Device Options
Cisco IOS Firewall feature set

The Cisco IOS Firewall is a security-specific option for Cisco IOS software. It integrates robust firewall functionality, authentication proxy, and intrusion prevention for every network perimeter, and enriches existing Cisco IOS security capabilities. It adds greater depth and flexibility to existing Cisco IOS security solutions by delivering state-of-the-art security features, such as stateful, application-based filtering; dynamic per-user authentication and authorization, defense against network attacks, Java blocking, and real-time alerts. When combined with Cisco IOS Internet Protocol Security (IPSec) software and other Cisco IOS software-based technologies, such as Layer 2 Tunneling Protocol (L2TP) tunneling and quality of service (QoS), the Cisco IOS Firewall provides a complete, integrated virtual private network (VPN) solution.

The Cisco IOS Firewall feature set combines existing Cisco IOS firewall technology and the Context-based Access Control (CBAC) feature. When the Cisco IOS Firewall is configured on a Cisco router, the router is turned into an effective, robust firewall.

The Cisco IOS Firewall features are designed to prevent unauthorized external individuals from gaining access to the internal network and to block attacks on the network, while at the same time allowing authorized users to access network resources.

The Cisco IOS Firewall features can be used to configure a Cisco IOS router as one of the following:

  • An Internet firewall or part of an Internet firewall
  • A firewall between groups in the internal network
  • A firewall providing secure connections to or from branch offices
  • A firewall between a company's network and that company's partners' networks

The Cisco IOS Firewall features provide the following benefits:

  • Protection of internal networks from intrusion
  • Monitoring of traffic through network perimeters
  • Enabling of network commerce via the World Wide Web

Creating a Customized Firewall
To create a firewall customized to fit an organization's security policy, first determine which Cisco IOS Firewall features are appropriate, and then configure those features. At a minimum, basic traffic filtering must be configured to provide a basic firewall. A router can be configured to function as a firewall by using the following Cisco IOS Firewall features:

  • Standard access lists and static extended access lists
  • Dynamic, or lock-and-key, access lists
  • Reflexive access lists
  • TCP intercept
  • Context-based Access Control
  • Cisco IOS Firewall Intrusion Prevention System
  • Authentication proxy
  • Port to application mapping
  • Security server support
  • Network address translation
  • IPSec network security
  • Neighbor router authentication
  • Event logging
  • User authentication and authorization