Reset Search
 

 

Article

How to Remove a Firewall Service from XSR Firewall Configuration

« Go Back

Information

 
TitleHow to Remove a Firewall Service from XSR Firewall Configuration
Objective
Remove a service that is no longer desired from XSR Firewall
Environment
  • XSR
  • Firewall Configured
Procedure
  1. First remove any policy that uses that service.  
  2. Now remove the service
  3. Reload the firewall for the change to take effect
  4. To make the change permanent over reboots copy the changed configuration to startup-config file with "copy run start" command sequence

In this sample configuration we want to remove Rtelnet (Remote User Telnet Service) which is a manually configured service:

!FIREWALL
ip firewall network Internet 0.0.0.0 mask 0.0.0.0 external
ip firewall network LAN 192.0.2.0 mask 255.255.255.0 internal
ip firewall network RDP_Srv 192.0.2.2 mask 255.255.255.255 internal
ip firewall network XSR_Ext 203.0.113.2 mask 255.255.255.255 internal
!
ip firewall service Rtelnet gt 1023 eq 107 tcp
ip firewall service NATTraversal gt 1023 eq 4500 udp
!
ip firewall service-group WEB SSL HTTP
!
ip firewall policy RDP Internet RDP_Srv TermServ allow
ip firewall policy IKE XSR_Ext Internet ISAKMP allow bidirectional
ip firewall policy NAT-T XSR_Ext Internet NATTraversal allow bidirectional
ip firewall policy WEB_Access LAN Internet WEB allow
!ip firewall policy Rtel-Int Internet LAN Rtelnet allow biddirectional
!
ip firewall filter ESP XSR_Ext Internet protocol-id 50 bidirectional
!
!
ip firewall load
ip firewall enable


 
1.  To remove the service first remove the policy that uses the service:
no ip firewall policy Rtel-Int
 

2.  Now remove the service:
no ip firewall service Rtel-Int

3.  Reload the firewall configuration and exit config mode:
ip firewall load
exit

4.  Save the changed configuration to startup-config for persistence over reboots:
copy run start
Copy 'running-config'
  as 'startup-config' into flash: device(y/n) ? y
Running-config saved to flash:startup-config.
 
Additional notes
 
  • Services which are pre-configured as part of the operating software cannot be removed.
  • A list of pre-configured services can be displayed by typing "show ip firewall service" at a config prompt.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255