Cisco FirePOWER ASA 5500 series Configuration Manual page 46
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Firewall Functional Overview
This section includes the following topics:
•
•
•
Security Policy Overview
A security policy determines which traffic is allowed to pass through the firewall to access another
network. By default, the security appliance allows traffic to flow freely from an inside network (higher
security level) to an outside network (lower security level). You can apply actions to traffic to customize
the security policy. This section includes the following topics:
•
•
•
•
•
•
•
•
•
Permitting or Denying Traffic with Access Lists
You can apply an access list to limit traffic from inside to outside, or allow traffic from outside to inside.
For transparent firewall mode, you can also apply an EtherType access list to allow non-IP traffic.
Applying NAT
Some of the benefits of NAT include the following:
•
•
•
Using AAA for Through Traffic
You can require authentication and/or authorization for certain types of traffic, for example, for HTTP.
The security appliance also sends accounting information to a RADIUS or TACACS+ server.
Cisco Security Appliance Command Line Configuration Guide
1-2
Security Policy Overview, page 1-2
Firewall Mode Overview, page 1-3
Stateful Inspection Overview, page 1-4
Permitting or Denying Traffic with Access Lists, page 1-2
Applying NAT, page 1-2
Using AAA for Through Traffic, page 1-2
Applying HTTP, HTTPS, or FTP Filtering, page 1-3
Applying Application Inspection, page 1-3
Sending Traffic to the Advanced Inspection and Prevention Security Services Module, page 1-3
Sending Traffic to the Content Security and Control Security Services Module, page 1-3
Applying QoS Policies, page 1-3
Applying Connection Limits and TCP Normalization, page 1-3
You can use private addresses on your inside networks. Private addresses are not routable on the
Internet.
NAT hides the local addresses from other networks, so attackers cannot learn the real address of a
host.
NAT can resolve IP routing problems by supporting overlapping IP addresses.
Chapter 1
Introduction to the Security Appliance
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
