Information Technology Reference
In-Depth Information
Figure 13-3 shows an ASA firewall with three zones and the permitted policy and flow of
the traffic.
DMZ Public Zone
HTTP/FTP
E-Commerce SSL
HTTP/
FTP/SSL
Trusted Internal Zone
Untrusted Internet Zone
Internet
HTTP/SSL
Figure 13-3
Firewall ACLs and Zones
The policy for the firewall shown in Figure 13-3 includes the following:
Allow HTTP and HTTPS to the Internet
■
Allow HTTPS and FTP to the public web and FTP server
■
Allow HTTPS to the public e-commerce server
■
Cisco NAC Appliance
The Cisco NAC Appliance is a turnkey solution that can meet any organization's technol-
ogy and operational needs. The Cisco NAC Appliance is a self-contained product that in-
tegrates with the infrastructure to provide user authentication and enforce security
policy for wired and wireless devices seeking access into the network. NAC Appliances
can provide posture compliance and remediation before allowing access to the network
infrastructure.
NAC can restrict access of noncompliant devices but permit access to trusted wired or
wireless endpoints such as desktops, laptops, PDAs, and servers.
Successful deployments of NAC infrastructure require detailed planning, with considera-
tions for timeframes, groups involved, and customer requirements.
