A Cisco IOS router offers a great deal of configuration options when you enable the firewall. However, while this may offer a better sense of security, it can also be pretty overwhelming, thanks to the complexity of the configuration.
But the SDM Firewall Policy Wizard can help make things easier. For example, let's configure a basic firewall using this wizard. For this demonstration, I'm using a Cisco 871W router with SDM version 2.4. I also have installed Cisco IOS Advanced Security version 12.4(11)T1.
Using the Cisco SDM Firewall And ACL Task section, you can create new firewalls and ACLs as well as edit existing ones. SDM offers wizards to create either a Basic Firewall or Advanced Firewall. What's the difference? The Basic Firewall won't configure a DMZ for you, but the Advanced Firewall will.
Because I wasn't interested in creating a DMZ, I chose the Basic Firewall option. Figure B shows a screenshot of the first screen I saw.
This screen explains how the Basic Firewall Configuration Wizard applies its template policy to the inside and outside interfaces. The wizard will give you the opportunity to decide which interface is which. The new policy will inspect TCP, UDP, and other protocols that travel from the inside to the outside zone. It will block IM, P2P, MSN, Yahoo, and AOL IM traffic. It will also deny any unsolicited traffic coming into the outside interface.
HI, I am trying to set up SDM on a 2801. When I get to Fig D medium and High are grayed out. How do I activate them?
You would use your ISP's DNS Servers. Your PC or router will get this from DHCP, automatically, from the ISP (or at least you should). If your router does not, you can hook up your PC only, get the IP of the DNS server via DHCP, then connect the router and plug the IP in. I hope that helps! Thanks, David Davis Personal Website: www.HappyRouter.com
I see you did the walk-through on SDM 2.4, which defaults to Zone Firewall in the wizard (provided there's not already an 'ip inspect' firewall configured). Previous SDM versions included a firewall wizard, but they configured the classic FW. (SDM 2.4 was the first version to support the Zone-Based Policy Firewall). Many of the firewall configuration options must be found on the "additional tasks" section at the bottom of the left column. However, it beats configuring the Zone FW through the CLI...