Cisco Cisco IPS 4360 Sensor 백서

21

Firewall

August 2012 Series

21

Step 13:  

In the 

Netmask

 box, enter the DMZ summary netmask, and then 

click 

OK

. (Example: 255.255.248.0)

Next, you will deny access from the DMZs to all other networks, as open 
access poses a security risk.

Step 14:  

Navigate to 

Configuration > Firewall > Access Rules

.

Step 15:  

Click 

Add > Add Access Rule

. 

Step 16:  

In the Add Access Rule dialog box, in the 

Interface

 list, select 

—Any—

.

Step 17:  

For 

Action

, select 

Deny

.

Step 18:  

In the 

Source

 list, select the network object created in Step 9, and 

then click 

OK

. (Example dmz-networks)

Step 19:  

In the Access Rules pane, click 

Apply

. This saves the 

configuration.

Configuring the Firewall Internet Edge

1.  Configure the outside switch

2.  ASA with non-trunked Internet access

3.  ASA with trunked Internet access

4.  Configure address translation

5.  Configure security policy

Process

Internet connectivity varies based on the organization’s availability require-
ment for Internet access. Two options are available: 

•  Single ISP uses a single Internet connection via one router that carries 

the Internet traffic.

3005

VLAN 16

172.16.0.0

Outside

Switches

Cisco

ASA

Primary

Cisco

ASA

Standby

Internet

Primary

ISP Router

Primary

ISP