The chapter also covers the new Zone-Based Policy Firewall (ZFW) model, providing an overview of the new
zone-based concept and a configuration example that uses the new Cisco Policy Language (CPL) commands.
Router-Based Firewall Solution
The Cisco IOS Firewall feature set provides network security with integrated, inline security solutions. The IOS
Firewall feature set is a suite of security services provisioning a single point of protection at the network
perimeter. In addition, the IOS Firewall feature is widely available on a range of IOS software-based devices,
thereby offering sophisticated security and policy enforcement for network connections.
The Cisco IOS Firewall feature is a stateful-inspection firewall engine with application-level intelligence. This
provides dynamic control to permit or deny traffic flow, thereby providing enhanced security. In the simplest
form, the principal function of a firewall is to monitor and filter traffic. Cisco routers can be configured with the
IOS Firewall feature in one of the following deployment scenarios:
A firewall router facing the Internet.
A firewall router to protect the internal network from the external network. An external network can be
any network outside the organization (for example, a customer or a partner network).
Pages:
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210