1-2
Cisco Security Appliance Command Line Configuration Guide
OL-12172-03
Chapter 1 Introduction to the Security Appliance
Firewall Functional Overview
This section includes the following topics:
•
Security Policy Overview, page 1-2
•
Firewall Mode Overview, page 1-4
•
Stateful Inspection Overview, page 1-4
Security Policy Overview
A security policy determines which traffic is allowed to pass through the firewall to access another
network. By default, the security appliance allows traffic to flow freely from an inside network (higher
security level) to an outside network (lower security level). You can apply actions to traffic to customize
the security policy. This section includes the following topics:
•
Permitting or Denying Traffic with Access Lists, page 1-2
•
Applying NAT, page 1-2
•
Using AAA for Through Traffic, page 1-2
•
Applying HTTP, HTTPS, or FTP Filtering, page 1-3
•
Applying Application Inspection, page 1-3
•
Sending Traffic to the Advanced Inspection and Prevention Security Services Module, page 1-3
•
Sending Traffic to the Content Security and Control Security Services Module, page 1-3
•
Applying QoS Policies, page 1-3
•
Applying Connection Limits and TCP Normalization, page 1-3
Permitting or Denying Traffic with Access Lists
You can apply an access list to limit traffic from inside to outside, or allow traffic from outside to inside.
For transparent firewall mode, you can also apply an EtherType access list to allow non-IP traffic.
Applying NAT
Some of the benefits of NAT include the following:
•
You can use private addresses on your inside networks. Private addresses are not routable on the
Internet.
•
NAT hides the local addresses from other networks, so attackers cannot learn the real address of a
host.
•
NAT can resolve IP routing problems by supporting overlapping IP addresses.
Using AAA for Through Traffic
You can require authentication and/or authorization for certain types of traffic, for example, for HTTP.
The security appliance also sends accounting information to a RADIUS or server.
Summary of Contents for 500 Series
Page 38: ...Contents xxxviii Cisco Security Appliance Command Line Configuration Guide OL 12172 03 ...
Page 45: ...P A R T 1 Getting Started and General Information ...
Page 46: ......
Page 277: ...P A R T 2 Configuring the Firewall ...
Page 278: ......
Page 561: ...P A R T 3 Configuring VPN ...
Page 562: ......
Page 891: ...P A R T 4 System Administration ...
Page 892: ......
Page 975: ...P A R T 5 Reference ...
Page 976: ......