CCNP BCMSN Exam Certification Guide (3rd Edition)

Chapter 12. Cisco IOS Firewall: Managing Activity

Refer to the following sections for information about these topics:

  • 12-1: Synchronizing the IOS Firewall Clock Explains how the firewall clock can be set and automatically synchronized with time references. Having an accurate clock keeps firewall messages properly time-stamped and related to messages from other devices in your network.

  • 12-2: Configuring IOS Firewall Logging Explains how IOS firewall routers generate logging messages and how you can configure them to do so.

  • 12-3: Using Authentication Proxy to Manage User Access Presents the configuration steps necessary to authenticate end users before allowing them to pass through the IOS firewall.

When a Cisco router is configured to operate as a firewall, several aspects of network administration deserve special attention. Like any other firewall platform, an IOS firewall can generate an audit trail of its activity while inspecting the network traffic. The firewall system clock should be synchronized to an accurate source so that all security-related information is logged with the correct date and time. As well, some firewall features involve time-based access, where the security policies can change at predefined times.

The IOS firewall can also provide network access based on user authentication and authorization. This chapter covers the technique that is used to challenge end users for authentication credentials and to give them the appropriate access.

    Категории