AIC policies are applied at Layer 7 of
the OSI model, performing deep packet inspection at the application-protocol level.
ZFW offers application inspection and control for the following application services:
HTTP
SMTP
POP3
IMAP
Sun remote procedure call
Peer-to-peer application traffic
Instant Messaging applications
Note
AIC is configured as an additional set of application-specific class-maps and policy-maps, which are then
applied to existing inspection class-maps and policy-maps.
Summary
This chapter discussed the router-based IOS Firewall technology and focused mainly on one of the several
subsystems??”the SPI technology that uses the classical firewall that in turn uses CBAC and the new ZFW
structures. SPI is an advanced firewall engine for stateful inspection providing traffic-filtering functionality on a
Cisco IOS??“based device as a single point of protection.
The chapter described CBAC functions and how they work using step-by-step configuration processes with
examples.
The chapter also covered the new ZFW concept using security zones and exemplified the required steps to
configure the ZFW.
The chapter also provided an overview of some of the advanced IOS Firewall features introduced in the newer
IOS Software versions.
Pages:
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242