Overview

This module will discuss access control lists (ACLs) and how they are handled by the PIX Security Appliance. The first part of this module will focus on configuring ACLs and knowing how and when to use ACLs in different network environments. This section also discusses applet filtering and URL filtering. The student will learn when to use this technology and why it is necessary.

This module will also introduce students to the concept of object grouping, which puts ACLs into object groups and nested object groups. To simplify the task of creating and applying ACLs, administrators can group network objects, such as hosts, and services such as FTP and HTTP. By grouping ACLs, the number of access lists can be drastically reduced.

Modular policy provides greater granularity and more flexibility when configuring network policies. The Modular Policy Framework (MPF) provides a consistent and flexible way to configure PIX Security Appliance features. One case where MPF could be used is to create a timeout configuration that is specific to a particular TCP application, as opposed to one that applies to all TCP applications.

This module concludes with a discussion of advanced protocol handling and inspection, and how it may be tuned to fit the PIX Security Appliance operation. This module moves on to discuss the advanced protocols used for multimedia support including real time streaming protocols. The protocols required to support IP telephony will also be covered.

PIX Security Appliance Command Reference

Cisco IOS Security Command Reference

NOTE:

It is required that the student study the commands covered in the chapter using the labs and the Command Reference. Not all required commands are covered in sufficient detail in the text alone. Successful completion of this course requires a thorough knowledge of command syntax and application.