5940 Router firewall and IDS

Currently the 5940 Router has the capability to support a firewall and IDS as part of its IOS features.  
Rumor has it that Cisco is planning to remove that IOS firewall/IDS capabilities in the future. The reason of this discussion is to confirm that rumor and also to discuss why Cisco would want to discontinue the Firewall and IDS features from the 5940 Router IOS . I would like to know if Cisco plans to remove the firewall/IDS capabilities from the router IOS in the future. Please comment.

Since the majority us us are NOT Cisco employees, your best source of such information would be your Security PSE.

Similar Messages

  • Router firewall and Mac firewall

    Do i need to have them both on or what?

    Probably not, but I do anyway; the Mac one is easy to configure. Just remember to change the default admin password on the router - hackers have started using that as a way in.
    Oh, and unless you need to use Remote Access over a VPN (for working from home perhaps) block port 22 on the router.

  • I have a router/firewall - do I need an AirPort Extreme Base Station?

    My current home network consists of my iMac, a Linux box that I use as a server, and my work Windows laptop that I connect to my home network via an Ethernet cable. I have a Netgear router/firewall. I don't have wireless access to my home network yet.
    I'll be getting a new Apple laptop of some sort in the near future, so I am interested in adding in wireless. I'm used to the firewall capabilities of my Netgear router/firewall, and am confortable mucking around with netwrok configurations.
    I would imagine that if I get an AEBS, it will take the place of the Netgear router/firewall. I also figure that I can just get a wireless access point to add wireless capability to my network, but that would mean a second box.
    What I would like to know is how configurable are the firewall functions of the AEBS. With my current router/firewall, I can do the following:
    1. Define what ports/services I would like to allow (FTP, ssh, etc.)
    2. Set times as to when those services are open
    3. Direct incoming and outgoing services to specific IP addresses on my local network (if an FTP request comes in, it automatically goes to my iMac, wheras ssh goes to my Linux box).
    Can any/all of these be done with an AEBS?
    I did try to ask the people at the local Apple store, where I was informed that the AEBS actually did not have any firewall capabilities, despite what the box says, and that I should rely on the Sharing part of System Preferences.
    iMac G4 1 GHz   Mac OS X (10.4.4)  

    The AEBS does not have built in firewall software as the retaili folks said.
    You will be able to set up port forwarding those so specific ports coming to your public IP address getting routed to a specific private IP address (your iMac vs. Linux box example). However, you can not associate certain times for these functions to occur....
    ...unless, maybe, an Apple Script was created to upload an alternative configuration to the AEBS. I'm not sure though; just thinking outloud. Maybe one of the Apple Scripting guru's on this forum could take the lead on that idea.

  • Router Firewall & Apple Firewall ~ Do I need both?

    Hi.
    Someone 'here' (somewhere on 'Discussions', can't remember where) mentioned that there is no need to have a router firewall & the Apple FW on together. Why is that? Does the router FW just make the Apple FW redundant or do they clash with each other? Is there any advantage to turning off the Apple FW given that the router firewall is on 24/7?
    Sorry, lots of questions...
    Thanks in advance.
    Adrian

    Nobody can tell you if you need both... it all depends on your needs, risk tolerance, value of data, what services you have enabled, and also the setup of your LAN.
    You can run both a router/firewall and your computer's firewall- and it's not a bad idea to do this. There are no issues with them clashing.
    Here's one reason you may also want to run the software firewall
    - If a computer on your LAN is compromised, this comprimised system is behind your router/firewall and could carry out automated attacks on your lan or even be manually controlled by another person. The only thing standing between the compromised computer and your computer is the software firewall.
    Jeff

  • Specifications of Router Firewall

    I have a Linlsys WRT320N wireless router.  I have 2 PC's attached to the router (one with wired connection and the other with a wireless connection). The router connects to the cable modem. For the router:
    The SPI Firewall Protection is enabled.
    Filter Anonymous Internet Requests - enabled (ticked)
    Filter Multicast - disabled (no tick)
    Filter Internet NAT Redirection - disabled (no tick)
    Filter IDENT (port 113) - enabled (tick)
    I am trying to understand what protection is provided by the router firewall and, conversely, what the firewall does not protect me from.
    Some examples:
    1) I believe that the if the router receives unsolicited traffic (one item not a mass attack) it will allow such traffic through and onto the home LAN - is this correct??
    2) I believe that the router prevents my network from being "pinged" - is this correct??
    3) I believe that the router will hide my network ports - but I am not sure what exactly this means??
    Would be grateful for any help/advice.

