We use a front door VRF on our Cisco ISR4000 series routers for DMVPN. We would like to use this front door VRF as local site Internet handoff. On the south side of this router is a firewall that inspects all the user traffic destined to the FW so there is no need for the router to do anything there.
My major concern is securing the router from attacks from the Internet. Other than ACLs, can you all think of any other technology available on the ISR 4000 series I could implement to protect the router?
Edit: I'm thinking Snort and ZBFW, but I'm not 100% sure. We also use WCCP already for WAAS, so I believe ZBFW is out of the question anyway.
No comments:
Post a Comment