The PIX Firewall can protect one or more networks from intruders on an outer, unprotected network. Most PIX Firewall
models optionally support multiple outside or perimeter networks (also known as demilitarized zones (DMZs)).
Connections between the networks can be controlled by the PIX Firewall.
To effectively use a firewall in your organization, you need a security policy to ensure that all traffic from the protected
networks passes only through the firewall to the unprotected network. Refer to "Creating a Security Policy" in this
chapter for more information. You can then control who may access the networks with which services, and how to
implement your security policy using the features that the PIX Firewall provides.
Figure 1-1 shows how a PIX Firewall protects a network while providing outbound connections and secure access to the
Internet.
Within this architecture, the PIX Firewall forms the boundary between the protected networks and the unprotected
networks. All traffic between the protected and unprotected networks must flow through the firewall to maintain
security. The unprotected network is typically accessible to the Internet. The PIX Firewall lets you locate servers such as
those for Web access, SNMP, electronic mail (SMTP) in the protected network, and control who on the outside can
access these servers.
Alternatively, for all PIX Firewall models except the PIX 506, server systems can be located on a perimeter network as
shown in Figure 1-1, and access to the server systems can be controlled and monitored by the PIX Firewall. The PIX 506 only has two network interfaces, so all systems must be located either on the inside or the outside interfaces.
The PIX Firewall also lets you implement your security policies for connection to and from the inside network.
Typically, the inside network is an organization's own internal network, or intranet, and the outside network is the
Internet, but the PIX Firewall can also be used within an intranet to isolate or protect one group of internal computing
systems and users from another.
The perimeter network can be configured to be as secure as the inside network or with varying security levels. Security
levels are assigned numeric values from 0, the least secure, to 100, the most secure. The outside interface is always 0 and
the inside interface is always 100. The perimeter interfaces can be any security level from 1 to 99.
Both the inside and perimeter networks are protected with the PIX Firewall's Adaptive Security Algorithm described
later in this chapter. The inside, perimeter, and outside interfaces can listen to RIP routing updates, and all interfaces can
broadcast a RIP default route if required.
models optionally support multiple outside or perimeter networks (also known as demilitarized zones (DMZs)).
Connections between the networks can be controlled by the PIX Firewall.
To effectively use a firewall in your organization, you need a security policy to ensure that all traffic from the protected
networks passes only through the firewall to the unprotected network. Refer to "Creating a Security Policy" in this
chapter for more information. You can then control who may access the networks with which services, and how to
implement your security policy using the features that the PIX Firewall provides.
Figure 1-1 shows how a PIX Firewall protects a network while providing outbound connections and secure access to the
Internet.
Within this architecture, the PIX Firewall forms the boundary between the protected networks and the unprotected
networks. All traffic between the protected and unprotected networks must flow through the firewall to maintain
security. The unprotected network is typically accessible to the Internet. The PIX Firewall lets you locate servers such as
those for Web access, SNMP, electronic mail (SMTP) in the protected network, and control who on the outside can
access these servers.
Alternatively, for all PIX Firewall models except the PIX 506, server systems can be located on a perimeter network as
shown in Figure 1-1, and access to the server systems can be controlled and monitored by the PIX Firewall. The PIX 506 only has two network interfaces, so all systems must be located either on the inside or the outside interfaces.
The PIX Firewall also lets you implement your security policies for connection to and from the inside network.
Typically, the inside network is an organization's own internal network, or intranet, and the outside network is the
Internet, but the PIX Firewall can also be used within an intranet to isolate or protect one group of internal computing
systems and users from another.
The perimeter network can be configured to be as secure as the inside network or with varying security levels. Security
levels are assigned numeric values from 0, the least secure, to 100, the most secure. The outside interface is always 0 and
the inside interface is always 100. The perimeter interfaces can be any security level from 1 to 99.
Both the inside and perimeter networks are protected with the PIX Firewall's Adaptive Security Algorithm described
later in this chapter. The inside, perimeter, and outside interfaces can listen to RIP routing updates, and all interfaces can
broadcast a RIP default route if required.
.
.
ไม่มีความคิดเห็น:
แสดงความคิดเห็น