Access-List replacing Stateful Inspection Firewall

routingbyrumor

I am configuring a Nortel SR1004 which is has a very similar CLI to Cisco and I am wondering if Access-list would be a good solution over the built in firewall. I cannot find out a sample config to go with for configuring the Nortel Firewall feature so I was thinking as a shortcut I could just create a ACL that denies all inbound traffic and provides selected ports such as IChat, and PCAnywhere. I need to get this done because my boss refuses to pay bandwidth.com our ISP another 150 for a firewall config and I am going crazy trying to figure out the firewall features. Is this a good idea?

Thanks.

Ahriakin

As long as the implementation isn't off the Stateful firewall should provide you with much better and versatile protection than a static access list. Why not use both in conjunction with each other? Depends on if you meant you can't configure the firewall period or if you just can't get into the low level detail but do have it operating. If nothing else then yup an acl is your best bet, but work on getting the stateful operational.
Also you might want to remind your boss that if he adds up the salary hours you will spend on this alone (not minding any possible loss due to not being adequately protected or in lost productivity due to the inflexibility of ACLs) that $150 might well be worth it....and you'd have a config to learn from so you won't have to dole out for help in the future.