Summary

This module introduced the Cisco IOS Firewall feature set, the Cisco PIX Security Appliance, and the Adaptive Security Appliance. Particular emphasis was placed on the various models, their capabilities, and how they are utilized in a network. Also, the basic capabilities and configuration of the PIX were discussed. This discussion included routing capabilities and user interfaces. Device configuration using SDM and ASDM was also discussed.

Translations use NAT or PAT technologies to change the IP address of traffic as it goes across the PIX Security Appliance. For traffic going from the inside network to the outside network, this provides an additional layer of security and helps the administrator conserve IP address space. For traffic going from outside networks to inside networks, translations help simplify the router configuration on the internal, or perimeter, networks by controlling the addresses that appear on these networks.

Connections are used to create pathways through the PIX Security Appliance from lower security networks to higher security networks. These pathways allow traffic that would otherwise be denied by default. These pathways must be defined, so that only specified traffic is allowed through. The PIX uses the static and access-list commands to do this.