Firewall ACLs

Firewalls are used to control access to and from the Internet and to provide interaction with customers, suppliers, and employees. But because the Internet is insecure, firewalls need to use ACLs to permit and deny traffic flowing through it. Firewalls use security zones to define trust levels that are associated with the firewall's interfaces. For example, the trusted zone is associated with an interface connected to the internal network, and the untrusted zone is associated with an interface connected to outside of the firewall. Common security zones include the inside, outside, and DMZ, but others can be created as needed.

Figure 14-3 shows a PIX firewall with three zones and the permitted policy and flow of the traffic.

Figure 14-3 Firewall ACLs and Zones

DMZ Public Zone

HTTP/FTP E-Commerce SSL

HTTP/ FTP/SSL

Trusted Internal Zone

-I

HTTP/FTP E-Commerce SSL

HTTP/ FTP/SSL

HTTP/SSL

Untrusted Internet Zone o

The policy for the firewall shown in Figure 14-3 includes the following:

■ Allow HTTP and HTTPS to the Internet

■ Allow HTTPS and FTP to the public web and FTP server

■ Allow HTTPS to the public e-commerce server

0 0

Post a comment