You are on page 1of 21


C.Namasivayam. DCT, B.E, M.E (Network Engineering).

Dhanalakshmi Srinivasan Engineering College

What is Firewall
Firewall is a software or hardware-based network security system

Protect our inside network from outside world internet.

Controls the incoming and outgoing network traffic Analyzing the data packets and determining whether they should be allowed through or not.

Computer operating systems include software-based firewalls to protect against threats from the public Interne.
Many firewalls can perform basic routing functions

Desktop Firewall

Protect internal host or node

Software Firewall Network Firewall Protect our entire network from outside internet Hardware and Software Firewall

Firewall Basics Functions

Add your first bullet point here
Add your second bullet point here Add your third bullet point here

Best Firewall in the Market

Checkpoint Software Technologies

Cisco Systems
Fortinet Juniper Networks Mcafee Watchguard

Cisco ASA Firewall

Adaptive Security Appliance (ASA).

The best firewall in the market.

Java Based Firewall. CLI and GUI Based Firewall. Combines firewall, antivirus, intrusion prevention, and virtual private network (VPN). Packet Filtering firewall.

CISCO ASA Firewall Features:


Anti spam
URL Filtering VPN device SSL device Content inspection

CISCO ASA 5520 model Firewall

System/Software Requirements
GNS3 (Graphical Network Simulator 3)

GNS3 is an open source software that simulate complex networks while being as close as possible to the way real networks perform
Without having dedicated network hardware such as routers and switches. Provides an intuitive graphical user interface to design and configure virtual networks.

Cisco asa842-initrd.gz

Cisco asa842-vmlinuz
Cisco asdm-715.bin Tftpd32 Server Web Server Microsoft Loopback Adapter

One Cisco Router Oracle Virtual Box

CISCO ASA Firewall Access Modes

Unprivileged Mode

This Mode provides restricted views of the security appliance.

Cannot configure anything from this mode. The enable command used in this mode. ciscoasa>enable Password: Unprivileged Mode Initially its Blank


Privileged Mode

Privileged Mode

Displays the # prompt.

Unprivileged commands also works in this mode. Cannot configure anything in this mode. Access the configuration mode using the #configure terminal command from the Privileged mode. ciscoasa#configure terminal ciscoasa(config)# Privileged Mode Configuration Mode

Configuration Mode

Displays the (config)# prompt

Change all system configuration in this mode. The mode some times called Global Configuration Mode. ciscoasa(config)#interface GigabitEthernet0/1 Configuration Mode ciscoasa(config-if) Configure interface specific parameters

Firewall Security Level Interfaces

Security Level 0 Outside Interface (INTERNET)

Security Level 1 to 99 Management Interface ( DMZ) Security Level 100 Inside Interface (LAN)

Firewall Interface security levels.

Rules For Traffic Flow Between Security Levels

1. Traffic from Higher Security Level to Lower Security Level

Allow all Traffic from higher security levels unless specifically restricted by an Access Control List(ACL).
nat/global Translation pair between High-to-Low Security Level


2. Traffic from Lower Security Level to Higher Security Level.

Drop All Traffic unless specifically allowed by an ACL.

Static NAT between High-to-Low Security Level Interface

3. Traffic Between interface with same security Level

By default this is not allowed.

Unless you configure the same-security-traffic permit command.


Thank you
C.Namasivayam, DCT, B.E, M.E (Network Engineering).

Department of IT,
Dhanalakshmi Srinivasan Engineering College Perambalur, E.mail id : Cell No: +91-9626319896 Facebook :

Blogspot :

Thank you
C.Namasivayam, DCT, B.E, M.E (Network Engineering).

Department of IT,
Dhanalakshmi Srinivasan Engineering College Perambalur, E.mail id : Cell No: +91-9626319896 Facebook :

Blogspot :