1-27
Cisco ASA Series CLI Configuration Guide
Chapter 1 Introduction to the Cisco ASA
Firewall Functional Overview
This section includes the following topics:
• Security Policy Overview, page 1-27
• Firewall Mode Overview, page 1-29
• Stateful Inspection Overview, page 1-30
Security Policy Overview
A security policy determines which traffic is allowed to pass through the firewall to access another
network. By default, the ASA allows traffic to flow freely from an inside network (higher security level)
to an outside network (lower security level). You can apply actions to traffic to customize the security
policy. This section includes the following topics:
• Permitting or Denying Traffic with Access Lists Rules, page 1-27
• Applying NAT, page 1-27
• Protecting from IP Fragments, page 1-28
• Using AAA for Through Traffic, page 1-28
• Applying HTTP, HTTPS, or FTP Filtering, page 1-28
• Applying Application Inspection, page 1-28
• Sending Traffic to the IPS Module, page 1-28
• Sending Traffic to the Content Security and Control Module, page 1-28
• Applying QoS Policies, page 1-28
• Applying Connection Limits and TCP Normalization, page 1-29
• Enabling Threat Detection, page 1-29
• Enabling the Botnet Traffic Filter, page 1-29
• Configuring Cisco Unified Communications, page 1-29
Permitting or Denying Traffic with Access Lists Rules
You can apply an access list rule to limit traffic from inside to outside, or allow traffic from outside to
inside. For transparent firewall mode, you can also apply an EtherType access list to allow non-IP traffic.
Applying NAT
Some of the benefits of NAT include the following:
• You can use private addresses on your inside networks. Private addresses are not routable on the
Internet.
• NAT hides the local addresses from other networks, so attackers cannot learn the real address of a
host.
• NAT can resolve IP routing problems by supporting overlapping IP addresses.
To Next Page
Loading...
Need help?
General
