In the simplest
form, the principal function of a firewall is to monitor and filter traffic. Cisco routers can be configured with the
IOS Firewall feature in one of the following deployment scenarios:
A firewall router facing the Internet.
A firewall router to protect the internal network from the external network. An external network can be
any network outside the organization (for example, a customer or a partner network).
A firewall router between groups of networks in the internal network.
A firewall router that provides secure connections to or from remote or branch offices.
Cisco IOS Software provides an extensive set of security features to design customized firewall solutions to fit
an organization's security policy. A Cisco networking device running Cisco IOS Software can be configured to
function as a firewall by using several solutions available in the IOS Firewall feature set.
The Cisco IOS Firewall consists of several major subsystems:
Cisco IOS Firewall stateful packet inspection (SPI): SPI provides true firewall capabilities to protect
networks against unauthorized traffic and to control legitimate business-critical data.
Context-Based Access Control (CBAC): CBAC (now known as Classic Firewall) is a stateful-inspection
firewall engine that provides dynamic traffic filtering functionality.
Pages:
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206