Introduction to firewalls
The firewall is a barrier between LAN and WAN networks (trusted and untrusted networks), we configure the firewall in the forwarding path of the network so each packet have to be checked by our firewall.
There are two kinds of firewalls one is software firewalls just like preinstalled with Microsoft Windows. The second one is the hardware firewall which we are going to see.
From the above diagram, we have LAN with two host PC and a cisco switch. On the other hand, you can see a router that is connected to the ISP for an internet connection. We place our firewall in between to protect our LAN network.
Stateless and stateful filtering.
You can use a router as a firewall but it's not a good choice because most the router does not spend much time on filtering, the router checks the access list for the port number source and destination IP address if it matches in the entry of access-list router is going to permit or deny the packet and router do not keep track of the packet this is called stateless filtering but the firewall uses stateful filtering, the firewall keeps track of all incoming and outgoing connections.
ASA (Adaptive Security Appliance) is a cisco security device that combines the classic firewall with VPN, IPS (Intrusion Prevention System), and antivirus capabilities. ASA is capable of providing threat defense before most of the attacks spread into our LAN network.
I think we have done enough talking rest of the theory we will see in the next section.
let's see how to configure: -
- Configure the topology as per the diagram
- Assign an IP address to the ASA interface
- Configure nameif to the ASA interface
- Configure the security level to the interface
- Configure hostname to ASA Firewall
- Configure password
ciscoasa(config)#interface gigabitEthernet 1/1
ciscoasa(config-if)#ip address 10.1.1.2 255.0.0.0
ASA-Firewall(config)#enable password internetworks
ASA-Firewall(config)#username Admin password internetworks