Cisco OL-12172-01 - Manuals

Page 2 - An Inside User Visits a Web Server

15-2 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Routed Mode Overview • An Inside User Visits a Web Server, page 15-2 • An Outside User Visits a Web Server on the DMZ, page 15-3 • An Inside User Visits a Web Server on the DMZ, page 15-4 • A...

Page 3 - An Outside User Visits a Web Server on the DMZ

15-3 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Routed Mode Overview 3. The security appliance translates the local source address (10.1.2.27) to the global address 209.165.201.10, which is on the outside interface subnet. The global addre...

Page 4 - An Inside User Visits a Web Server on the DMZ

15-4 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Routed Mode Overview 2. The security appliance receives the packet and because it is a new session, the security appliance verifies that the packet is allowed according to the terms of the se...

Page 5 - An Outside User Attempts to Access an Inside Host

15-5 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Routed Mode Overview The following steps describe how data moves through the security appliance (see Figure 15-3 ): 1. A user on the inside network requests a web page from the DMZ web server...

Page 6 - A DMZ User Attempts to Access an Inside Host

15-6 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Routed Mode Overview The following steps describe how data moves through the security appliance (see Figure 15-4 ): 1. A user on the outside network attempts to reach an inside host (assuming...

Page 7 - Transparent Mode Overview; Transparent Firewall Network; Allowed MAC Addresses

15-7 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Transparent Mode Overview Transparent Mode Overview Traditionally, a firewall is a routed hop and acts as a default gateway for hosts that connect to one of its screened subnets. A transparen...

Page 8 - Passing Traffic Not Allowed in Routed Mode; MAC Address vs. Route Lookups

15-8 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Transparent Mode Overview Passing Traffic Not Allowed in Routed Mode In routed mode, some types of traffic cannot pass through the security appliance even if you allow it in an access list. T...

Page 9 - Using the Transparent Firewall in Your Network; Transparent Firewall Guidelines

15-9 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Transparent Mode Overview Using the Transparent Firewall in Your Network Figure 15-6 shows a typical transparent firewall network where the outside devices are on the same subnet as the insid...

Page 10 - Feature

15-10 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Transparent Mode Overview In single mode, you can only use two data interfaces (and the dedicated management interface, if available) even if your security appliance includes more than two i...

Page 11 - How Data Moves Through the Transparent Firewall

15-11 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Transparent Mode Overview How Data Moves Through the Transparent Firewall Figure 15-7 shows a typical transparent firewall implementation with an inside network that contains a public web se...

Page 13 - An Inside User Visits a Web Server Using NAT

15-13 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Transparent Mode Overview An Inside User Visits a Web Server Using NAT Figure 15-8 shows an inside user accessing an outside web server. Figure 15-9 Inside to Outside with NAT The following ...

Page 14 - An Outside User Visits a Web Server on the Inside Network

15-14 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Transparent Mode Overview 7. The security appliance performs NAT by translating the mapped address to the real address, 10.1.2.27. An Outside User Visits a Web Server on the Inside Network F...