Cisco Cisco IPS 4520 Sensor Weißbuch
21
Firewall
August 2012 Series
21
Step 13:
In the
Netmask
box, enter the DMZ summary netmask, and then
click
OK
. (Example: 255.255.248.0)
Next, you will deny access from the DMZs to all other networks, as open
access poses a security risk.
access poses a security risk.
Step 14:
Navigate to
Configuration > Firewall > Access Rules
.
Step 15:
Click
Add > Add Access Rule
.
Step 16:
In the Add Access Rule dialog box, in the
Interface
list, select
—Any—
.
Step 17:
For
Action
, select
Deny
.
Step 18:
In the
Source
list, select the network object created in Step 9, and
then click
OK
. (Example dmz-networks)
Step 19:
In the Access Rules pane, click
Apply
. This saves the
configuration.
Configuring the Firewall Internet Edge
Process
Internet connectivity varies based on the organization’s availability require-
ment for Internet access. Two options are available:
ment for Internet access. Two options are available:
• Single ISP uses a single Internet connection via one router that carries
the Internet traffic.
Figure 7 - Single ISP connectivity
3005
VLAN 16
172.16.0.0
Outside
Switches
Cisco
ASA
Primary
Cisco
ASA
Standby
Internet
Primary
ISP Router
Primary
ISP