Use static statements (depending on the size of network) with embryonic limits and inbound and outbound access lists. Use NAT on DMZ interface. You should also configure your router(s) with access-lists to reinforce perimeter security. See my PIX firewall article in the series for an example. Make sure that you administratively shutdown unused interfaces (you may experience an issue with CiscoWorks though.) Remember to consistently patch and protect your firewall.
Dig Deeper on Network Access Control
Related Q&A from Luis Medina
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.