IP inspect interfaces
show IP inspect

If you want to test the IOS firewall, the best possible way you can do so, by performing a port scan from the outside.

Final Thoughts

Cisco routers with firewall offer a compelling, robust feature, a must for every router. However, for large enterprises, it may not be an excellent internet protection solution. Still, it’s an impressive choice for small and medium-sized business.

And suppose you want to configure the IOS Firewall easily. In that case, you can do so by configuring it with Cisco SMD Firewall Policy Wizard GUI.

About The Author

(Visited 124 times, 1 visits today)

Leave a Reply