SlideShare a Scribd company logo

PIX vs ASA_firewall

Download as DOCX, PDF
Rajesh Porwal
Rajesh Porwal
Technology
1 of 3
PIX FIREWALL BY R P PORWAL PIX FIREWALL What Does a PIX Do? The PIX is a firewall appliance based on a hardened, specially built operating system, PIX OS, minimizing possible OS-specific security holes. BSNL is using latest cisco ASA ( adaptive security appliance) of 55xx series for its 3G OSS More about ASA firewall in upcoming presentation PIX firewalls provide a wide range of security and networking services including:  Network Address Translation (NAT) or Port Address Translation (PAT)  content filtering (Java/ActiveX)  URL filtering  IPsec VPN  support for leading X.509 PKI solutions  DHCP client/server  PPPoE support  advanced security services for multimedia applications and protocols including Voice over IP (VoIP), H.323, SIP, Skinny and Microsoft NetMeeting  AAA (RADIUS/TACACS+) integration PIX can be graphically managed using the integrated Web-based management interface known as the PIX Device Manager (PDM) or by the Cisco Secure Policy Manager 2.3f and 3.0f (not to be confused with CSPM 2.3.3i which is for intrusion detection system management). The PDM is a PIX-specific device configuration and management tool whereas CSPM is generally used as part of a larger security management infrastructure and allows one to correlate organizational security policies with a PIX configuration. Management interfaces include command-line interface (CLI), telnet, Secure Shell (SSH 1.5), console port, SNMP, and syslog. . PIX Terminology and Background Information The following diagram shows a multi-port PIX connected to various networks. We will use this diagram as we build up a PIX configuration in this and any subsequent PIX articles.
PIX FIREWALL BY R P PORWAL PIX terminology: we generally refer to the user segment as the Inside subnet. The interface connected to the Internet router is the outside subnet. As shown, we probably have DMZ (De- Militarized Zone) subnet, the subnet where we quarantine all servers that are accessible from the outside. We might also have a separate management subnet and a subnet tying to a redundant PIX for failover (if supported/licensed). The PIX Command-Line Interface (CLI) is somewhat like the Cisco IOS interface, but different. Use colon (":") for comments (which, as usual, are not retained). Newer PIX OS uses ACL's, replacing the former conduits (which were arguably more confusing to experienced Cisco router administrators). PIX interfaces are normally shutdown until the administrator activates them. PIX interfaces have an associated security level. Two interfaces at same level can't send packets to each other. We'll shortly see that you set levels with nameif command. Connections and traffic are normally permitted from higher to lower security level interfaces, although you do have to put in some basic configuration to allow traffic to flow. Connections the other way (from low to high security) are disallowed unless the configuration explicitly permits them.
PIX FIREWALL BY R P PORWAL You actually do not have to put any ACL if going from a higher security level to a lower. Everything will be allowed. Best practice is to put an ACL on all interfaces even if the ACL permits everything to flow using "ip any any". An ACL put inbound (PIX only does inbound ACLs) to the inside interface can control traffic destined going outbound. If an admin wants to only have www and dns traffic outbound he would allow only tcp on 80 and udp on 53 then everything else like real audio would be denied as it goes out.) To let traffic flow from a high security level to a lower level, use the nat and global commands. For the opposite direction, from lower to higher, use the static and access-list commands. We suggest using nat and global when going from any non-outside interface to the outside interface (Internet usually unless the PIX is used as a border between business units) which is a little different than the first sentence above. We also suggest using statics from any non-outside interface to any other non-outside interface (like inside to management or ethernet3 to ethernet4, below.) The PIX normally uses stateful NAT connections and stateful security, referred to as the Adaptive Security Algorithm (ASA). The PIX does not pass multicast traffic

Recommended

PLNOG 8: Gaweł Mikołajczyk - Securing the Cloud Infrastructure - from Hyperv...
PLNOG 8: Gaweł Mikołajczyk - Securing the Cloud Infrastructure - from Hyperv...PLNOG 8: Gaweł Mikołajczyk - Securing the Cloud Infrastructure - from Hyperv...
PLNOG 8: Gaweł Mikołajczyk - Securing the Cloud Infrastructure - from Hyperv...PROIDEA
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
FortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZFortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZIPMAX s.r.l.
 
