Thread: [Fwbuilder-discussion] fwbuilder and cisco?
Brought to you by:
mikehorn
From: Tom D. <td...@ro...> - 2010-07-23 15:52:40
|
Hi, I have a Cisco 881 Ethernet Sec Router w/ Adv IP Services running ios 12.4(20)T5, RELEASE SOFTWARE (fc2). I am trying to determine if I can use the FWSM configuration functions in fwb. When I look inside the FWSM options in fwb I keep seeing references to the Pix. Is there a way to use fwb to configure the advanced firewall functions in the 881? If this is covered in the documentation somewhere, I apologize in advance. The only docs I can find on the Cisco functions, seem to be section 11.6 and so far Google has not been helpful. Also, is there a better explanation of what a "network zone" is wrt the Cisco configuration options in fwb. I am a little fuzzy after reading the tool tip. It would seem to me based on the tool tip explanation that both the internal external interfaces should be in the same zone but if I do that then the compiler complains. Regards, -- Tom Diehl td...@ro... Spamtrap address mt...@ro... |
From: Vadim K. <va...@vk...> - 2010-07-23 16:54:00
|
On Fri, Jul 23, 2010 at 8:25 AM, Tom Diehl <td...@ro...> wrote: > Hi, > > I have a Cisco 881 Ethernet Sec Router w/ Adv IP Services running > ios 12.4(20)T5, RELEASE SOFTWARE (fc2). I am trying to determine if I can use > the FWSM configuration functions in fwb. When I look inside the FWSM options in > fwb I keep seeing references to the Pix. > FWSM is a blade for the 6500 switch chassis, this blade runs modified ASA software, that is it is PIX. your router runs Cisco IOS so you need to choose platform "IOS ACL". Fwbuilder can generate extended access lists for IOS. > Is there a way to use fwb to configure the advanced firewall functions in > the 881? no, not at this time. > > If this is covered in the documentation somewhere, I apologize in advance. > The only docs I can find on the Cisco functions, seem to be section 11.6 > and so far Google has not been helpful. > > Also, is there a better explanation of what a "network zone" is wrt the Cisco > configuration options in fwb. I am a little fuzzy after reading the tool tip. > It would seem to me based on the tool tip explanation that both the internal > external interfaces should be in the same zone but if I do that then the > compiler complains. this chapter tries to explain concept of network zones: http://www.fwbuilder.org/4.0/docs/users_guide/host-interface.html please let me know if the explanation is not clear. --vk |
From: Tom D. <td...@ro...> - 2010-07-23 17:47:28
|
Hi Vadim, On Fri, 23 Jul 2010, Vadim Kurland wrote: > On Fri, Jul 23, 2010 at 8:25 AM, Tom Diehl <td...@ro...> wrote: >> Hi, >> >> I have a Cisco 881 Ethernet Sec Router w/ Adv IP Services running >> ios 12.4(20)T5, RELEASE SOFTWARE (fc2). I am trying to determine if I can use >> the FWSM configuration functions in fwb. When I look inside the FWSM options in >> fwb I keep seeing references to the Pix. >> > > FWSM is a blade for the 6500 switch chassis, this blade runs modified > ASA software, that is it is PIX. OK, Learned something new today!! > > your router runs Cisco IOS so you need to choose platform "IOS ACL". > Fwbuilder can generate extended access lists for IOS. OK, Makes sense. > > >> Is there a way to use fwb to configure the advanced firewall functions in >> the 881? > > no, not at this time. Is this planned for a future version? > > >> >> If this is covered in the documentation somewhere, I apologize in advance. >> The only docs I can find on the Cisco functions, seem to be section 11.6 >> and so far Google has not been helpful. >> >> Also, is there a better explanation of what a "network zone" is wrt the Cisco >> configuration options in fwb. I am a little fuzzy after reading the tool tip. >> It would seem to me based on the tool tip explanation that both the internal >> external interfaces should be in the same zone but if I do that then the >> compiler complains. > > > this chapter tries to explain concept of network zones: > > http://www.fwbuilder.org/4.0/docs/users_guide/host-interface.html > > please let me know if the explanation is not clear. Yes, that helps. I missed that. Thanks for the info. Regards, -- Tom Diehl td...@ro... Spamtrap address mt...@ro... |
From: Vadim K. <va...@vk...> - 2010-07-23 17:55:17
|
