This chapter focuses mainly on the SPI and Classic Firewall CBAC, illustrating fundamental concepts and
functions of how stateful inspection works and a step-by-step process to configure the Cisco IOS Firewall in the
classical CBAC format.
The chapter also highlights some of the Advanced IOS Firewall features introduced in the newer IOS Software
versions.
The chapter also covers the new Zone-Based Policy Firewall (ZFW) model, providing an overview of the new
zone-based concept and a configuration example that uses the new Cisco Policy Language (CPL) commands.
Router-Based Firewall Solution
The Cisco IOS Firewall feature set provides network security with integrated, inline security solutions. The IOS
Firewall feature set is a suite of security services provisioning a single point of protection at the network
perimeter. In addition, the IOS Firewall feature is widely available on a range of IOS software-based devices,
thereby offering sophisticated security and policy enforcement for network connections.
The Cisco IOS Firewall feature is a stateful-inspection firewall engine with application-level intelligence. This
provides dynamic control to permit or deny traffic flow, thereby providing enhanced security.
Pages:
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205