We know that there are four types of firewalls: integrated firewall capabilities of the router, integrated firewall capabilities of the proxy server, a dedicated software firewall and dedicated hardware and software combined with the firewall. Cisco's firewall solution includes the first and fourth of the four types: the integrated firewall feature router and the dedicated hardware and software combination firewall.
 
One, integrated in the router's firewall technology
 
1. ACL technology in router iOS standard equipment
 
ACLs, access control Lis T (Access controls list), referred to as access list, are the basis of the following iOS Firewall Feature set It is also part of the standard configuration of iOS (Internet Operation system, inter-network operating system) of the operating system of the Cisco full Router unified interface. This means that after the router is purchased, the ACL function is available and no extra money is needed to buy it.
 
2, iOS Firewall Feature Set (iOS firewall package)
 
The iOS Firewall Feature set is a further boost to security control based on ACLs, known as a set of add-on packages specifically for firewall functionality, which can be obtained via iOS upgrades and can be loaded onto multiple Cisco router platforms.
 
Currently, the firewall package is suitable for the router platform including Cisco 1600, 1700, 2500, 2600 and 3600, are in the low-end series. It can meet the needs of many small and medium-sized users who are inclined to use "All-in-one solution" (Integrated solutions) and strive to simplify management. The reason for not implementing integrated firewall functionality on high-end devices is to avoid the core work of the backbone routers that affect large networks-data forwarding. In such a network, you should use a dedicated firewall device.
 
Cisco iOS firewall features:
 
• Context-based access control (CBAC) provides application-based security filtering for advanced applications and supports the latest protocols
 
L Java can prevent the download of the small application of the motive is not pure
 
• Added denial of service detection and prevention capabilities based on existing functionality to increase protection
 
L can send alerts and system logging error messages to the central management console in real time after detection of suspicious behavior
 
L TCP/UDP transaction Records track user access by source/destination address and port
 
L Configuration and management features work in close collaboration with existing management applications
 
Order Information
 
Cisco 1600 series Cisco IOS firewall features
 
Ip/firewall cd16-bw/ew/ch-11.3=
 
Ip/firewall cd16-by/ey/ch-11.3=
 
Ip/ipx/firewall Plus cd16-c/bhp-11.3=
 
Cisco 2500 series Cisco IOS firewall features
 
Ip/firewall cd25ch-11.2=
 
Ip/ipx/at/dec/firewall Plus cd25-bhp-11.2=
 
Second, the special firewall--pix
 
PIX (Private Internet eXchange) is the fourth of a four-class firewall-a hardware-software-combination firewall designed to meet high levels of security requirements and provide a rigorous, robust security guard against better performance-price ratios. In addition to the common features of the fourth firewall, it includes the functionality of the iOS Firewall Feature set.