You are previewing Deploying Zone-Based Firewalls.
O'Reilly logo
Deploying Zone-Based Firewalls

Book Description

Deploying Zone-Based Firewalls (Digital Short Cut)

Ivan Pepelnjak

ISBN: 1-58705-310-1

Improved firewall policy configuration means network administrators can more easily understand the effect of firewall policies on network traffic. This functionality allows the grouping of physical and virtual interfaces into zones to simplify logical network topology. The creation of these zones enables the application of firewall policies on a zone-to-zone basis, instead of having to configure policies separately on each interface. With this functionality, configuration is easier to understand.

Deploying Zone-Based Firewalls teaches you how to design and implement zone-based firewalls using new features introduced in Cisco IOS release 12.4T. This digital short cut, delivered in Adobe PDF format for quick and easy access, provides you with background information on IOS Firewall Stateful Inspection and Zone-based Policy Firewall configuration. The short cut then focuses on designing zone-based firewalls and deploying zone-based policies with the new Cisco IOS command-line interface (CLI). Common deployment scenarios are included to highlight proper use of this powerful Cisco IOS feature.

Table of Contents:

Chapter 1: Introduction to Zone-Based Firewalls

Chapter 2: Typical Zone-Based Firewall Designs

Chapter 3: Configuring Zone-Based Policy Firewalls in Cisco IOS

Chapter 4: Case Study: Firewall with a Perimeter Network

Chapter 5: Advanced Zone-Based Policy Firewall Configuration

Chapter 6: Configuring Transparent Firewalls

Table of Contents

  1. Copyright
  2. About the Author
  3. About the Technical Editor
  4. 1. Introduction to Zone-Based Firewalls
    1. Simple Zone-Based Design
    2. More Complex Zone-Based Design
    3. Implementing Zone-Based Designs
    4. Summary
  5. 2. Typical Zone-Based Firewall Designs
    1. Simple LAN-to-Internet Firewall
    2. Firewall with Public Servers
    3. Redundant Firewall Designs
    4. Complex Firewall Designs
    5. Reducing the Complexity of Advanced Firewalls
    6. Summary
  6. 3. Configuring Zone-Based Policy Firewalls in Cisco IOS
    1. Initial Zone-Based Policy Firewall Configuration
      1. Configuring Security Zones
      2. Configuring Firewall Policy
      3. Assigning Interfaces to Security Zones
      4. Testing the Firewall Configuration
      5. Configuration Command Summary
    2. Limiting Inside-to-Outside Traffic
    3. Protecting the Router
      1. Configuring Router Protection
    4. Monitoring and Debugging Zone-Based Policy Firewall Configuration
    5. Summary
  7. 4. Case Study: Firewall with a Perimeter Network
    1. Configuring the Firewall Policy
    2. Protecting the Router
    3. Summary
  8. 5. Advanced Zone-Based Policy Firewall Configuration
    1. Tuning the Stateful Inspection
    2. Tuning Denial-of-Service Protection
    3. Identifying Masquerading Applications
      1. Identifying Peer-to-Peer Applications
      2. Identifying Instant Messaging Applications
    4. Application Layer Packet Inspection
      1. Application Layer Packet Inspection Example
    5. HTTP Packet Inspection
      1. Configuring Simple HTTP Inspection
    6. Configuring User-Defined Protocols
    7. Summary
  9. 6. Configuring Transparent Firewalls
    1. Protecting Internal Servers: Alternate Design
    2. Case Study: Migrating a Server to the Perimeter Network
    3. Summary