Cisco ASA, PIX, and FWSM Firewall Handbook 2nd Edition
Use the Amazon App to scan ISBNs and compare prices.
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
About the Author
David Hucaby, CCIE No. 4594, is a lead network engineer for the University of Kentucky, where he works with health-care networks based on the Cisco Catalyst, ASA, FWSM, and VPN product lines. He was one of the beta reviewers of the ASA 8.0 operating system software. He has a B.S. and M.S. in electrical engineering from the University of Kentucky. He is the author of three other books from Cisco Press:CCNP BCMSN Official Exam Certification Guide, Cisco Field Manual: Router Configuration, andCisco Field Manual: Catalyst Switch Configuration.
He lives in Kentucky with his wife, Marci, and two daughters.
Excerpt. © Reprinted by permission. All rights reserved.
Cisco ASA, PIX, and FWSM Firewall Handbook
This book focuses on the complete product line of Cisco firewall hardware: the PIX and ASA Security Appliance families and the Catalyst Firewall Services Module (FWSM). Of the many sources of information and documentation about Cisco firewalls, very few provide a quick and portable solution for networking professionals.
This book is designed to provide a quick and easy reference guide for all the features that can be configured on any Cisco firewall. In essence, an entire bookshelf of firewall documentation, along with other networking reference material, has been "squashed" into one handy volume.
This book covers only the features that can be used for stateful traffic inspection and overall network security. Although Cisco firewalls can also support VPN functions, those subjects are not covered here.
This book is based on the most current Cisco firewall software releases available at press timeASA release 8.0(1) and FWSM release 3.2(1).
In the book, you will find ASA, PIX, and FWSM commands presented side-by-side for any specific task. The command syntax is shown with a label indicating the type of software that is running, according to the following convention:
ASARefers to any platform that can run ASA release 7.0(1) or later. This can include the ASA 5500 family, as well as the PIX 500 family. For example, even though a PIX 535 can run a specific build of the ASA 8.0(1) code, the commands are still labeled "ASA" to follow the operating system being used.
PIXRefers to a PIX release 6.3.
FWSMRefers to FWSM release 3.1(1) or later.
If you are using an earlier version of software, you might find that the configuration commands differ slightly.
With the advent of the ASA platform, Cisco began using different terminology: firewalls became known as security appliances because of the rich security features within the software and because of the modular nature of the ASA chassis. This new terminology has been incorporated in this book where appropriate. However, the term firewall is still most applicable here because this book deals with both security appliances and firewalls embedded within Catalyst switch chassis. As you read this book, keep in mind that the terms firewall and security appliance are used interchangeably.
How This Book Is Organized
This book is meant to be used as a tool in your day-to-day tasks as a network or security administrator, engineer, consultant, or student. I have attempted to provide a thorough explanation of many of the more complex firewall features. When you better understand how a firewall works, you will find it much easier to configure and troubleshoot.
This book is divided into chapters that present quick facts, configuration steps, and explanations of configuration options for each Cisco firewall feature. The chapters and appendixes are as follows:
Chapter 1, "Firewall Overview"Describes how a Cisco firewall inspects traffic. It also offers concise information about the various firewall models and their performance.
Chapter 2, "Configuration Fundamentals"Discusses the Cisco firewall user interfaces, feature sets, and configuration methods.
Chapter 3, "Building Connectivity"Explains how to configure firewall interfaces, routing, IP addressing services, and IP multicast support.
Chapter 4, "Firewall Management"Explains how to configure and maintain security contexts, flash files, and configuration files; how to manage users; and how to monitor firewalls with SNMP.
Chapter 5, "Managing Firewall Users"Covers the methods you can use to authenticate, authorize, and maintain accounting records for a firewall's administrative and end users.
Chapter 6, "Controlling Access Through the Firewall"Describes the operation and configuration of the transparent and routed firewall modes, as well as address translation. Other topics include traffic shunning and threat detection.
Chapter 7, "Inspecting Traffic"Covers the Modular Policy Framework, which is used to define security policies that identify and act on various types of traffic. The chapter also discusses the application layer inspection engines that are used within security policies, as well as content filtering.
Chapter 8, "Increasing Firewall Availability with Failover"Explains firewall failover operation and configuration, offering high availability with a pair of firewalls operating in tandem.
Chapter 9, "Firewall Load Balancing"Discusses how firewall load balancing works and how it can be implemented in a production network to distribute traffic across many firewalls in a firewall farm.
Chapter 10, "Firewall Logging"Explains how to configure a firewall to generate an activity log, as well as how to analyze the log's contents.
