Adtran
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable
‎04-07-2014 11:03 AM

Netvanta 7100 Enable Firewall to view Top Websites

Jump to solution

I want to enable and view Top Websites in order to block users from accessing certain domains on the Netvanta 7100.  I have read the Adtran Configuration Guide for URL Filtering/Top Websites Reporting and the first step is to enable the firewall.

"The following example enables the firewall:

#configure terminal

(config)#ip firewall"

My concern is that this device is operating as router and PBX; while the documentation makes it seem very straight forward, I'm guessing there is more to it and must be configured a certain way in order for it to continue operating without issue after the firewall is enabled.  The last time I attempted to enable the firewall on the device remotely I lost connectivity and had to drive to the location and reboot for the changes to be undone.  Is there a more complete guide or should running the commands above enable the firewall without disrupting existing traffic?

Reply
1 Solution

Accepted Solutions
Anonymous
Not applicable
‎04-16-2014 11:05 AM

Re: Netvanta 7100 Enable Firewall to view Top Websites

Jump to solution

juad,

      I would recommend setting up all your IP Policies prior to enabling the firewall that way all the allows are in place before the denies kick in.  Here are some basic rules that should ensure that at the minimum management is not lost, modify IP information to match your needs.  I would also recommend doing this on site plugged into the console port just in case.

!

ip access-list standard NAT

  remark Internet Connection Sharing

  permit any

!

!

ip access-list standard Remote

! Your Remote Management IP

  permit 1.2.3.4 0.0.0.255

!

!

ip access-list extended Admin

  remark Admin Access

  permit tcp any  any eq https   log

!

ip access-list extended InterVLAN

  remark Voice / Data VLAN Traffic

  permit ip 10.10.20.0 0.0.0.255  10.10.10.0 0.0.0.255

  permit ip 10.10.0.0 0.0.255.255  10.10.20.0 0.0.0.255

!

ip policy-class Private

  allow list self self

  allow list InterVLAN stateless

  nat source list NAT interface eth 0/0 overload

!

ip policy-class Public

  allow list Admin self

  allow list Remote

!

interface eth 0/0

  ip address  1.2.3.4  255.255.255.252

  ip access-policy Public

  media-gateway ip primary

  no shutdown

!

interface vlan 1

  ip address  2.3.4.5  255.255.255.0

  ip access-policy Private

  no shutdown

!

interface vlan 2

  ip address  3.4.5.6  255.255.255.0

  ip access-policy Private

  media-gateway ip primary

  no shutdown

!

ip firewall

!

ip flow top-talkers

Message was edited by: matt - adjusted ACL name

View solution in original post

0 Kudos
Reply
6 Replies
Anonymous
Not applicable
‎04-16-2014 11:05 AM

Re: Netvanta 7100 Enable Firewall to view Top Websites

Jump to solution

juad,

      I would recommend setting up all your IP Policies prior to enabling the firewall that way all the allows are in place before the denies kick in.  Here are some basic rules that should ensure that at the minimum management is not lost, modify IP information to match your needs.  I would also recommend doing this on site plugged into the console port just in case.

!

ip access-list standard NAT

  remark Internet Connection Sharing

  permit any

!

!

ip access-list standard Remote

! Your Remote Management IP

  permit 1.2.3.4 0.0.0.255

!

!

ip access-list extended Admin

  remark Admin Access

  permit tcp any  any eq https   log

!

ip access-list extended InterVLAN

  remark Voice / Data VLAN Traffic

  permit ip 10.10.20.0 0.0.0.255  10.10.10.0 0.0.0.255

  permit ip 10.10.0.0 0.0.255.255  10.10.20.0 0.0.0.255

!

ip policy-class Private

  allow list self self

  allow list InterVLAN stateless

  nat source list NAT interface eth 0/0 overload

!

ip policy-class Public

  allow list Admin self

  allow list Remote

!

interface eth 0/0

  ip address  1.2.3.4  255.255.255.252

  ip access-policy Public

  media-gateway ip primary

  no shutdown

!

interface vlan 1

  ip address  2.3.4.5  255.255.255.0

  ip access-policy Private

  no shutdown

!

interface vlan 2

  ip address  3.4.5.6  255.255.255.0

  ip access-policy Private

  media-gateway ip primary

  no shutdown

!

ip firewall

!

ip flow top-talkers

Message was edited by: matt - adjusted ACL name

0 Kudos
Reply
Anonymous
Not applicable
‎07-07-2014 12:28 PM

Re: Netvanta 7100 Enable Firewall to view Top Websites

Jump to solution

Another safeguard is to use the reload in command to schedule a reboot after a set number of minutes.  If you accidentally make configuration changes that end up preventing remote access, the unit will reboot to its previously saved configuration.  Use this command right before you are going to attempt the changes.  If you then apply the changes and everything works you can cancel the scheduled reboot with the reload cancel command.  An example is shown below.  Just make sure to give yourself enough time to apply the changes, test, and cancel.


7100#reload in 5


Save System Configuration?[y/n]y


Reload scheduled in 5 minutes


You are about to reboot the system. Continue?[y/n]y




2014.07.07 12:24:08 OPERATING_SYSTEM System reboot scheduled in 5 minutes!


7100#


7100#reload cancel




2014.07.07 12:24:18 OPERATING_SYSTEM Scheduled system reboot cancelled.


7100#


Thanks,

Matt

Accept as Solution Reply
Anonymous
Not applicable
‎07-07-2014 12:48 PM

Re: Netvanta 7100 Enable Firewall to view Top Websites

Jump to solution

Matt,

     Shouldn't Save System Configuration be No instead of Yes?  If you set it to Yes won't it save the changes you just made before it reboots leaving those settings active instead of going back?  Or does it save the configuration at the time is ran?

John

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎07-07-2014 12:52 PM

Re: Netvanta 7100 Enable Firewall to view Top Websites

Jump to solution

John,

It saves the configuration the time this command is executed.  You should do this with a known working configuration before making changes.

Thanks,
Matt

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎07-07-2014 12:54 PM

Re: Netvanta 7100 Enable Firewall to view Top Websites

Jump to solution

Matt,

    Thanks for clearing that up.

John

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎07-07-2014 01:19 PM

Re: Netvanta 7100 Enable Firewall to view Top Websites

Jump to solution

My pleasure.  Thanks for the follow-up question.  I'm sure that will help someone else later too.

0 Kudos
Accept as Solution Reply