CHAPTER
16-1
Cisco 7600 Series Routers Module Guide
OL-9392-05
16
Adaptive Security Appliance Services Module
This chapter provides information about the firewall solution, Cisco Adaptive Security Appliance
Services Module (ASA SM).
This chapter contains the following topics:
• Functional Overview of Firewalls
• ASA SM Overview
• ASA SM Front Panel LEDs
• ASA SM Support
• Deployment of ASA SM
• ASA SM Firewall Modes
• Security Context Overview
• ASA SM Failover Mechanism
• Support on Chassis
• Restrictions and Configuration
• Troubleshooting
• ASA SM Documentation
Functional Overview of Firewalls
Firewalls protect inside networks from unauthorized access by users on outside networks. A firewall can
also protect inside networks from each other, for example, keeping a human resources network separate
from a user network. If you want network resources to be made available to an outside user, such as a
Web or FTP server, you can place these resources on a separate network behind the firewall, called a
demilitarized zone (DMZ). The firewall allows limited access to the DMZ. As the DMZ only includes
the public servers, an attack there only affects the servers and does not affect other inside networks. You
can also control when inside users access outside networks (for example, the Internet), by allowing only
certain addresses out, requiring authentication or authorization, or coordinating with an external URL
filtering server.
When discussing networks connected to a firewall, the outside network is in front of the firewall, the
inside network is protected and behind the firewall, and a DMZ, while behind the firewall, allows limited
access to outside users. Because ASA SM lets you configure many interfaces with varied security
policies, including many inside interfaces, many DMZs, and even many outside interfaces if desired,
these terms are used in a general sense only.
To Next Page
Loading...
