Security context is a robust feature available in Cisco ASA. It provides a
Chapter 10. Transparent Firewalls
This chapter covers the following topics:
Traditionally, network firewalls have been deployed and used to filter traffic passing through them. These firewalls usually examine the upper-layer headers (Layer 3 or above) and, occasionally, the data payload in the packets. The packets are then either allowed or dropped based on the configured access control lists (ACLs). These firewalls, commonly referred to as routed firewalls,
Figure 10-1 illustrates a routed firewall protecting the inside network and translating the source address of Host A from 192.168.1.2 to 18.104.22.168 for the traffic destined to www.cisco.com.
Figure 10-1. Routed Firewall
Routed firewalls do not provide a way to filter packets that traverse from one host to another in the same LAN segment. The Layer 3 firewalls require a new network segment to be created when they are inserted into a network, which requires quite a bit of planning, network downtime, and reconfiguration of network devices. To avoid these issues, stealth or transparent firewalls have been developed to provide LAN-based protection. An administrator can place a transparent firewall between the LAN and the
By using transparent firewalls, administrators can
Figure 10-2 shows SecureMe's network running a transparent firewall. SecureMe wants to inspect all traffic before it hits the default gateway. When the host 192.168.1.2 sends traffic destined to www.cisco.com, the firewall makes sure that the packets are allowed before passing them to the default gateway, 192.168.1.1. The default gateway router is responsible for translating the 192.168.1.0/27 subnet to 22.214.171.124/27 to achieve the Internet connectivity.
Figure 10-2. Transparent Firewall
Table 10-1 summarizes major differences between routed and transparent mode firewalls.
Table 10-1. Contrasting Routed and Transparent Firewalls
Cisco ASA Configuration (Networking Professional's Library)
The Accidental Administrator: Cisco ASA Security Appliance: A Step-by-Step Configuration Guide
Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance (2nd Edition)
NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures (Networking Technology)