思科高端防火墙介绍VIP专享VIP免费

单击此处编辑母版标题样式防火墙2010年4月1一、防火墙的三种类型•1、Packetfiltering（包过滤）•2、Proxyserver（代理服务器）•3、Statefulpacketfiltering（状态化包过滤）21、Packetfiltering（包过滤）3•访问控制列表A2、Proxyserver（代理服务器）特点：•两个TCP会话•性能低下•支持的运用很少(http/https/ftp)•工作在OSI模型最高层，是最安全的防火墙42、Proxyserver（代理服务器）•软件防火墙的主流技术，经常为web流量使用代理服务器53、Statefulpacketfiltering（状态化包过滤）特点：•为每一个TCP和UDP流维护statefulsessionflowetable（状体化表项）•返回数据包首先查询状态化表项，如果是以前连接的一部分，就算被ACL拒绝也可以穿越防火墙•状态化表项维护:TCP源目端口，源目IP，序列号。Flag位•性能高，硬件防火墙的主流技术63、Statefulpacketfiltering（状态化包过滤）7•硬件防火墙主流技术，为穿越TCP和UDP流维护状态化表现•1、Demilitarizedzone(非军事化区域)，主要用于连接服务器和VPN设备•2、DMZ连接的两种方式：二、DMZ8•3、一种典型的FW连接方式：二、DMZ9三、CISCOASA产品介绍1、CISCOASA特性介绍：（一）•（1）state-of-artstatefulpacketinspectionfirewall(状态监控包过滤)•（2）user-basedauthenticationofinboundandoutboundconnections(cut-through)•（3）intergratedprotocolandapplicationinspectionenginesthatexaminepacketstreamsatlayers4through7(运用层过滤)10三、CISCOASA产品介绍1、CISCOASA特性介绍：（二）•（1）highlyflexbleandextensiblemodularsecuritypolicyframework(MPF)•（2）robustVPNservicesforsecurestie-to-siteandremote-accessconnections(IPSECVPN)•（3）clientlessandclient-basedsecuresocketslayer(SSL)VPN(SSLVPN)11三、CISCOASA产品介绍1、CISCOASA特性介绍：（三）•（1）multiplesecuritycontexts(vitualfirewalls)withinasingleappliance(多模式防火墙)•（2）statefulactive/activeoractive/standbyfailovercapabilitiesthatensureresilientnetworkprotection(FO)•（3）transparentdeploymentofsecurityappliancesintoexistingnetworkenvironmentwithoutrequiringre-addressingofthenetwork(透明防火墙)12三、CISCOASA产品介绍1、CISCOASA特性介绍：（四）•（1）Intuitivesingle-devicemanagementandmonitoringserviceswiththeciscoAdaptiveSecurityDeviceManger(ASDM)andenterprise-classmultidevicemanagementservicesthroughCISCOSecurityManager(图形化界面网管)13三、CISCOASA产品介绍2、CISCOASA类型：（1）CISCOASA5505两种授权方式：basemodel和SecurityPlusModel►maximumthroughput:150Mb/s►maximumconnections:10,000(25,000securityPlus)►maximumconnections/sec:4,000►maximum3Des/AESthroughput:100Mb/s►maximumVPNsession:10(25securityPlus)►maximumSSLVPNsession:default2,UPto2514三、CISCOASA产品介绍2、CISCOASA类型：（2）CISCOASA5510两种授权方式:basemodelandsecurityplusmodel►高度：1U►maximumthroughput:300Mb/s►maximumconnections:50,000(130,000securityplus)►maximum3Des/AESthroughput:170Mb/s►maximumVPNsession:250►maximumSSLVPNsession:default2►securitycontext:0/0(base);2/5(securityplus)►VLANS:50(100securityplus)►highavailability:basenotsupport(securityplusA/AA/S)►interface:5fastEthernetports15三、CISCOASA产品介绍2、CISCOASA类型：（3）CISCOASA5520►高度：1U►maximumthroughput:450Mb/s►maximumconnections:280,000►maximum3Des/AESthroughput:225Mb/s►maximumVPNsession:750►sslvpnsession:default2(10/25/50/100/250/500or750)►securitycontext:default2upto20►VLANs:150►Highavailability:A/AA/S►scalability:VPNclusteringandloadbalancing►interface:4GigabitEthernetand1fastEthernet16三、CISCOASA产品介绍2、CISCOASA类型：（4）CISCOASA5540►maximumthroughput:650Mb/s►maximumconnections...