Understanding the Cisco Firewall
If you are a network administrator, the Cisco firewall is one of the most critical pieces of hardware to consider purchasing. Most administrators worry about security, availability, ease of use, and performance, but none of these features can compare to the need for the firewall.
A firewall is the final piece of hardware for controlling traffic at the interface between an interface and a router or switch. You will typically see one firewall per physical router, or virtual router.
Cisco’s firewall is available in the form of different sizes and price ranges. The cheapest unit you will find is a basic firewall, and the most expensive is the firewalls with active services and firewall device port monitors. This article focuses on the basic firewall model.
The firewall has been designed from the beginning to be simple to use. The programmable firewall (PGE) is the first thing to recognize; it helps administrators configure rules at a glance, keeping them up to date as new and relevant rules are applied to a network.
The simple interface is a great step forward in this direction. An administrator can change rules from the command line without having to change the management interface, thereby improving security without disrupting the administrative flow. The PGE is always up-to-date.
Another piece of Cisco firewall technology is the segmentation policy module (SPM). In this module, an administrator can create separate classes for a particular program. The admin can quickly determine what traffic should go through a particular class.
Firewalls also have an inbound and outbound firewall. In the outbound firewall, a packet is sent out to the internet if it matches the rules in the inbound firewall, and then, if it doesn’t match the rules, the firewall blocks the packet. Cisco firewalls support a number of protocols. One example is the IEEE LAN. Although there are other standard interfaces available, it is commonly implemented on a public network through the IS-IS protocol.
Another protocol supported by many firewalls is the Open Source protocols. These protocols include the IS-IS protocol and the IOS protocol.
Not all firewalls provide the ability to implement these IP features. Although they are enabled on some Cisco firewalls, IP fragmentation is disabled. As a result, managed IP addresses can have a high impact on system performance.
Wireless is another area of concern in the face of cybersecurity. Many organizations have programs that allow access to wireless networks, however, and if you don’t have that capability in your firewall, you could be putting your employees at risk. It’s worth the investment to have it implemented.