Overview

This module will begin with a discussion of the network firewall. The firewall exists to enforce the enterprise security. It enables a company to do business online, while providing the necessary security between the internal network of the enterprise and an external network. In addition to access control, the firewall also provides a natural focal point for the administration of other network security measures.

This module introduces the Cisco IOS Firewall feature set, the Cisco PIX Security Appliance and the Cisco Adaptive Security Appliance, and the Firewall Service Module. This will include an overview of the various PIX Security Appliance and Adaptive Security Appliance models, their features, and their capabilities. Although security appliances are not routers, they do have certain routing capabilities. The commands used in the basic configuration of the security appliance will also be covered.

Security Device Manager (SDM) and Adaptive Security Device Manager (ASDM) will be introduced. These device managers provide a way to configure devices quickly and easily through a graphical user interface.

One aspect of understanding how TCP and UDP work with the security appliance is examining both translations and connections. It is important to learn how these items are used when traffic is going from the inside network to the outside network, or from the outside network to the inside network. In examining translations and connections, network address translation (NAT) is discussed.

Port Address Translation (PAT) and configuring multiple interfaces on the PIX Security Appliance are also discussed. PAT is a translation method, like NAT, that allows network administrators to hide the inside network addressing scheme from outside hosts and allows for the conservation of IP addresses. However, unlike NAT, which leases IP addresses to inside hosts on a one-to-one basis, PAT is able to go a step further and allow numerous inside hosts to use a single IP address. This process is called overloading.

To configure multiple interfaces, this module will discuss how the PIX Security Appliance supports additional perimeter interfaces. The student will gain experience configuring multiple interfaces in a lab that is presented at the end of the module.

PIX Security Appliance Command Reference

Cisco IOS Security Command Reference

NOTE:

It is required that the student study the commands covered in the chapter using the labs and the Command Reference. Not all required commands are covered in sufficient detail in the text alone. Successful completion of this course requires a thorough knowledge of command syntax and application.