Table of Contents
Advertisement
Firewall Feature Set Overview
Figure 16-10
There are many possible network configurations for a firewall. The figure above shows a scenario
with the firewall connected to the trusted network (internal) and servers that can be accessed
externally (via the DMZ).
The XSR firewall feature set inspects packets coming in from open ports and either passes them on
to the router or drops them based on policies defined in the policy database which is configured
using the XSR's CLI.
In this example, the firewall acts as a shield for traffic coming in and out of the external and DMZ
networks. The internal interface does not have nor does it need firewall inspection enabled
because it is a trusted network.
While this flexibility is useful, it emphasizes the fact that the shield is only as effective as the
intelligence of the policies. Functionally, the XSR's policy database defines the configuration and
retains information about the sessions currently allowed through the firewall.
Types of Firewalls
Generally speaking, there are three types of firewalls: Access Control List (ACL) or Packet Filter,
Application Level Gateway (ALG) or Proxy, and Stateful Inspection. Each of these firewall types
operate at different layers of the TCP/IP network model, using different criteria to restrict traffic.
ACL and Packet Filter Firewalls
ACL and packet filter firewalls statically apply security policy to a packet's contents according to
pre-configured rules you specify such as permitted or denied source and destination addresses
16-10 Configuring Security on the XSR
XSR Firewall Topology
Internet
Firewall
inspection
enabled
XSR
Router
Internal
External
SMTP server
Policy DB
DMZ
Firewall
inspection
enabled
HTTP server
Client
Advertisement
Table of Contents
Troubleshooting
