This module will begin with a discussion of the network firewall. The
firewall exists to enforce the enterprise security. It enables a company to do
business online, while providing the necessary security between the internal
network of the enterprise and an external network. In addition to access
control, the firewall also provides a natural focal point for the
administration of other network security measures.
This module introduces
the Cisco IOS Firewall feature set, the Cisco PIX Security Appliance and the
Cisco Adaptive Security Appliance, and the Firewall Service Module. This will
include an overview of the various PIX Security Appliance and Adaptive Security
Appliance models, their features, and their capabilities. Although security
appliances are not routers, they do have certain routing capabilities. The
commands used in the basic configuration of the security appliance will also be
covered.
Security Device Manager (SDM) and Adaptive Security Device
Manager (ASDM) will be introduced. These device managers provide a way to
configure devices quickly and easily through a graphical user interface.
One aspect of understanding how TCP and UDP work with the security appliance
is examining both translations and connections. It is important to learn how
these items are used when traffic is going from the inside network to the
outside network, or from the outside network to the inside network. In
examining translations and connections, network address translation (NAT) is
discussed.
Port Address Translation (PAT) and configuring multiple
interfaces on the PIX Security Appliance are also discussed. PAT is a
translation method, like NAT, that allows network administrators to hide the
inside network addressing scheme from outside hosts and allows for the
conservation of IP addresses. However, unlike NAT, which leases IP addresses to
inside hosts on a one-to-one basis, PAT is able to go a step further and allow
numerous inside hosts to use a single IP address. This process is called
overloading.
To configure multiple interfaces, this module will discuss
how the PIX Security Appliance supports additional perimeter interfaces. The
student will gain experience configuring multiple interfaces in a lab that is
presented at the end of the module.
PIX Security Appliance Command Reference
Cisco IOS Security Command Reference
 |
NOTE:
It is required that the student study the commands covered in the
chapter using the labs and the Command Reference. Not all required commands are
covered in sufficient detail in the text alone. Successful completion of this
course requires a thorough knowledge of command syntax and application.
|