    Thanks for your responses.
    Do you mean I should enable or disable "Filter Anonymous Internet Requests"??
    My question regarding unsolicited traffic is because of the following:
    I have 2 PC's connected to my router (one via wired connection and the other via a wireless connection).
    The router is connected to a cable modem.
    I also have a software firewall on my PC (it comes with the security software).
    I noticed from the log that the software firewall on PC had blocked traffic. Examples being:
    UDP from 188.163.116.149:12490 to 192.168.1.100:57504
    UDP from 131.114.12.202:38083 to 192.168.1.100:57504
    UDP from 81.157.27.243:27762 to 192.168.1.100:57504
    192.168.1.100 is the IP address of my PC on the home LAN.
    No program was associated with this traffic.
    I have looked up the IP addresses via http://cqcouter.com/whois/ but without any useful information. The first two servers are from the Ukraine and Italy respectively. The third seems to be a BT server in the UK. None of the IP addresses/servers have any meaning for me.
    I have not configured port forwarding etc, etc.
    My second PC is 192.168.1.101 and no such traffic seems to be arriving at this PC for its software firewall to block.
    Given that the source addresses are the external internet, I am trying to understand why/how this traffic is passing through the router and arriving at my PC (192.168.1.100)??
    Would you expect such traffic to pass through the router??
    Many thanks for your help.

  • HT4814 TCP and UDP ports on router firewall to allow server to server administration running mavericks and server app 3.0?

    What TCP or UDP ports do I need to open on my router firewall to allow server to server administration running maverics and server app 3.0?

    Also you may want to open tcp port 625 so that you can update the server's OD master.
    More info can be found here: http://support.apple.com/kb/ts1629  Well known TCP/UDP ports used by Apple Products.
    HTH
    - Leland

  • How to configure listener across firewall and router

    I am trying a test to see if the following scenario will work and I am looking for insight because I am not getting anywhere fast....
    I have a computer on an internal network running oracle 9iR2. This computer has a web server exposed through a router/firewall with port 80 open. I want to open port 1521 and make the oracle listenser available to someone outside my network. The client only has internet access through their ISP. Basically it would be like hitting the web server over the internet. I am not sure if it is possible to use SQL*Plus to connect to a database server using the name of the router (www.company.com) and have the Oracle database available.

    I have serious doubts that this will work.This sould working definitely. But this question is more related to networking than DBA.
    So this action (and aalso analysis) must be done by somebody who are responsible for (and unsterstand) routing and firewall administration.
    This "networking person" (credited as somebody before) must prevent unauthorized access to your DB and also prevent sniffing (for example your 3rd parties will be connected via IPSEC connection).

  • With OSX firewall and firewall on router, do you really need Netbarrier?

    With the native firewall and what the router provides do you really need to spend the extra money. I understand the need for anti virus but... do you really need something like Netbarrier from Intego?

    I agree with Roam, but if you are still in doubt, check these out...
    ClamXAV, free Virus scanner...
    http://www.clamxav.com/
    Little Snitch, stops/alerts outgoing stuff...
    http://www.obdev.at/products/littlesnitch/index.html
    HenWen/Snort combo, that is a free MAJOR Firewall...
    http://seiryu.home.comcast.net/henwen.html
    Then the venerable old Brickhoues/Flying Buttress Firewall...
    http://personalpages.tds.net/~brian_hill/downloads.html
    WaterRoof is a firewall management frontend with bandwidth tuning, NAT setup, port redirection, dynamic rules tracking, predefined rule sets, wizard, logs, statistics and other features.
    http://www.macupdate.com/info.php/id/23317

  • Difference between Firewall and Router

    I can do VPN remote access configuration by using cisco firewall also I can do it using the cisco router by using the SDM program so what is the benefits from using the firewall or all of them are the same?
    I mean it's recommended to use the firewill? if yes, why ?

