chapter 9 cisco ios firewall. ios firewall stateful packet-filter firewall that runs on a router ...
TRANSCRIPT
![Page 1: Chapter 9 Cisco IOS Firewall. IOS Firewall Stateful packet-filter firewall that runs on a router Provides firewall capabilities and normal routing](https://reader036.vdocuments.us/reader036/viewer/2022082610/56649f445503460f94c6554a/html5/thumbnails/1.jpg)
Chapter 9
Cisco IOS Firewall
![Page 2: Chapter 9 Cisco IOS Firewall. IOS Firewall Stateful packet-filter firewall that runs on a router Provides firewall capabilities and normal routing](https://reader036.vdocuments.us/reader036/viewer/2022082610/56649f445503460f94c6554a/html5/thumbnails/2.jpg)
IOS Firewall
Stateful packet-filter firewall that runs on a router
Provides firewall capabilities and normal routing functionality
Based on Context-Based Access Control (CBAC)
![Page 3: Chapter 9 Cisco IOS Firewall. IOS Firewall Stateful packet-filter firewall that runs on a router Provides firewall capabilities and normal routing](https://reader036.vdocuments.us/reader036/viewer/2022082610/56649f445503460f94c6554a/html5/thumbnails/3.jpg)
Context-Based Access Control
Has similar objectives as ASA Dynamically modifies the extended ACLs
to allow return traffic of connections established from the inside network
Inspects transport level and application level protocols
Keeps track of the number and duration of sessions by inspecting packets
![Page 4: Chapter 9 Cisco IOS Firewall. IOS Firewall Stateful packet-filter firewall that runs on a router Provides firewall capabilities and normal routing](https://reader036.vdocuments.us/reader036/viewer/2022082610/56649f445503460f94c6554a/html5/thumbnails/4.jpg)
CBAC Protection against Denial of Service Attacks
Limits total number of half-open TCP or UDP sessions
Limits number of half-open sessions based on time
Limits number of half-open sessions per host