Previous Page Next Page

Summary

This chapter discussed the router-based IOS Firewall technology and focused mainly on one of the several subsystems—the SPI technology that uses the classical firewall that in turn uses CBAC and the new ZFW structures. SPI is an advanced firewall engine for stateful inspection providing traffic-filtering functionality on a Cisco IOS–based device as a single point of protection.

The chapter described CBAC functions and how they work using step-by-step configuration processes with examples.

The chapter also covered the new ZFW concept using security zones and exemplified the required steps to configure the ZFW.

The chapter also provided an overview of some of the advanced IOS Firewall features introduced in the newer IOS Software versions.

Previous Page Next Page