Instructor Materials – Chapter 4: Implementing Firewall Technologies
Chapter Outline:
4.0 Introduction
4.1 Access Control Lists
4.2 Firewall Technologies
4.3 Zone-Based Policy Firewalls
4.4 Summary
Section 4.1: Access Control List
Topic 4.1.1: Configuring Standard and Extended IPv4 ACLs with CLI
- Introduction to Access Control Lists
- Configuring Numbered and Named ACLs
- Applying an ACL
- ACL Configuration Guidelines
- Editing Existing ACLs
- Sequence Numbers and Standard ACLs
Topic 4.1.2: Mitigating Attacks with ACLs
- Antispoofing with ACLs
- Permitting Necessary Traffic through a Firewall
- Mitigating ICMP Abuse
- Mitigating SNMP Exploits
Topic 4.1.3: IPv6 ACLs
- Introducing IPv6 ACLs
- IPv6 ACL Syntax
- Configure IPv6 ACLs
Section 4.2: Firewall Technologies
Topic 4.2.1: Securing Networks with Firewalls
- Defining Firewalls
- Benefits and Limitations of Firewalls
Topic 4.2.2: Types of Firewalls
- Firewall Type Descriptions
- Packet Filtering Firewall Benefits & Limitations
- Stateful Firewalls
- Stateful Firewall Benefits and Limitations
- Next Generation Firewalls
Topic 4.2.3: Classic Firewall
- Introducing Classic Firewall
- Classic Firewall Operation
- Classic Firewall Configuration
Topic 4.2.4: Firewalls in Network Design
- Inside and Outside Networks
- Demilitarized Zones
- Zone-Based Policy Firewalls
- Layered Defense
Section 4.3: Zone-Based Policy Firewalls
Topic 4.3.1: Zone-Based Policy Firewall Overview
- Benefits of ZPF
- ZPF Design
Topic 4.3.2: ZPF Operation
- ZPF Actions
- Rules for Transit Traffic
- Rules for Traffic to the Self Zone
Topic 4.3.3: Configuring a ZPF
- Configure ZPF
- Step 1: Create Zones
- Step 2: Identify Traffic
- Step 3: Define an Action
- Step 4: Identify a Zone-Pair and Match to a Policy
- Step 5: Assign Zones to Interfaces
- Verify a ZPF Configuration
- ZPF Configuration Considerations
Section 4.4: Summary
Chapter Objectives:
- Implement ACLs to filter traffic and mitigate network attacks on a network.
- Configure a classic firewall to mitigate network attacks.
- Implement ZPF using CLI.