In this lab guide I will be showing you how to configure a Cisco zone based firewall (ZBF) using the following requirements:
-IOS Zone based firewall
-Application inspection for HTTP traffic
-Multiple zones
-NAT and PAT
-Denial of service (Dos) protection.
I will be using the IOS CLI and not the security device manager (SDM) in this book as it is easier to use and more powerful. The SDM is very useful for management after the IOS router has been configured.
The IOS router will be based upon a 7200VXR with version 15.2 but a lot of the configuration will work on previous versions of the code and on other platforms.
Grant Wilson is the author of the “Cisco Pocket Lab Guides” series of books. He is CCIE security #26667 and currently works as a security consultant for a Cisco partner. He spent 15 years of his IT career as a Cisco trainer (CCSI) teaching many Cisco certified classes. He lives near Oxford in England with his wife and three children.
Grant runs a website which is in his kitchen and is protected by an IOS firewall, ASA firewall, IOS IPS and an IPS sensor.
He holds the following certifications:
-CCIE - Security (Cisco) - #26667
-CCSI (Cisco) - #23077
-CCSP (Cisco)
-CCNP (Cisco)
-JNCIS Security (Juniper)
-JNCIA (Juniper)
-CCSA (Checkpoint)
-CCNA (Cisco)
-CCDA (Cisco)
-MCSE (Microsoft)
-MCT (Microsoft)
-Cisco Firewall Specialist
-Cisco Content Networking Specialist
-Cisco Network Management Specialist
-Ironport certified trainer
-Cisco Borderless Networks R and S Support Specialist
-Bsc Electrical and electronic engineering
-MA Digital Music Technology
-IOS Zone based firewall
-Application inspection for HTTP traffic
-Multiple zones
-NAT and PAT
-Denial of service (Dos) protection.
I will be using the IOS CLI and not the security device manager (SDM) in this book as it is easier to use and more powerful. The SDM is very useful for management after the IOS router has been configured.
The IOS router will be based upon a 7200VXR with version 15.2 but a lot of the configuration will work on previous versions of the code and on other platforms.
Grant Wilson is the author of the “Cisco Pocket Lab Guides” series of books. He is CCIE security #26667 and currently works as a security consultant for a Cisco partner. He spent 15 years of his IT career as a Cisco trainer (CCSI) teaching many Cisco certified classes. He lives near Oxford in England with his wife and three children.
Grant runs a website which is in his kitchen and is protected by an IOS firewall, ASA firewall, IOS IPS and an IPS sensor.
He holds the following certifications:
-CCIE - Security (Cisco) - #26667
-CCSI (Cisco) - #23077
-CCSP (Cisco)
-CCNP (Cisco)
-JNCIS Security (Juniper)
-JNCIA (Juniper)
-CCSA (Checkpoint)
-CCNA (Cisco)
-CCDA (Cisco)
-MCSE (Microsoft)
-MCT (Microsoft)
-Cisco Firewall Specialist
-Cisco Content Networking Specialist
-Cisco Network Management Specialist
-Ironport certified trainer
-Cisco Borderless Networks R and S Support Specialist
-Bsc Electrical and electronic engineering
-MA Digital Music Technology
