Chapter 9: Passing Traffic

Introduction

A firewall would not serve any purpose if it blocked all traffic. To properly protect a network environment, network traffic must be filtered both outbound and inbound. The key to configuring a firewall is to ensure that it only allows the traffic you want allowed and only blocks the traffic you want blocked. In some cases, this is not an easy task.

In this chapter, you will learn how to pass traffic through the PIX firewall. To pass traffic through a PIX firewall, some form of address translation must be configured. You will learn how to set up both static and dynamic translations. Once translation has been configured, the PIX will automatically allow all connections from a higher security-level interface to a lower security-level interface and deny all connections from a lower security-level interface to a higher security-level interface. To configure more granular access, you can permit or deny specific traffic. Depending on whether you are configuring inbound or outbound access, different commands are available to accomplish this task. We discuss these different commands in this chapter.

Object grouping is a new feature in PIX firewalls that simplifies access list configuration and maintenance. Here we discuss how to create and use object groups.

Throughout the chapter, we use examples to describe the various commands. We provide a complex case study to review what you have learned. By the end of this chapter, you will be an expert on passing traffic through PIX firewalls.