Header
Home | Set as homepage | Add to favorites
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey, 

Home : CCSP-Cisco Certified Security Professional : Access Through the PIX Firewall Review

Access Through the PIX Firewall Review

image


 

This chapter looked at some of those features and commands required to allow data to pass efficiently through the firewall. The Adaptive Security Algorithm (ASA) was addressed to understand better how the PIX Firewall determines which traffic patterns to allow and which to deny. The basic higher-security to lower-security level flow was expanded to indicate that returning traffic is always approved, unless it’s specifically blocked by ACLs.

Static translations create a one-to-one permanent IP address xlate table entry, which can then be enabled with an ACL to create potentially many connections. Static translations are generally used to allow access to shared resources, such as servers. NAT and PAT are used to create temporary, one-to-one xlate table entries, allowing returning traffic from forays into lower security areas. If NAT and PAT are used together, any available NAT address is used before any PAT translations occur.

PIX access lists are created and applied much like those in the Cisco IOS, except they’re always implemented inbound on an interface.

Three filter commands can be used to block potentially destructive or unpleasant web resources from the network. The Filter ActiveX command blocks Active X objects from web pages. The Filter Java command does the same thing to Java applets. And, the Filter URL command works with either an N2H2 or a Websense server to filter content based on an extensive database. Filter URL also offers web tracking and custom blocking features.

PIX OS v6.2 introduced the concept of object groups that allows a group of similar items to be defined, and then uses ACLs to assign permissions and/or restrictions to the group. An object group can be networks, services, ICMP message types, or protocols. If you understand grouping, you can achieve tremendous savings in configuration time and space on large, complex configurations.

The PIX Firewall doesn’t support routing between the interfaces, but it does use a form of static and default routes to direct traffic. It’s possible to enable RIP on individual interfaces, allowing the firewall to learn about the attached networks.

41 times read

Related news
» Advanced PIX Firewall Features Review
by alperen posted on Feb 09,2010
» Access Through the PIX Firewall Questions Answers
by alperen posted on Feb 06,2010
» Content Filtering-ActiveX Blocking-Java Blocking-Websense Filtering
by alperen posted on Feb 04,2010
» Connections
by alperen posted on Feb 03,2010
» Conduit Statements
by alperen posted on Feb 04,2010
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
Website Statistics
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.