: used to stop traffic from somewhere to somewhere else
First think we need to do is too identify Zones (similar interfaces are added to zones, these interfaces have similar function : Host function, Servers for public function, servers for private function
First zone : OutSide with interface Fa4/0
The second zone is « let call it DMZ” connected to Fa3/0
Fa2/0 and Fa1/0 are two inside interfaces
The default rules of the Firewall Is implicite deny, so traffic between zones is deny
Identify traffic or (Class Maps)
Could mean traffic between subnets, like Fa2/0 10.2.0.0/24 and Fa1/0 10.1.0.0/25 in figure Could mean traffic nased upon layer 4 traffic protocols, Could be based upon applications layer services like P2P networking Identify policy Map What to do to this traffic ? this mean rules based traffic Exemple : inspect the traffic “remember” as in CBAC, when we get outbounce traffic, we rember it, when it comback we allow it to go inside, if there is no information about the remember the traffic coming from outside will be bloked
3 action inspect , allow/pass, drop
To identify when set the inspection we need We need to identify the traffic going out (coming from inside) and the raffic coming from outside Traffic from user to internet Traffic from internet to user Example: IN-TO-OUT Source: IN Dest: Outs We have rules for traffic IN-TO-OUT: pour UDP, HTTP, TCP …. Service policy appy the policy Maps for pair of Zones (traffic for one zone to another one) We can filter Application inspection like : protocol inspection Examle some one use protocol but change commande inside (we can stop it by deep inspection)