Information Technology Reference
In-Depth Information
The Cisco Secure PIX Firewall provides security with a protection scheme that is based on the
Adaptive Security Algorithm (ASA), which offers stateful connection-oriented firewalling.
Stateful security is less complex and more robust than packet filtering. It also offers higher
performance and is more scalable than application-level proxy firewalls. ASA tracks the source
and destination address, TCP sequence numbers, port numbers, and additional TCP flags of
each packet.
An example of architecture with a PIX Firewall is shown in Figure 12-6. The PIX controls
access between the outside and isolation network and between the isolation network and the
inside. NAT can translate inside node IP addresses to an outside IP address pool.
DMZ with PIX Firewall
Figure 12-6
Internet
Outside filtering router
Isolation LAN
PIX Firewall
FTP
WWW
Bastion host
Inside filtering router
Some enterprises implement a multilayered firewall system, as shown in Figure 12-7. In this
system, a PIX Firewall filters between the Internet and the DMZ. Another firewall filters
between the DMZ and inside hosts. Hosts are connected to the Isolation LAN to provide
services to Internet clients and connected to the inside Isolation LAN to provide service or for
administrator access.
 
Search WWH ::




Custom Search