Security Features
June 2004 © 2004 Foundry Networks, Inc. 15 - 7
Step 11: Configure firewall policies to allow IKE negotiation through untrusted interface
(applicable only if firewall license is also enabled):
Step 12: Configure firewall policies to allow desired services through untrusted interf ace to
manage the router (applicable only if firewall license is also enabled):
Step 13: Display firewall policies in the internet map (applicable only if firewall license is
enabled):
Router1/configure# firewall internet
Router1/configure/firewall internet# policy 1000 in service ike self
Router1/configure/firewall internet/policy 1000 in# exit
Router1/configure/firewall internet# exit
Router1/configure# firewall internet
Router1/configure/firewall internet# policy 1001 in service snmp self
Router1/configure/firewall internet/policy 1001 in# exit
Router1/configure/firewall internet# policy 1002 in service telnet
self
Router1/configure/firewall internet/policy 1002 in# exit
Router1/configure/firewall internet# policy 1003 in protocol icmp
self
Router1/configure/firewall internet/policy 1003 in# exit
Router1/configure/firewall internet# exit
Router1# show firewall policy internet
Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,
R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging,
E - Policy Enabled, M - Smtp-Filter
Pri Dir Source Addr Destination Addr Sport Dport Proto Action Advanced
--- --- ----------- ---------------- ----------------- ------ --------
1000 in any any ike PERMIT SE
1001 in any any snmp PERMIT SE
1002 in any any telnet PERMIT SE
1003 in any any any any icmp PERMIT SE
1024 out any any any any any PERMIT SE