Hoe ontwerp je een Managed Security Cloud-referentiearchitectuur?
Hoe ontwerp je een Managed Security Cloud-referentiearchitectuur? Hoe ontwerp je een Managed Security Cloud-referentiearchitectuur?
Hoe ontwerp je een Managed Security Cloud-referentiearchitectuur? ASP4all
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
Cisco pix firewall configuration for dcsl
Cisco pix firewall configuration for dcslCisco pix firewall configuration for dcsl
Cisco pix firewall configuration for dcslIT Tech
 
Firewall
FirewallFirewall
Firewallguestdb9bc9
 
LAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLinaro
 

Recommended

PLNOG 8: Gaweł Mikołajczyk - Securing the Cloud Infrastructure - from Hyperv...
PLNOG 8: Gaweł Mikołajczyk - Securing the Cloud Infrastructure - from Hyperv...PLNOG 8: Gaweł Mikołajczyk - Securing the Cloud Infrastructure - from Hyperv...
PLNOG 8: Gaweł Mikołajczyk - Securing the Cloud Infrastructure - from Hyperv...PROIDEA
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
FortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZFortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZIPMAX s.r.l.
 
Hoe ontwerp je een Managed Security Cloud-referentiearchitectuur?
Hoe ontwerp je een Managed Security Cloud-referentiearchitectuur? Hoe ontwerp je een Managed Security Cloud-referentiearchitectuur?
Hoe ontwerp je een Managed Security Cloud-referentiearchitectuur? ASP4all
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
Cisco pix firewall configuration for dcsl
Cisco pix firewall configuration for dcslCisco pix firewall configuration for dcsl
Cisco pix firewall configuration for dcslIT Tech
 
Firewall
FirewallFirewall
Firewallguestdb9bc9
 
LAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLinaro
 
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelXPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelThe Linux Foundation
 
Managing SSH Acccess Without Managing SSH Keys
Managing SSH Acccess Without Managing SSH KeysManaging SSH Acccess Without Managing SSH Keys
Managing SSH Acccess Without Managing SSH KeysNiall Sheridan
 
PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX
PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSXPLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX
PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSXPROIDEA
 
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks
 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context TrainingTariq Bader
 
Cohesive Networks Support Docs: VNS3 Setup for Fortigate
Cohesive Networks Support Docs: VNS3 Setup for FortigateCohesive Networks Support Docs: VNS3 Setup for Fortigate
Cohesive Networks Support Docs: VNS3 Setup for FortigateCohesive Networks
 
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASA
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASACohesive Networks Support Docs: VNS3 Setup for Cisco ASA
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASACohesive Networks
 
Cohesive Networks Support Docs: VNS3 Setup for Sonicwall
Cohesive Networks Support Docs: VNS3 Setup for SonicwallCohesive Networks Support Docs: VNS3 Setup for Sonicwall
Cohesive Networks Support Docs: VNS3 Setup for SonicwallCohesive Networks
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsMilosch Meriac
 
Practical real-time operating system security for the masses
Practical real-time operating system security for the massesPractical real-time operating system security for the masses
Practical real-time operating system security for the massesMilosch Meriac
 
State of the (evil) Mainframe
State of the (evil) MainframeState of the (evil) Mainframe
State of the (evil) MainframeHenri Kuiper
 
How to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallHow to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallIT Tech
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1Sankaranarayanan Subramanian
 
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemmbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemarmmbed
 
Fortinet & VMware integration
Fortinet & VMware integrationFortinet & VMware integration
Fortinet & VMware integrationVMUG IT
 
