Cisco OL-12172-01 - Manual
Cisco OL-12172-01 – Manual, read for free online in PDF format. We hope this helps you resolve any issues you may have. If you have further questions, please contact us through the contact form.
Table of Contents:
- Page 2 – An Inside User Visits a Web Server
- Page 3 – An Outside User Visits a Web Server on the DMZ
- Page 4 – An Inside User Visits a Web Server on the DMZ
- Page 5 – An Outside User Attempts to Access an Inside Host
- Page 6 – A DMZ User Attempts to Access an Inside Host
- Page 7 – Transparent Mode Overview; Transparent Firewall Network; Allowed MAC Addresses
- Page 8 – Passing Traffic Not Allowed in Routed Mode; MAC Address vs. Route Lookups
- Page 9 – Using the Transparent Firewall in Your Network; Transparent Firewall Guidelines
- Page 10 – Feature
- Page 11 – How Data Moves Through the Transparent Firewall
- Page 13 – An Inside User Visits a Web Server Using NAT
- Page 14 – An Outside User Visits a Web Server on the Inside Network
C H A P T E R
15-1
Cisco Security Appliance Command Line Configuration Guide
OL-12172-01
15
Firewall Mode Overview
This chapter describes how the firewall works in each firewall mode. To set the firewall mode, see the
“Setting Transparent or Routed Firewall Mode” section on page 2-5
.
Note
In multiple context mode, you cannot set the firewall mode separately for each context; you can only set
the firewall mode for the entire security appliance.
This chapter includes the following sections:
•
Routed Mode Overview, page 15-1
•
Transparent Mode Overview, page 15-7
Routed Mode Overview
In routed mode, the security appliance is considered to be a router hop in the network. It can use OSPF
or RIP (in single context mode). Routed mode supports many interfaces. Each interface is on a different
subnet. You can share interfaces between contexts.
This section includes the following topics:
•
•
How Data Moves Through the Security Appliance in Routed Firewall Mode, page 15-1
IP Routing Support
The security appliance acts as a router between connected networks, and each interface requires an
IP address on a different subnet. In single context mode, the routed firewall supports OSPF and RIP.
Multiple context mode supports static routes only. We recommend using the advanced routing
capabilities of the upstream and downstream routers instead of relying on the security appliance for
extensive routing needs.
How Data Moves Through the Security Appliance in Routed Firewall Mode
This section describes how data moves through the security appliance in routed firewall mode, and
includes the following topics:
"Loading the manual" means you need to wait until the file loads and becomes available for online reading. Some manuals are very large, and the time they take to appear depends on your internet speed.
Summary
15-2 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Routed Mode Overview • An Inside User Visits a Web Server, page 15-2 • An Outside User Visits a Web Server on the DMZ, page 15-3 • An Inside User Visits a Web Server on the DMZ, page 15-4 • A...
15-3 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Routed Mode Overview 3. The security appliance translates the local source address (10.1.2.27) to the global address 209.165.201.10, which is on the outside interface subnet. The global addre...
15-4 Cisco Security Appliance Command Line Configuration Guide OL-12172-01 Chapter 15 Firewall Mode Overview Routed Mode Overview 2. The security appliance receives the packet and because it is a new session, the security appliance verifies that the packet is allowed according to the terms of the se...
