Firewall Fundamentals

One of the most widely deployed firewalls on the Internet is the Cisco PIX Firewall. The PIX, along with the new Cisco Adaptive Security Appliance (ASA), is poised to improve Cisco's market share of the firewall and virtual private network (VPN) marketplace by providing advanced security, increased performance, and more robust functionality. Originally acquired from a company called Network Translations back in the early to mid-1990s, the PIX has undergone significant development and improvements so that it has become one of the best firewalls on the market today. The PIX not only provides firewall capabilities but also VPN services and basic intrusion detection system (IDS) features. The ASA builds upon the PIX firewall base to include full-featured VPN and intrusion prevention system (IPS) capabilities. The firewall features of the PIX and ASA are implemented using what Cisco terms an adaptive security algorithm (ASAnot to be confused with the Cisco Adaptive Security Appliance, which is also termed ASA) to provide stateful firewall functionality. This chapter covers PIX and ASA model options for a network as well as how the PIX/ASA firewall works, how to configure for network connectivity and to access the PIX Device Manager (PDM) (for 6.x versions of software) and the Adaptive Security Device Manager (ASDM) (for 7.x versions of software), and a checklist of the things to consider when implementing a Cisco PIX or ASA in the network.

Категории