FortiGate 60C
FortiGate 60CFortiGate 60C
FortiGate 60Cdwaeyaert
 
Cohesive Networks Support Docs: VNS3 Configuration in Azure
Cohesive Networks Support Docs: VNS3 Configuration in Azure Cohesive Networks Support Docs: VNS3 Configuration in Azure
Cohesive Networks Support Docs: VNS3 Configuration in Azure Cohesive Networks
 
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...The Linux Foundation
 
Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide Cohesive Networks
 
závěrečný_úkol_KPI
závěrečný_úkol_KPIzávěrečný_úkol_KPI
závěrečný_úkol_KPIMonika Brdečková
 
Internet of Things
Internet of ThingsInternet of Things
Internet of ThingsApple Abadilla
 

More Related Content

What's hot

XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelXPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelThe Linux Foundation
 
Managing SSH Acccess Without Managing SSH Keys
Managing SSH Acccess Without Managing SSH KeysManaging SSH Acccess Without Managing SSH Keys
Managing SSH Acccess Without Managing SSH KeysNiall Sheridan
 
PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX
PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSXPLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX
PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSXPROIDEA
 
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks
 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context TrainingTariq Bader
 
Cohesive Networks Support Docs: VNS3 Setup for Fortigate
Cohesive Networks Support Docs: VNS3 Setup for FortigateCohesive Networks Support Docs: VNS3 Setup for Fortigate
Cohesive Networks Support Docs: VNS3 Setup for FortigateCohesive Networks
 
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASA
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASACohesive Networks Support Docs: VNS3 Setup for Cisco ASA
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASACohesive Networks
 
Cohesive Networks Support Docs: VNS3 Setup for Sonicwall
Cohesive Networks Support Docs: VNS3 Setup for SonicwallCohesive Networks Support Docs: VNS3 Setup for Sonicwall
Cohesive Networks Support Docs: VNS3 Setup for SonicwallCohesive Networks
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsMilosch Meriac
 
Practical real-time operating system security for the masses
Practical real-time operating system security for the massesPractical real-time operating system security for the masses
Practical real-time operating system security for the massesMilosch Meriac
 
State of the (evil) Mainframe
State of the (evil) MainframeState of the (evil) Mainframe
State of the (evil) MainframeHenri Kuiper
 
How to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallHow to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallIT Tech
 
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemmbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemarmmbed
 
Fortinet & VMware integration
Fortinet & VMware integrationFortinet & VMware integration
Fortinet & VMware integrationVMUG IT
 
FortiGate 60C
FortiGate 60CFortiGate 60C
FortiGate 60Cdwaeyaert
 
Cohesive Networks Support Docs: VNS3 Configuration in Azure
Cohesive Networks Support Docs: VNS3 Configuration in Azure Cohesive Networks Support Docs: VNS3 Configuration in Azure
Cohesive Networks Support Docs: VNS3 Configuration in Azure Cohesive Networks
 
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...The Linux Foundation
 
Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide Cohesive Networks
 

What's hot (20)

XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelXPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
 
Managing SSH Acccess Without Managing SSH Keys
Managing SSH Acccess Without Managing SSH KeysManaging SSH Acccess Without Managing SSH Keys
Managing SSH Acccess Without Managing SSH Keys
 
PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX
PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSXPLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX
PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSX
 
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 Administration
 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context Training
 
Cohesive Networks Support Docs: VNS3 Setup for Fortigate
Cohesive Networks Support Docs: VNS3 Setup for FortigateCohesive Networks Support Docs: VNS3 Setup for Fortigate
Cohesive Networks Support Docs: VNS3 Setup for Fortigate
 
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASA
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASACohesive Networks Support Docs: VNS3 Setup for Cisco ASA
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASA
 
Cohesive Networks Support Docs: VNS3 Setup for Sonicwall
Cohesive Networks Support Docs: VNS3 Setup for SonicwallCohesive Networks Support Docs: VNS3 Setup for Sonicwall
Cohesive Networks Support Docs: VNS3 Setup for Sonicwall
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models
 
