6 Replies Latest reply on Jul 7, 2014 11:19 AM by matt

    Netvanta 7100 Enable Firewall to view Top Websites

    juad New Member

      I want to enable and view Top Websites in order to block users from accessing certain domains on the Netvanta 7100.  I have read the Adtran Configuration Guide for URL Filtering/Top Websites Reporting and the first step is to enable the firewall.

       

      "The following example enables the firewall:

      #configure terminal

      (config)#ip firewall"

       

      My concern is that this device is operating as router and PBX; while the documentation makes it seem very straight forward, I'm guessing there is more to it and must be configured a certain way in order for it to continue operating without issue after the firewall is enabled.  The last time I attempted to enable the firewall on the device remotely I lost connectivity and had to drive to the location and reboot for the changes to be undone.  Is there a more complete guide or should running the commands above enable the firewall without disrupting existing traffic?

        • Re: Netvanta 7100 Enable Firewall to view Top Websites
          jwable Frequent Visitor

          juad,

                I would recommend setting up all your IP Policies prior to enabling the firewall that way all the allows are in place before the denies kick in.  Here are some basic rules that should ensure that at the minimum management is not lost, modify IP information to match your needs.  I would also recommend doing this on site plugged into the console port just in case.

           

          !

          ip access-list standard NAT

            remark Internet Connection Sharing

            permit any

          !

          !

          ip access-list standard Remote

          ! Your Remote Management IP

            permit 1.2.3.4 0.0.0.255

          !

          !

          ip access-list extended Admin

            remark Admin Access

            permit tcp any  any eq https   log

          !

          ip access-list extended InterVLAN

            remark Voice / Data VLAN Traffic

            permit ip 10.10.20.0 0.0.0.255  10.10.10.0 0.0.0.255

            permit ip 10.10.0.0 0.0.255.255  10.10.20.0 0.0.0.255

          !

          ip policy-class Private

            allow list self self

            allow list InterVLAN stateless

            nat source list NAT interface eth 0/0 overload

          !

          ip policy-class Public

            allow list Admin self

            allow list Remote

          !

          interface eth 0/0

            ip address  1.2.3.4  255.255.255.252

            ip access-policy Public

            media-gateway ip primary

            no shutdown

          !

          interface vlan 1

            ip address  2.3.4.5  255.255.255.0

            ip access-policy Private

            no shutdown

          !

          interface vlan 2

            ip address  3.4.5.6  255.255.255.0

            ip access-policy Private

            media-gateway ip primary

            no shutdown

          !

          ip firewall

          !

          ip flow top-talkers

           

          Message was edited by: matt - adjusted ACL name

          • Re: Netvanta 7100 Enable Firewall to view Top Websites
            Employee

            Another safeguard is to use the reload in command to schedule a reboot after a set number of minutes.  If you accidentally make configuration changes that end up preventing remote access, the unit will reboot to its previously saved configuration.  Use this command right before you are going to attempt the changes.  If you then apply the changes and everything works you can cancel the scheduled reboot with the reload cancel command.  An example is shown below.  Just make sure to give yourself enough time to apply the changes, test, and cancel.

             

            7100#reload in 5

            Save System Configuration?[y/n]y

            Reload scheduled in 5 minutes

            You are about to reboot the system. Continue?[y/n]y

             

             

            2014.07.07 12:24:08 OPERATING_SYSTEM System reboot scheduled in 5 minutes!

            7100#

            7100#reload cancel

             

             

            2014.07.07 12:24:18 OPERATING_SYSTEM Scheduled system reboot cancelled.

            7100#

             

            Thanks,

            Matt

            1 of 1 people found this helpful