Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
1-23
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 1 Introduction to the Cisco ASA 5500 Series
Firewall Functional Overview
When discussing networks connected to a firewall, the outside network is in front of the firewall, the
inside network is protected and behind the firewall, and a DMZ, while behind the firewall, allows limited
access to outside users. Because the ASA lets you configure many interfaces with varied security
policies, including many inside interfaces, many DMZs, and even many outside interfaces if desired,
these terms are used in a general sense only.
This section includes the following topics:
Security Policy Overview, page 1-23
Firewall Mode Overview, page 1-25
Stateful Inspection Overview, page 1-26
Security Policy Overview
A security policy determines which traffic is allowed to pass through the firewall to access another
network. By default, the ASA allows traffic to flow freely from an inside network (higher security level)
to an outside network (lower security level). You can apply actions to traffic to customize the security
policy. This section includes the following topics:
Permitting or Denying Traffic with Access Rules, page 1-23
Applying NAT, page 1-23
Protecting from IP Fragments, page 1-24
Using AAA for Through Traffic, page 1-24
Applying HTTP, HTTPS, or FTP Filtering, page 1-24
Applying Application Inspection, page 1-24
Sending Traffic to the IPS Module, page 1-24
Sending Traffic to the Content Security and Control Module, page 1-24
Applying QoS Policies, page 1-24
Applying Connection Limits and TCP Normalization, page 1-25
Enabling Threat Detection, page 1-25
Enabling the Botnet Traffic Filter, page 1-25
Configuring Cisco Unified Communications, page 1-25
Permitting or Denying Traffic with Access Rules
You can apply an access rule to limit traffic from inside to outside, or allow traffic from outside to inside.
For transparent firewall mode, you can also apply an EtherType access list to allow non-IP traffic.
Applying NAT
Some of the benefits of NAT include the following:
You can use private addresses on your inside networks. Private addresses are not routable on the
Internet.
NAT hides the local addresses from other networks, so attackers cannot learn the real address of a
host.