IOS Firewall Management

You can administer the IOS Firewall features in two methods: the traditional command-line interface (CLI) and Cisco ConfigMaker.

Command Line Interface

For users who are familiar with the CLI, its primary advantage is that it can be used across virtually the entire product line. As with any complex skill, the more familiar you become with the CLI, the easier it becomes. Strengths of the CLI include

Similarity across product lines.
Functional online help to assist with complex tasks.
Virtually every feature can be accessed or configured.

On the possible downside, the initial exposure to CLI can be intimidating and confusing. The additions and changes in commands with new releases can be a challenge to keep up with.

Note?

A technician I met early in my career told me the Cisco CLI was the way “to keep the fools that shouldn’t be touching routers away.” While I’ve never found that in any Cisco document, I suspect the result might be on the mark, even if the intent is not.

ConfigMaker

Cisco ConfigMaker is an easy-to-use Microsoft Windows–based software tool designed to configure smaller network Cisco routers, switches, hubs, and other network devices. Advanced features include implementing security policies and managing the Cisco IOS Firewall quickly and efficiently with GUI-based management. Cisco ConfigMaker 2.1 and later versions include a Security Wizard for step-by-step guidance for quick configuration of security policy for the Cisco IOS Firewall. They also support NAT and IPSec configuration. Figure 6-4 shows the ConfigMaker interface.

Figure 6-4: Cisco ConfigMaker tool for network design and implementation

ConfigMaker prompts, wizards, and help screens guide users through the setup process. Online WAN configuration worksheets list important information the network administrator must obtain from the Internet service provider (ISP) or WAN service provider before configuring the devices. The program includes a multimedia movie tutorial.

Configurations can be downloaded or uploaded to the appropriate devices from a standalone PC or over the network.

Configuration wizards include the following:

Task wizards	Prompt user through processes and for key information.
AutoDetect Device Wizard	Can automatically detect and identify the configuration of any supported Cisco device on the network and any WAN or voice interfaces installed in a modular router.
Address Network Wizard	Quick-and-easy completion of complex network addressing procedures by using supplied address ranges and assigning the addresses to selected devices or the entire network.
Security Wizard	Enable policy-based configurations for efficient setup of the Cisco IOS Firewall feature set for Cisco 1600 and 2500 series routers.
Deliver Configuration Wizard	Once the configuration is complete, the wizard can automatically download it through the console port or over the network.

ConfigMaker supports routers up through the 4000 series, but little or no support exists for the Catalyst switches.

To download ConfigMaker, go to the Cisco web site, http://www.cisco.com/warp/public/cc/pd/nemnsw/cm/index.shtml, or do a search for ConfigMaker. No CCO account is required, but you’re asked to supply some information before downloading.

STUDY TIP?

For those of you attempting to certify without access to devices, look at this product, which will at least challenge and assist you in working with many of the technologies covered in the exams.