User`s guide
Chapter 1 Cisco SDM Express
Security Settings
1-22
Cisco SDM Express 2.4 User’s Guide
OL-7141-05
Note • This feature is available if the Cisco IOS release running on your router
supports the Firewall feature set.
• The Firewall Configuration window does not appear if you did not configure
a WAN interface.
The firewall protects your network in the following ways:
• Apply default access rules to inside and outside
interfaces—Cisco SDM Express creates and applies a list of default access
rules that, among other things, permit DNS and HTTP traffic and deny the
private IP address space.
• Apply default inspection rules to outside interface—Cisco SDM Express
creates and applies a list of default inspection rules.
• Enable IP Unicast Reverse-Path Forwarding (RPF) on the outside
interface—IP Unicast RPF is a feature that causes the router to check the
source address of any packet against the interface through which the packet
entered the router. If the input interface is not a feasible path to the source
address according to the routing table, the packet will be dropped. This source
address verification is used to defeat IP spoofing.
If you choose to let the Cisco SDM Express configure the firewall, you can
modify the firewall configuration later using Cisco SDM. If you choose not to
have a firewall configured, you can configure one later using Cisco SDM Express
or Cisco SDM. For more information, click Cisco Router and Security Device
Manager.
Security Settings
This window lets you disable features that are on by default in the Cisco IOS
software and that can create security risks or make the router send messages at
such a high volume that it would use up its available memory. You should leave
the check boxes checked unless you know that your requirements are different.
This help topic links to descriptions of each security setting that
Cisco SDM Express makes.