The firewall has become a common entity and is a necessary and integral part of every network infrastructure. The most critical requirement in most security solutions today is implementing a firewall. Networks today have grown both in size and complexity, with the environment becoming increasingly hostile. This chapter brings together Cisco industry-leading innovative firewall technology with flagship products uniquely positioned to deliver purpose-built, feature-rich firewall technology.
The previous chapter focused on a router-based IOS Firewall solution, whereas this chapter mainly focuses on the hardware-based, purpose-built Cisco Firewall technology.
The chapter discusses various types of Cisco Firewalls available and includes a brief overview of each model. The chapter is divided into two segments—features and configuration based on the following:
Firewall appliance software for PIX 500 and ASA 5500 platforms
Firewall module software for Firewall Services Module (FWSM)
The chapter takes a closer look at core concepts, such as firewall modes, security contexts, stateful inspection, the Adaptive Security Algorithm, IP routing, various types of Network Address Translation (NAT), the control of traffic flow and network access through the firewall, the Modular Policy Framework (MPF), and the provisioning of high-availability and resilient networks.
A firewall is a hardware or software solution implemented within the network to enforce security policies by controlling network access. The traditional function of firewalls has evolved from the original function of protecting a network from unauthorized external access. Besides protecting the perimeter of a network, today's firewalls implement the following: access control, virtual private network (VPN) services, quality of service (QoS) features, redundancy mechanisms, and much more. In general, firewalls can offer data privacy, integrity, and availability.
A firewall is often seen as the first step toward a network security solution. Network security needs to be architected as a foundation for success, and firewalls are an integral part of this architecture.
Firewall deployment requires charting network boundaries between security domains. A network security domain is a contiguous zone of a network that operates under a uniform security policy. A policy enforcement mechanism is required where these domains interconnect. This is where firewall technology comes into play. Firewalls ensure protection by acting as the first line of network defense.