Chapter 11, "Verifying Firewall Operation"Covers how to check a firewall's vital signs to determine its health, how to verify its connectivity, and how to observe data that is passing through it.
Chapter 12, "ASA Modules"Discusses the Security Services Modules (SSMs) that can be added into an ASA chassis, along with their basic configuration and use.
Appendix A, "Well-Known Protocol and Port Numbers"Presents lists of well-known IP protocol numbers, ICMP message types, and IP port numbers that are supported in firewall configuration commands.
Appendix B, "Security Appliance Logging Messages"Provides a quick reference to the many logging messages that can be generated from an ASA, PIX, or FWSM firewall.
How to Use This Book
The information in this book follows a quick-reference format. If you know what firewall feature or technology you want to use, you can turn right to the section that deals with it. The main sections are numbered with a quick-reference index that shows both the chapter and the section (for example, 3-3 is Chapter 3, section 3). You'll also find shaded index tabs on each page, listing the section number.
Each major section begins with a detailed explanation of or a bulleted list of quick facts about the feature. Refer to this information to quickly learn or review how the feature works.
Each feature that is covered in a section includes the required and optional commands used for common configuration. The difference is that the configuration steps are presented in an outline format. If you follow the outline, you can configure a complex feature or technology. If you find that you do not need a certain feature option, skip over that level in the outline.
In some sections, you will also find that each step in a configuration outline presents the commands from multiple firewall platforms side-by-side in a concise manner. You can stay in the same configuration section no matter what type or model of firewall you are dealing with.
Each section includes an example of how to implement the commands and their options. Examples occur within the configuration steps, as well as at the end of a main section. I have tried to present the examples with the commands listed in the order you would actually enter them to follow the outline.
Many times, it is more difficult to study and understand a configuration example from an actual firewall because the commands are displayed in a predefined ordernot in the order you entered them. Where possible, the examples have also been trimmed to show only the commands presented in the section.
Displaying Information About a Feature
Each section includes plenty of information about the commands you can use to show information about that firewall feature. I have tried to provide examples of this output to help you interpret the same results on your firewall.
- Publisher : Cisco Systems; 2nd edition (August 16, 2007)
- Language : English
- Paperback : 869 pages
- ISBN-10 : 1587054574
- ISBN-13 : 978-1587054570
- Item Weight : 3.29 pounds
- Dimensions : 7.25 x 1.5 x 9 inches
- Best Sellers Rank: #3,480,732 in Books (See Top 100 in Books)
- Customer Reviews:
Top reviews from the United States
There was a problem filtering reviews right now. Please try again later.
The book is well written, easy to understand and with enough examples to cement the concept in your mind.
The screen captures are helpful. Showing that Cisco has put some thought into the usability of their boxes.
I won't say the book makes for enthralling reading. It is perhaps best suited as a reference manual. Where the only sections you need are for your firewall model.
Author : David Hucaby
Publisher: Cisco Press
Reviewed by: Michael Cooter
Pros: Thorough, comprehensive, and in-depth
Cons: Not for ASA/PIX Novices, more suited for Firewall admins with solid experience. More of a reference than a book you would read cover to cover.
Chapter List: Chapter 1, "Firewall Overview", Chapter 2 "Configuration Fundamentals" Chapter 3 "Building Connectivity", Chapter 4 "Firewall Management", Chapter 5 "Managing Firewall Users", Chapter 6 "Controlling Access Through the Firewall", Chapter 7 "Inspecting Traffic", Chapter 8 "Increasing Firewall Availability with Failover, Chapter 9 "Firewall Load Balancing", Chapter 10 "Firewall Logging", Chapter 11 "Verifying Firewall Operation", Chapter 12 "ASA Modules", Appendix A, "Well-Known Protocol and Port Numbers, Appendix B "Security Applicance Logging Messages"
Cisco ASA, PIX and FWSM Firewall Handbook is a comprehensive and up-to-date reference manual that belongs on the shelf of anybody who manages a Cisco Firewall device. At nearly 870 pages, this is not a small book that you would want read cover to cover, but instead an excellent reference that you would use to learn more about a specific topic of ASA and PIX administration.
I am familiar with the author, David Hucaby from reading his CCNP Switching book, written in 2000. Hucaby has a very clear and insightful writing style and has the ability to take complex topics and break them down to a more understandable level for novices.
Chapters of interest to me were on Firewall Load Balancing , Traffic Inspection, also the on Failover.
I highly recommend this book for any administrator who is responsible for an ASA or PIX. This book is not an great introduction to the topic, but would be better suited as a companion to "Securing Your Business with Cisco ASA and PIX Firewalls" by Greg Alebar.