Security

Secure your router with Cisco's SDM Firewall Policy Wizard

Figure B

A Cisco IOS router offers a great deal of configuration options when you enable the firewall. However, while this may offer a better sense of security, it can also be pretty overwhelming, thanks to the complexity of the configuration.

But the SDM Firewall Policy Wizard can help make things easier. For example, let's configure a basic firewall using this wizard. For this demonstration, I'm using a Cisco 871W router with SDM version 2.4. I also have installed Cisco IOS Advanced Security version 12.4(11)T1.

Using the Cisco SDM Firewall And ACL Task section, you can create new firewalls and ACLs as well as edit existing ones. SDM offers wizards to create either a Basic Firewall or Advanced Firewall. What's the difference? The Basic Firewall won't configure a DMZ for you, but the Advanced Firewall will.

Because I wasn't interested in creating a DMZ, I chose the Basic Firewall option. Figure B shows a screenshot of the first screen I saw.

This screen explains how the Basic Firewall Configuration Wizard applies its template policy to the inside and outside interfaces. The wizard will give you the opportunity to decide which interface is which. The new policy will inspect TCP, UDP, and other protocols that travel from the inside to the outside zone. It will block IM, P2P, MSN, Yahoo, and AOL IM traffic. It will also deny any unsolicited traffic coming into the outside interface.