Instruction/ maintenance manual of the product OL-12172-01 Cisco Systems
Go to page of 16
CH A P T E R 15-1 Cisco Security Applia nce Command Line Configuratio n Guide OL-12172-01 15 Firewall Mode Overview This chapter describes ho w the fire wall w orks in each fire wall mode. T o set the fire wall mode, see t he “Setting T ransparent or Routed Fire wall Mode” section on page 2- 5 .
15-2 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Routed Mode Over view • An Inside User V isits a W eb Server , page 15-2 • An Outside U.
15-3 Cisco Security Applia nce Command Line Configuratio n Guide OL-12172-01 Chapter 15 Fi rewall Mode Overview Routed Mode Overview 3. The security appliance translat es the local so urce address (10. 1.2.27) to the global address 209.165.201.10, which is on the outside interface subnet.
15-4 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Routed Mode Over view 2. The security appliance receiv es the packet and b ecause it is a new session, the security appliance verif ies that the packet is allowed according to th e terms of the security policy (access lists, f ilters, AAA).
15-5 Cisco Security Applia nce Command Line Configuratio n Guide OL-12172-01 Chapter 15 Fi rewall Mode Overview Routed Mode Overview The follo wing steps describe ho w data mo ves through the security appliance (see Figure 15-3 ): 1. A user on the inside netw ork requests a web page from the DMZ web serv er using the destination address of 10.
15-6 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Routed Mode Over view The follo wing steps describe ho w data mo ves through the security appliance (see Figure 15-4 ): 1. A user on the outside netw ork attempts to reach an inside host (assuming the ho st has a routable IP address).
15-7 Cisco Security Applia nce Command Line Configuratio n Guide OL-12172-01 Chapter 15 Fi rewall Mode Overview Transparent Mode Overview Transparent Mode Overview T raditionally , a fire wall is a routed hop and acts as a default gate way for hosts that connect to one of i ts screened subnets.
15-8 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Transparen t Mode Overview Passing Traffic Not Allowed in Routed Mode In routed mode, some types of traf fic cannot pass through the security appliance e ven if you allow it in an access list.
15-9 Cisco Security Applia nce Command Line Configuratio n Guide OL-12172-01 Chapter 15 Fi rewall Mode Overview Transparent Mode Overview Using the Transparent Firewall in Your Network Figure 15-6 sh ows a typical transparent fire wall net work where the outside devices are on the same subnet as the inside devices.
15-10 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Transparen t Mode Overview In single mode, you can only use tw o data interfaces (and the dedicated man agement interface, if av ailable) e ven if your security applia nce includes more than two interfaces.
15-11 Cisco Security Applia nce Command Line Configuratio n Guide OL-12172-01 Chapter 15 Fi rewall Mode Overview Transparent Mode Overview How Data Moves Through the Transparent Firewall Figure 15-7 sho ws a typical transparent fire wall impl ementation with an inside netw ork that contains a public web server .
15-12 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Transparen t Mode Overview An Inside User Visits a Web Server Figure 15-8 sh ows an insi de user accessing an outside web serv er .
15-13 Cisco Security Applia nce Command Line Configuratio n Guide OL-12172-01 Chapter 15 Fi rewall Mode Overview Transparent Mode Overview An Inside User Visits a Web Server Using NAT Figure 15-8 sh ows an insi de user accessing an outside web serv er .
15-14 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Transparen t Mode Overview 7. The security appliance performs N A T by transla ting the mapped address to the real address, 10.
15-15 Cisco Security Applia nce Command Line Configuratio n Guide OL-12172-01 Chapter 15 Fi rewall Mode Overview Transparent Mode Overview If the destinat ion MA C address is not in t he security appliance table , the security applia nce attempts to disco ver the MA C address b y sending an ARP request and a ping.
15-16 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Transparen t Mode Overview.
An important point after buying a device Cisco Systems OL-12172-01 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Cisco Systems OL-12172-01 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Cisco Systems OL-12172-01 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Cisco Systems OL-12172-01 you will learn all the available features of the product, as well as information on its operation. The information that you get Cisco Systems OL-12172-01 will certainly help you make a decision on the purchase.
If you already are a holder of Cisco Systems OL-12172-01, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Cisco Systems OL-12172-01.
However, one of the most important roles played by the user manual is to help in solving problems with Cisco Systems OL-12172-01. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Cisco Systems OL-12172-01 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
