The Cisco IOS Firewall is a security-specific option for Cisco IOS software.
It integrates robust firewall functionality, authentication proxy, and
intrusion prevention for every network perimeter, and enriches existing Cisco
IOS security capabilities. It adds greater depth and flexibility to existing
Cisco IOS security solutions by delivering state-of-the-art security features,
such as stateful, application-based filtering; dynamic per-user authentication
and authorization, defense against network attacks, Java blocking, and
real-time alerts. When combined with Cisco IOS Internet Protocol Security
(IPSec) software and other Cisco IOS software-based technologies, such as Layer
2 Tunneling Protocol (L2TP) tunneling and quality of service (QoS), the Cisco
IOS Firewall provides a complete, integrated virtual private network (VPN)
solution.
The Cisco IOS Firewall feature set combines existing Cisco IOS
firewall technology and the Context-based Access Control (CBAC) feature. When
the Cisco IOS Firewall is configured on a Cisco router, the router is turned
into an effective, robust firewall.
The Cisco IOS Firewall features are
designed to prevent unauthorized external individuals from gaining access to
the internal network and to block attacks on the network, while at the same
time allowing authorized users to access network resources.
The Cisco IOS
Firewall features can be used to configure a Cisco IOS router as one of the
following:
- An Internet firewall or part of an Internet firewall
- A firewall between groups in the internal network
- A firewall providing secure connections to or from branch offices
- A firewall between a company's network and that company's
partners' networks
The Cisco IOS Firewall features provide the following benefits:
- Protection of internal networks from intrusion
- Monitoring of traffic through network perimeters
- Enabling of network commerce via the World Wide Web
Creating a Customized Firewall
To create a firewall
customized to fit an organization's security policy, first determine which
Cisco IOS Firewall features are appropriate, and then configure those features.
At a minimum, basic traffic filtering must be configured to provide a basic
firewall. A router can be configured to function as a firewall by using the
following Cisco IOS Firewall features:
- Standard access lists and static extended access lists
- Dynamic, or lock-and-key, access lists
- Reflexive access lists
- TCP intercept
- Context-based Access Control
- Cisco IOS Firewall Intrusion Prevention System
- Authentication proxy
- Port to application mapping
- Security server support
- Network address translation
- IPSec network security
- Neighbor router authentication
- Event logging
- User authentication and authorization