Router(config-if)#zone-member security OUTSIDE Router(config)#interface gigabitEthernet 0/1 Router(config-if)#zone-member security INSIDE Router(config)#interface gigabitEthernet 0/0 To achieve this we have to go to the particular interface and attach that interface to the zone.Type the command as below: Here I am going to assign Gigabyte Ethernet 0/0 to INSIDE zone, Ge0/1 to OUTSIDE zone and Ge0/2 to DMZ zone.
We have to assign the router interface to a particular zone. Task 2 : Assign Router Interfaces to Zones To configure zones in a router, connect the router via putty or console, switch to the global configuration mode and type the command as below: In this example (refer Figure 1) we have three zones. Self Zone is created automatically by the router while we create the other zones in a Zone Based Firewall. Intrazone communication is Allowed, traffic will flow implicitly among the interfaces that are in the same zone.Interzone communication is Denied, traffic will be denied among the interfaces that are in the different zones unless we specify a firewall policy.From Inside to DMZ - http and icmp is allowed From Outside to Inside - icmp is allowedģ. From Inside to Outside - http,icmp and pop3 is allowedĢ. Here I am defining a rule set for our ZBFW:ġ.
#CISCO ROUTER CONFIGURATION STEP BY STEP FULL#
Here I am going to divide the entire configuration into logical sets and finally will combine them to the get the full configuration.
Cisco first implemented the router-based stateful firewall in CBAC where it used ip inspect command to inspect the traffic in layer 4 and layer 7.Įven though ASA devices are considered as the dedicated firewall devices, Cisco integrated the firewall functionality in the router which in fact will make the firewall a cost effective device. The zone based firewall (ZBFW) is the successor of Classic IOS firewall or CBAC (Context-Based Access Control). The Cisco IOS Zone Based Firewall is one of the most advanced form of Stateful firewall used in the Cisco IOS devices.