User`s guide
XSR User’s Guide 321
Chapter 13 Firewall Feature Set Overview
Configuring Security on the XSR
Firewall Feature Set Overview
A firewall is defined generally as a set of related applications or a device
dedicated to protect the enterprise network. Placed at any entryway to a
corporation’s private network, a firewall examines all packets arriving from
the Internet and admits or bars traffic based upon its policies. A firewall may
also control inside access to destinations on the Internet or interior resources.
Fundamentally, a firewall monitors and filters network traffic. Depending on
your enterprise needs, you can set up a simple or more robust firewall. For
instance, application-level filtering can be matched to source/destination IP
addresses and port numbers for FTP, HTTP, or Telnet; protocol-level filtering
can be set on IP protocols such as OSPF, IGP or ICMP; and stateful filtering can
be applied to a session’s state.
Reasons for Installing a Firewall
The rationale for installing a firewall can include the following:
Provide a focal point for security decisions
Segment networks into discrete security zones
Enforce security policy between different security zones to protect
proprietary information from falling into the wrong hands
Enable users to safely connect to and conduct business over a public,
untrusted network (Internet):
– Restrict undesirable traffic that may otherwise flow between
your internal hosts and the Internet
– Protect internal networks from hostile and malicious attacks
Log network activity
Limit your exposure in case of a successful attack
Ideally, these network nodes should be checked daily for security holes, but
since that is impractical, the next best course is to run a firewall to block all
non-essential ports and cut the risk of attack. A firewall can be conceived as a
virtual wall through which “holes” or ports are opened to allow permitted
traffic through as shown in Figure 54 which illustrates a topology using the
XSR firewall feature set.