Chapter1.Firewall Overview

team bbl


Chapter 1. Firewall Overview

Refer to the following sections for information about these topics:

  • 1-1: Overview of Firewall Operation Discusses the mechanisms a Cisco firewall uses to inspect and control traffic passing through it. The firewall inspection engines and algorithms is responsible for enforcing any security policies configured into the firewall.

  • 1-2: Inspection Engines for ICMP, UDP, and TCP Describes how a firewall reacts to traffic of different IP protocols. The inspection mechanisms for the ICMP, UDP, and TCP protocols are covered.

  • 1-3: Hardware and Performance Provides an overview and comparison of the various Cisco firewall platforms and their specifications. This information can help you decide which firewall model is best suited for your application.

  • 1-4: Basic Security Policy Guidelines Presents a list of suggestions for configuring and maintaining firewalls in a corporate network.

A firewall has multiple interfaces, but it isolates traffic between each one. The simplest firewall configuration has one outside and one inside interface, as shown in Figure 1-1.

Figure 1-1. Basic Firewall with Two Interfaces


Each interface is assigned a security level from 0 (lowest) to 100 (highest). Multiple interfaces are each assigned an arbitrary security level, as shown in Figure 1-2.

Figure 1-2. Basic Firewall with Several Interfaces


A firewall is usually represented by the symbol of a diode, an electronic component that allows current to pass in only one direction. Flow in the direction of the arrow is allowed, whereas flow against the arrow is blocked. Other symbols also are commonly used to represent firewalls. Most of those involve a brick wall with or without flames.

Likewise, a firewall has the following default behavior:

  • In general, outbound connections from a higher security interface to a lower one are allowed, provided that they are permitted by any access lists that are applied to the firewall interfaces.

  • All inbound connections from a lower security interface to a higher one are blocked.

The default policies can be changed so that some outbound connections can be blocked and some inbound connections can be allowed.

All traffic is inspected according to a suite of stateful firewall inspection processes and algorithms. These are commonly called inspection engines.

NOTE

Inbound and outbound connections refer to the direction in which a connection is initiated. For example, if a host on the outside tries to initiate a connection with an inside host, that is an inbound connection.

Keep in mind that an inbound connection is entirely different from traffic that returns in the inbound direction. Return traffic is allowed inbound through the firewall only if it is in response to a previously established outbound connection. The same is true for connections and return traffic in the opposite direction.


    team bbl



    Cisco ASA and PIX Firewall Handbook
    CCNP BCMSN Exam Certification Guide (3rd Edition)
    ISBN: 1587051583
    EAN: 2147483647
    Year: 2003
    Pages: 120
    Authors: David Hucaby

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net