we would like to add support for the IOS firewall feature set at some point in the future but it gets pushed down priority list by other things. We need to gauge the interest to see if the demand justifies the effort, or it may happen if someone funds the development. --vk On Fri, Jul 23, 2010 at 10:47 AM, Tom Diehl <td...@ro...> wrote: > Hi Vadim, > > > On Fri, 23 Jul 2010, Vadim Kurland wrote: > >> On Fri, Jul 23, 2010 at 8:25 AM, Tom Diehl <td...@ro...> wrote: >>> >>> Hi, >>> >>> I have a Cisco 881 Ethernet Sec Router w/ Adv IP Services running >>> ios 12.4(20)T5, RELEASE SOFTWARE (fc2). I am trying to determine if I can >>> use >>> the FWSM configuration functions in fwb. When I look inside the FWSM >>> options in >>> fwb I keep seeing references to the Pix. >>> >> >> FWSM is a blade for the 6500 switch chassis, this blade runs modified >> ASA software, that is it is PIX. > > OK, Learned something new today!! > >> >> your router runs Cisco IOS so you need to choose platform "IOS ACL". >> Fwbuilder can generate extended access lists for IOS. > > OK, Makes sense. > >> >> >>> Is there a way to use fwb to configure the advanced firewall functions in >>> the 881? >> >> no, not at this time. > > Is this planned for a future version? > >> >> >>> >>> If this is covered in the documentation somewhere, I apologize in >>> advance. >>> The only docs I can find on the Cisco functions, seem to be section 11.6 >>> and so far Google has not been helpful. >>> >>> Also, is there a better explanation of what a "network zone" is wrt the >>> Cisco >>> configuration options in fwb. I am a little fuzzy after reading the tool >>> tip. >>> It would seem to me based on the tool tip explanation that both the >>> internal >>> external interfaces should be in the same zone but if I do that then the >>> compiler complains. >> >> >> this chapter tries to explain concept of network zones: >> >> http://www.fwbuilder.org/4.0/docs/users_guide/host-interface.html >> >> please let me know if the explanation is not clear. > > Yes, that helps. I missed that. > > Thanks for the info. > > Regards, > > -- > Tom Diehl td...@ro... Spamtrap address > mt...@ro... > |
From: Tom D. <td...@ro...> - 2010-07-23 17:57:05
|
On Fri, 23 Jul 2010, Vadim Kurland wrote: > we would like to add support for the IOS firewall feature set at some > point in the future but it gets pushed down priority list by other > things. We need to gauge the interest to see if the demand justifies > the effort, or it may happen if someone funds the development. Makes sense. Thanks, -- Tom Diehl td...@ro... Spamtrap address mt...@ro... > > --vk > > > On Fri, Jul 23, 2010 at 10:47 AM, Tom Diehl <td...@ro...> wrote: >> Hi Vadim, >> >> >> On Fri, 23 Jul 2010, Vadim Kurland wrote: >> >>> On Fri, Jul 23, 2010 at 8:25 AM, Tom Diehl <td...@ro...> wrote: >>>> >>>> Hi, >>>> >>>> I have a Cisco 881 Ethernet Sec Router w/ Adv IP Services running >>>> ios 12.4(20)T5, RELEASE SOFTWARE (fc2). I am trying to determine if I can >>>> use >>>> the FWSM configuration functions in fwb. When I look inside the FWSM >>>> options in >>>> fwb I keep seeing references to the Pix. >>>> >>> >>> FWSM is a blade for the 6500 switch chassis, this blade runs modified >>> ASA software, that is it is PIX. >> >> OK, Learned something new today!! >> >>> >>> your router runs Cisco IOS so you need to choose platform "IOS ACL". >>> Fwbuilder can generate extended access lists for IOS. >> >> OK, Makes sense. >> >>> >>> >>>> Is there a way to use fwb to configure the advanced firewall functions in >>>> the 881? >>> >>> no, not at this time. >> >> Is this planned for a future version? >> >>> >>> >>>> >>>> If this is covered in the documentation somewhere, I apologize in >>>> advance. >>>> The only docs I can find on the Cisco functions, seem to be section 11.6 >>>> and so far Google has not been helpful. >>>> >>>> Also, is there a better explanation of what a "network zone" is wrt the >>>> Cisco >>>> configuration options in fwb. I am a little fuzzy after reading the tool >>>> tip. >>>> It would seem to me based on the tool tip explanation that both the >>>> internal >>>> external interfaces should be in the same zone but if I do that then the >>>> compiler complains. >>> >>> >>> this chapter tries to explain concept of network zones: >>> >>> http://www.fwbuilder.org/4.0/docs/users_guide/host-interface.html >>> >>> please let me know if the explanation is not clear. >> >> Yes, that helps. I missed that. >> >> Thanks for the info. >> >> Regards, >> >> -- >> Tom Diehl td...@ro... Spamtrap address >> mt...@ro... >> > |