Error setting up firewall using SDM on a Cisco 857W

Today I encountered the following error while installing basic firewall settings using Cisco Security Device Manager (SDM) 2.5 on a Cisco 857W router:

class-map type inspect imap match-any sdm-app-imap

Error detected as this command. Click OK

Basically this meant that the firewall rules generated by SDM couldn’t be applied to the device. A little Googling discovered that this is due to the fact that there is a bug in SDM which causes it not to pick up that the Cisco 857W does not support zone based firewall functionality. The fix was to set up a single inspection rule on one of the interfaces from the CLI, and then restart SDM and try to create the basic firewall config again.

So to fix this from the CLI apply an inspection rule to one of the interfaces, in this case Dialer0:

conf t

ip inspect name myrule tcp

int dialer0

ip inspect myrule out

exit

After doing this restart SDM and try to apply the basic firewall config again, and it should work, also removing the rule you created above in the process.