Practical real-time operating system security for the masses
Practical real-time operating system security for the massesPractical real-time operating system security for the masses
Practical real-time operating system security for the masses
 
State of the (evil) Mainframe
State of the (evil) MainframeState of the (evil) Mainframe
State of the (evil) Mainframe
 
How to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallHow to configure cisco asa virtual firewall
How to configure cisco asa virtual firewall
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemmbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
 
Fortinet & VMware integration
Fortinet & VMware integrationFortinet & VMware integration
Fortinet & VMware integration
 
FortiGate 60C
FortiGate 60CFortiGate 60C
FortiGate 60C
 
Cohesive Networks Support Docs: VNS3 Configuration in Azure
Cohesive Networks Support Docs: VNS3 Configuration in Azure Cohesive Networks Support Docs: VNS3 Configuration in Azure
Cohesive Networks Support Docs: VNS3 Configuration in Azure
 
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
 
Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide
 

Viewers also liked

IPV4_IPV6_INTEROPERABILITY_
IPV4_IPV6_INTEROPERABILITY_IPV4_IPV6_INTEROPERABILITY_
IPV4_IPV6_INTEROPERABILITY_Rajesh Porwal
 
Fscm91sbil b1109
Fscm91sbil b1109Fscm91sbil b1109
Fscm91sbil b1109shivram2511
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpnRajesh Porwal
 
Synchronization in packet based mobile backhaul networks
Synchronization in packet based mobile backhaul networksSynchronization in packet based mobile backhaul networks
Synchronization in packet based mobile backhaul networksRajesh Porwal
 
Závěrečný úkol žulevičová
Závěrečný úkol žulevičováZávěrečný úkol žulevičová
Závěrečný úkol žulevičovánelazulev
 
Unit 1 Foundations of American Gov't
Unit 1 Foundations of American Gov'tUnit 1 Foundations of American Gov't
Unit 1 Foundations of American Gov'tjrlibow
 
Intelligent speed control_3_1
Intelligent speed control_3_1Intelligent speed control_3_1
Intelligent speed control_3_1Suresh Reddy
 
Eigrp on a cisco asa firewall configuration
Eigrp on a cisco asa firewall configurationEigrp on a cisco asa firewall configuration
Eigrp on a cisco asa firewall configuration3Anetwork com
 
Basic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet AccessBasic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet AccessHarris Andrea
 
How to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco SwitchesHow to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco SwitchesHarris Andrea
 
Cisco asa firewall
Cisco asa firewallCisco asa firewall
Cisco asa firewallIT Tech
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Duane Bodle
 

Viewers also liked (18)

závěrečný_úkol_KPI
závěrečný_úkol_KPIzávěrečný_úkol_KPI
závěrečný_úkol_KPI
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 
IPV4_IPV6_INTEROPERABILITY_
IPV4_IPV6_INTEROPERABILITY_IPV4_IPV6_INTEROPERABILITY_
IPV4_IPV6_INTEROPERABILITY_
 
Fscm91sbil b1109
Fscm91sbil b1109Fscm91sbil b1109
Fscm91sbil b1109
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
 
Záverečný úkol KPI
Záverečný úkol KPIZáverečný úkol KPI
Záverečný úkol KPI
 
Synchronization in packet based mobile backhaul networks
Synchronization in packet based mobile backhaul networksSynchronization in packet based mobile backhaul networks
Synchronization in packet based mobile backhaul networks
 
Závěrečný úkol žulevičová
Závěrečný úkol žulevičováZávěrečný úkol žulevičová
Závěrečný úkol žulevičová
 
Part 1
Part 1Part 1
Part 1
 
Gre tunnel pdf
Gre tunnel pdfGre tunnel pdf
Gre tunnel pdf
 
Unit 1 Foundations of American Gov't
Unit 1 Foundations of American Gov'tUnit 1 Foundations of American Gov't
Unit 1 Foundations of American Gov't
 
Intelligent speed control_3_1
Intelligent speed control_3_1Intelligent speed control_3_1
Intelligent speed control_3_1
 