    Answer-
    1) WE can make Security-Level on Firewall,but router can't
    2) We can make firewall in multiple context(Virtual Firewall) but router can't
    3) We can create SSL VPN on Firewall,but router can't
    4) Whenever a packet inspected by Firewall and another packet comes with same contents then firewall didn't check that packet,
      but router checks all packets.(show connections)
    5) Firewall works as L2 and L3 both, but router only on L3.
    6) Firewall inspects packets on L3 to L7 but router works on L3.
    7) Firewall have Failover,router can't
    8) Whenever we take trace,then firewall cannot comes on picture,but router always shows as a Hop Count.

  • Unable to receive internet connection over wifi connection.  Shows that I am connected to the network, but do not have internet access.  Checked my firewall and turned it off.  What else am I missing or should be doing differently?

    Unable to receive internet connection over wifi connection.  Shows that I am connected to the network, but do not have internet access.  Checked my firewall and turned it off.  What else am I missing or should be doing differently?

    You might want to try resetting your router and your modem - just unplug the cords, leave them unplugged for about 3-5 minutes and then replug the modem and then the router in that order.
    This may or may not correct your problem - call back if it doesn't.
    Clinton

  • Belkin Router Firewall Settings - Need Help Please

    Hi
    I'm new to Apple and love the machine, but I am having a problem with the firewall on my router. Let me explain the setup, then the problem...
    I have the following in my home network:
    1 hp desktop running Windows XP Media Center Edition, SP3 (Professional)
    1 Belkin wired / wireless router
    1 Canon Pixma MP500 Printer set for Sharing (Connected to hp desktop through USB)
    1 iMac 20" running Leopard OS
    The hp desktop and the iMac are both hardwired to the router. The router's security settings are as follows:
    Will NOT broadcast the SSID
    Mac Filtering is ENABLED (iMac MAC address is included in list of allowed connections)
    WPA-PSK Security ENABLED
    Wireless connectivity is ENABLED (For Wii, PSP, and Xbox 360)
    Now the problem...
    Everything on the network works beautifully, except the iMac. It will not allow iChat services, will not allow sharing of the desktop with other iChat members. It does, however, connect to the internet, but will not access the hp shared folders or printer. When I attempt to even add the printer, the printer does not even show up. I DO have Bonjour installed on the hp, but when I run Bonjour, I get a message that reads something like, "There are no Bonjour enabled printers available."
    I know it is the firewall built into the Belkin router because I placed the iMac into the Demilitarized Zone, and everything started working as expected. For those of you not familiar with DMZ on the router, it basically allows you to pick an IP address to place outside of the firewall, so you can keep the router firewall enabled, but you can choose an IP address (i.e., a computer) that is not behind the firewall.
    After placing the iMac in the DMZ, I went to add the shared printer on iMac. Not only did it show up immediately and give me the ability to add it and print to it, but I could also browse shared folders on my hp. I was also able to connect to a friend on iChat, and we were able to share each other's desktops.
    Before placing the iMac in the DMZ, I opened a couple of ports (I don't recall which ones at the moment), and I was able to get iChat AV to work properly, but could not get the shared desktop feature to work. I believe if I had a comprehensive list of ports to enable, I could get this issue resolved, but I can't seem to find such a list anywhere on Apple's web site (or any other web site for that matter). Do any of you have such a list of ports??
    I can provide more information if needed, but any help on this matter would be greatly appreciated.
    Thanks a lot in advance for your help.

