Deploying Zone-Based Firewalls > Configuring Transparent Firewalls > Summary

Table of Contents

Download Safari Books Online apps: Apple iOS | Android

Entire Site

Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Search

Table of Contents

About the Author

About the Technical Editor

Ch. 1. Introduction to Zone-Based Firewalls

Ch. 2. Typical Zone-Based Firewall Designs

Ch. 3. Configuring Zone-Based Policy Firewalls in Cisco IOS

Ch. 4. Case Study: Firewall with a Perimeter Network

Ch. 5. Advanced Zone-Based Policy Firewall Configuration

Ch. 6. Configuring Transparent Firewalls

Protecting Internal Servers: Alternate Design

Case Study: Migrating a Server to the Perimeter Network

Summary

Summary

In this chapter, youâ€™ve seen how you can configure the Cisco IOS transparent firewall using the zone-based configuration commands. When designing the zone-based transparent firewall, keep in mind these guidelines:

Only a single zone pair is checked for every packet traversing the router.
If a packet is bridged through the router, the router checks the zone pair policy configured between the physical interface zones.
If a packet is routed, the router checks the zone pair policy between the zones of the BVI interface and the outbound IP interface.
If a packet is sent to the router itself, the router checks the zone pair policy between the zone of the BVI interface and the self zone.
Configuring a zone pair between a bridged and a routed zone makes no sense (because it will never be used).
Although you could, do not apply the same zone on bridged and routed interfaces; that will only lead to confusion.

You are currently reading a PREVIEW of this book.

Get instant access to over
$1 million worth of books and videos.

Start a Free Trial

Download Safari Books Online apps: Apple iOS | Android

This Book

Search

Contents

Chapter 6. Configuring Transparent Firewalls > Summary

Summary