Eigrp on a cisco asa firewall configuration
Eigrp on a cisco asa firewall configurationEigrp on a cisco asa firewall configuration
Eigrp on a cisco asa firewall configuration
 
Basic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet AccessBasic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet Access
 
How to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco SwitchesHow to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco Switches
 
Cisco asa firewall
Cisco asa firewallCisco asa firewall
Cisco asa firewall
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration Review
 
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
 

Similar to PIX vs ASA_firewall

Internetworking With Pix Firewall
Internetworking With Pix FirewallInternetworking With Pix Firewall
Internetworking With Pix FirewallSouvik Santra
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)NetProtocol Xpert
 
Cisco asa 5500 series adaptive security appliances
Cisco asa 5500 series adaptive security appliancesCisco asa 5500 series adaptive security appliances
Cisco asa 5500 series adaptive security appliancesIT Tech
 
Configuring Ip Sec Between A Router And A Pix
Configuring Ip Sec Between A Router And A PixConfiguring Ip Sec Between A Router And A Pix
Configuring Ip Sec Between A Router And A Pixangelitoh11
 
Is this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x seriesIs this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x seriesSarah Tao
 
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerDavid Sweigert
 
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)David Sweigert
 
BASIC TO ADVANCED NETWORKING TUTORIALS
BASIC TO ADVANCED NETWORKING TUTORIALSBASIC TO ADVANCED NETWORKING TUTORIALS
BASIC TO ADVANCED NETWORKING TUTORIALSVarinder Singh Walia
 
Ccna 4 Chapter 1 V4.0 Answers
Ccna 4 Chapter 1 V4.0 AnswersCcna 4 Chapter 1 V4.0 Answers
Ccna 4 Chapter 1 V4.0 Answersccna4discovery
 
Netronome Corporate Brochure
Netronome Corporate BrochureNetronome Corporate Brochure
Netronome Corporate BrochureCarly Steele
 
Ch13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security DevicesCh13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security Devicesphanleson
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadMehtabRohela
 
Configuring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOConfiguring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOHoàng Hải Nguyễn
 

Similar to PIX vs ASA_firewall (20)

Firewalls
FirewallsFirewalls
Firewalls
 
Internetworking With Pix Firewall
Internetworking With Pix FirewallInternetworking With Pix Firewall
Internetworking With Pix Firewall
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
 
Cisco asa 5500 series adaptive security appliances
Cisco asa 5500 series adaptive security appliancesCisco asa 5500 series adaptive security appliances
Cisco asa 5500 series adaptive security appliances
 
Configuring Ip Sec Between A Router And A Pix
Configuring Ip Sec Between A Router And A PixConfiguring Ip Sec Between A Router And A Pix
Configuring Ip Sec Between A Router And A Pix
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
 
Is this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x seriesIs this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x series
 
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security Practitioner
 
Network & security startup
Network & security startupNetwork & security startup
Network & security startup
 
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
 
BASIC TO ADVANCED NETWORKING TUTORIALS
BASIC TO ADVANCED NETWORKING TUTORIALSBASIC TO ADVANCED NETWORKING TUTORIALS
BASIC TO ADVANCED NETWORKING TUTORIALS
 
Ccna 4 Chapter 1 V4.0 Answers
Ccna 4 Chapter 1 V4.0 AnswersCcna 4 Chapter 1 V4.0 Answers
Ccna 4 Chapter 1 V4.0 Answers
 
Netronome Corporate Brochure
Netronome Corporate BrochureNetronome Corporate Brochure
Netronome Corporate Brochure
 
Ch13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security DevicesCh13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security Devices
 
Easy steps-cisco-extended-access-list-231
Easy steps-cisco-extended-access-list-231Easy steps-cisco-extended-access-list-231
Easy steps-cisco-extended-access-list-231
 
Iuwne10 S02 L08
Iuwne10 S02 L08Iuwne10 S02 L08
Iuwne10 S02 L08
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
 