    Thank you, Larry.
    I found a soft copy of the Belkin router's setup instructions on-line. I am going to enable the UPnP feature, as the manual indicates that it is necessary to have this feature enabled to do the things I want to do. The manual also indicates that the router ships with this feature disabled by default. I have not had a need to enable the feature when I had two PCs, so hopefully this will solve the problem.
    In either case, thanks for directing me to the common ports. If enabling the UPnP feature does not work, at least I can see which ports I need to enable.

  • Help needed with Firewall and pureftpd

    I am having trouble getting the Leopard Firewall to let through ftp connections with PureFTPD manager 1.7
    On a clean install of Leopard I set the firewall to "Set access for specific services and applications". For ssh, and apache (web sharing) this worked just fine.
    I then installed PureFTPD Manager 1.7 (The version that is supposed to work with Leopard).
    However I have been unable to get the firewall to let through connections to the pure-ftpd server.
    I selected "allow" when OSX prompted me whether ProFTPD should be permitted to open a port. That worked right after I installed ProFTPD Manager until I reset the computer. Then it stopped working.
    I tried adding the pure-ftpd application to the application list in the Firewall settings. That didn't work.
    I always get "Deny pure-ftpd connecting from ..." in the firewall log.
    Has anyone out there gotten pro-ftpd to work with the Leopard firewall set to "Set access for specific services and applications?"
    Please don't suggest to disable the firewall or to use ipfw. Disabling the firewall I don't consider a reasonable solution for a computer that is exposed to the internet, and I would prefer not to have to use ipfw for everything.
    Thank you

    I'm assuming that this works fine if you disable the firewall altogether, correct?
    ipfw won't help you here since the way that the leopard firewall is setup, it's already set as an 'allow all'.
    Rather than waiting for the 'do you want to allow...' dialog to come up, have you tried clicking the + in the firewall and adding the application directly?
    Also, can you describe how you are performing your tests? From the same system or a different system? From behind a router/firewall or on the same segment?
    You may also want to read through this post on how the firewall works. It sounds like you already understand 99% of it though. http://discussions.apple.com/thread.jspa?threadID=1337153&tstart=0#6317068
    One last resort option would be to delete the firewall preference file and reboot to start over.
    You'd want to nuke /Library/Preferences/com.apple.alf.plist

  • No firewall and still no iChat

    I've been without iChat since I upgraded to 10.4.3. I've read many posts on how to fix the problem and virtually every post discusses ports behind firewalls. Now being an impatient person, I decided to turn off the Firewall and see if I could then get iChat to work. The result - I still can't get iChat to work! So my question is - can anyone tell me the simplest way to get iChat to work WITHOUT THE FIREWALL? I can get that far then perhaps I can sort out getting it to work behind the firewall. Any help or comments would be appreciated. Thanks in advance.

    Hello Frank.
    Please clarify: ... since I upgraded to 10.4.3.versus your posted system info that shows Mac OS X (10.2.x). Do you mean text chat only with Jaguar's non-AV iChat? Also, is your problem with several chat buddies or only with one? With both of your listed Macs or only one?
    If you have really upgraded to Tiger, my best suggestions are in Help for iChat AV 3 Problems.
    However, if you are just attempting to deal with port configuration in a router or wireless setup, I suggest you take ALL your wireless equipment, routers, firewalls, and any other internet connected devices like VOIP or game boxes out of the loop and connect your Mac directly to your modem (or other Mac for Rendezvous or Bonjour messaging) via Ethernet cable. Run directly wired until you get your iChat AV connection working.
    If your modem connects via telephone cable or USB, that may well be your problem. Be sure you have adequate broadband service. Then, if you are using a USB modem, get a modem that connects via Ethernet and try again.
    Once you get iChat AV working reliably, you can reconnect your necessary additional equipment, one item at a time, to see whether the problem returns. If adding one item back makes the problem reappear, remove the item again and reinstall it again to be SURE that this specific problem/fix is repeatable. Then you will KNOW that individual component is at least one of your problems. Leaving the newly tested item disconnected for the remainder of the test, repeat this process for EACH additional removed component, ALWAYS one item at a time. When finished, you will know every component that is a problem.
    When you have identified EVERY problem item in the communications loop, you can apply the info from your equipment's documentation or customer support sites or the above links to fix the problem.
    If you have a laptop, it is particularly simple to try to connect from another ISP locations (internet cafes, university, work, libraries, hotels, or other places that offer internet access). That will let you know whether your problem is related to your ISP service or connection.
    Jim

  • CSM route mode and bridge mode can exist at the same time?

