The innovative flagship Cisco IOS Software provides an array of security solutions including the flagship IOS
Firewall feature set. This set provides integrated firewall and intrusion detection technology for the Cisco IOS
Software. The Cisco IOS Firewall feature is a stateful-inspection software component of Cisco IOS Software.
The Cisco IOS Firewall feature set provides a single point of protection at the network perimeter, making
security policy enforcement an inherent component of the network.
Cisco IOS Firewall consists of several major subsystems: an advanced firewall engine for stateful-packet
inspection (SPI), Context-Based Access Control (CBAC), Zone-Based Policy Firewall (ZFW), Intrusion Prevention
Systems (IPS), Authentication Proxy, Port-to-Application Mapping (PAM), Multi-VRF firewall, Transparent
firewall, and several others.
This chapter focuses mainly on the SPI and Classic Firewall CBAC, illustrating fundamental concepts and
functions of how stateful inspection works and a step-by-step process to configure the Cisco IOS Firewall in the
classical CBAC format.
The chapter also highlights some of the Advanced IOS Firewall features introduced in the newer IOS Software
versions.
Pages:
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209