Configuring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOConfiguring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IO
 
CRYPTTECH PRODUCTS
CRYPTTECH PRODUCTSCRYPTTECH PRODUCTS
CRYPTTECH PRODUCTS
 
BARZAN.pptx
BARZAN.pptxBARZAN.pptx
BARZAN.pptx
 

Recently uploaded

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 

Recently uploaded (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 

PIX vs ASA_firewall

  • 1. PIX FIREWALL BY R P PORWAL PIX FIREWALL What Does a PIX Do? The PIX is a firewall appliance based on a hardened, specially built operating system, PIX OS, minimizing possible OS-specific security holes. BSNL is using latest cisco ASA ( adaptive security appliance) of 55xx series for its 3G OSS More about ASA firewall in upcoming presentation PIX firewalls provide a wide range of security and networking services including:  Network Address Translation (NAT) or Port Address Translation (PAT)  content filtering (Java/ActiveX)  URL filtering  IPsec VPN  support for leading X.509 PKI solutions  DHCP client/server  PPPoE support  advanced security services for multimedia applications and protocols including Voice over IP (VoIP), H.323, SIP, Skinny and Microsoft NetMeeting  AAA (RADIUS/TACACS+) integration PIX can be graphically managed using the integrated Web-based management interface known as the PIX Device Manager (PDM) or by the Cisco Secure Policy Manager 2.3f and 3.0f (not to be confused with CSPM 2.3.3i which is for intrusion detection system management). The PDM is a PIX-specific device configuration and management tool whereas CSPM is generally used as part of a larger security management infrastructure and allows one to correlate organizational security policies with a PIX configuration. Management interfaces include command-line interface (CLI), telnet, Secure Shell (SSH 1.5), console port, SNMP, and syslog. . PIX Terminology and Background Information The following diagram shows a multi-port PIX connected to various networks. We will use this diagram as we build up a PIX configuration in this and any subsequent PIX articles.
  • 2. PIX FIREWALL BY R P PORWAL PIX terminology: we generally refer to the user segment as the Inside subnet. The interface connected to the Internet router is the outside subnet. As shown, we probably have DMZ (De- Militarized Zone) subnet, the subnet where we quarantine all servers that are accessible from the outside. We might also have a separate management subnet and a subnet tying to a redundant PIX for failover (if supported/licensed). The PIX Command-Line Interface (CLI) is somewhat like the Cisco IOS interface, but different. Use colon (":") for comments (which, as usual, are not retained). Newer PIX OS uses ACL's, replacing the former conduits (which were arguably more confusing to experienced Cisco router administrators). PIX interfaces are normally shutdown until the administrator activates them. PIX interfaces have an associated security level. Two interfaces at same level can't send packets to each other. We'll shortly see that you set levels with nameif command. Connections and traffic are normally permitted from higher to lower security level interfaces, although you do have to put in some basic configuration to allow traffic to flow. Connections the other way (from low to high security) are disallowed unless the configuration explicitly permits them.
  • 3. PIX FIREWALL BY R P PORWAL You actually do not have to put any ACL if going from a higher security level to a lower. Everything will be allowed. Best practice is to put an ACL on all interfaces even if the ACL permits everything to flow using "ip any any". An ACL put inbound (PIX only does inbound ACLs) to the inside interface can control traffic destined going outbound. If an admin wants to only have www and dns traffic outbound he would allow only tcp on 80 and udp on 53 then everything else like real audio would be denied as it goes out.) To let traffic flow from a high security level to a lower level, use the nat and global commands. For the opposite direction, from lower to higher, use the static and access-list commands. We suggest using nat and global when going from any non-outside interface to the outside interface (Internet usually unless the PIX is used as a border between business units) which is a little different than the first sentence above. We also suggest using statics from any non-outside interface to any other non-outside interface (like inside to management or ethernet3 to ethernet4, below.) The PIX normally uses stateful NAT connections and stateful security, referred to as the Adaptive Security Algorithm (ASA). The PIX does not pass multicast traffic