    I'm using CSM on ver 4.x,and I used to the bridge mode for firewall load balance,for a new requset,I have to create a new server/client vlan,but the original firewall load balance was effected when I issued the server vlan command,and I'd like to use route mode for the new server farm,I'm wondering that route mode and brige mode can't exist at the same time,because it seems it doesn't make sense.Any reply will be very appreciated.

    you can use bridge mode and route mode at the same time.
    Traffic with desintation mac address being the CSM will be routed, otherwise it will be bridged.
    Gilles.

  • Firewalling and NTP (Time) troubleshooting

    Hi all.  Recently after switching to using a Cisco router (891W, IOS 15.2) instead of a different vendor's router at our site, I began to notice that the time sync on the Windows domain is off.  This is causing major domain functionality problems.  This is a small business so there is a single domain controller, and it is configured to get time from a source on the Internet. 
    It's been a while since I set this up on the server so I forget offhand the Internet time server, but the current firewall config for the router matches what I had on the previous non-Cisco router.  I'll check into if the Internet time server is th eproblem but those don't tend to go down a lot to my knowledge.  The only thing that changed was this router and immediately after is when the problems began. 
    However in retrospect I wonder if the firewall is even correctly set up.  Currently I have udp port 123 open from the outside going to the inside IP of the domain controller on the LAN (using static NAT).  But as I think about this, I'm sure that time update traffic is not initiated from the time source (Internet-based time server) but rather by the time client (the domain controller).  Please correct me if I'm wrong. 
    So then with a stateful firewall and provided there are no restrictions from inside to outside for NTP, I should not have to open udp 123 from the outside at all, but instead just allow the inside server to request time from the outside, using whatever dynamic port the firewall allocates. 
    Is this right?  Again, ever since we switched to using the Cisco router, time sync is not working. 
    Thanks very much. 

    You're thinking is exactly correct. As a test you could also set the router to pull time from the public NTP server and see if it synch's.
    ntp server [ip of NTP server] prefer
    To see if it's synch'ing
    show ntp association
    show ntp status

Maybe you are looking for

  • BPM Alert shows in Inbox but without custom text

    We have a BPM which raises an alert and passes a message to a fixed receipent Inbox. In our Dev environment this works great. We replicated this functinoality in our QA environment and now the user gets an alert in their Inbox but instead of the cust

  • Signing problem on a PDF

    I am attempting to fill out an application for which is in PDF format. It has an email submit button. It has signature fields that I click on, and nothing pops up to allow me to sign it. I cannot submit until they are signed, and I have tried eberyth

  • VAT tax accruals, set off and G/L recording

    Hi, We have a requirement as follows: 1. When we receive the invoice from the vendor, then in MIRO (or F-43 or FB10, whatever we may use) this VAT amount needs to post to a certain G/L account, say 'X'. for VAT accruals - I assume we can achieve this

  • OEDQ Jobs erroring - Error Code: Cannot acquire lock, already locked

    Hi experts our Real time Individual match job is erroring out with above error code. Real time Individual clean and Real time Individual Cluster are working fine. What could be the reason for this? (log file extract: SEVERE: 06-May-2013 14:54:39: Can

  • Stopped Faxing. Endless message "Preparing to send the fax document."

    I have intel iMac and external Apple modem, I use it continuously to send faxes. Today when I attempted to send a fax the normal message appeared "Preparing to send the fax document." However it stayed forever and nothing happened for an hour. I tras