This module will discuss access control lists (ACLs) and how they are
handled by the PIX Security Appliance. The first part of this module will focus
on configuring ACLs and knowing how and when to use ACLs in different network
environments. This section also discusses applet filtering and URL filtering.
The student will learn when to use this technology and why it is necessary.
This module will also introduce students to the concept of object grouping,
which puts ACLs into object groups and nested object groups. To simplify the
task of creating and applying ACLs, administrators can group network objects,
such as hosts, and services such as FTP and HTTP. By grouping ACLs, the number
of access lists can be drastically reduced.
Modular policy provides
greater granularity and more flexibility when configuring network policies. The
Modular Policy Framework (MPF) provides a consistent and flexible way to
configure PIX Security Appliance features. One case where MPF could be used is
to create a timeout configuration that is specific to a particular TCP
application, as opposed to one that applies to all TCP applications.
This module concludes with a discussion of advanced protocol handling and
inspection, and how it may be tuned to fit the PIX Security Appliance
operation. This module moves on to discuss the advanced protocols used for
multimedia support including real time streaming protocols. The protocols
required to support IP telephony will also be covered.
PIX Security Appliance Command Reference
Cisco IOS Security Command Reference
 |
NOTE:
It is required that the student study the commands covered in the
chapter using the labs and the Command Reference. Not all required commands are
covered in sufficient detail in the text alone. Successful completion of this
course requires a thorough knowledge of command syntax and application.
|