1

Introducing a New Cisco IOS Product: Cisco IOS Firewall

Product Overview

The Cisco IOS Firewall feature set is a value-added option of the Cisco IOS software. The Cisco IOS Firewall feature set
adds firewall-specific functionality to Cisco routers, building upon the strength of existing Cisco IOS security capabilities
such as authentication, encryption, and failover. The Firewall feature set is ideal for organizations who wish to add firewall
capabilities to their existing router based network infrastructure, for secure Internet access, as well as intranet and extranet
security.

The Cisco IOS Firewall feature set includes many powerful firewall features, among them: context-based access control
(CBAC), which secures traffic flow by tracking the state and context of network connections; Java blocking, which controls
downloading of potentially malicious applets; denial-of-service detection and prevention; real-time alerts; and TCP/User
Datagram Protocol (UDP) transaction logs that track user access by source/destination address and port pairs.

The Firewall feature set is now configurable via Cisco’s ConfigMaker tool. Configmaker is a Microsoft Windows 95, 98,
and NT 4.0-based software tool designed to configure a small network of Cisco routers, switches, hubs, and other network
devices from a single PC. Configmaker’s new Security Wizard enables policy-based configurations for efficient setup of the
security features in the Cisco IOS Firewall feature set.

The Cisco IOS Firewall feature set is currently available on the Cisco 1600 and 2500 series platforms, and will be released
on the Cisco 2600 and 3600 series router platforms in Q3 ’98. Please see IOS chart for image availability.

Key Features and Benefits

Some benefits of the Cisco IOS Firewall feature set are:

•

Flexibility—all-in-one solution can perform routing, provide secure Internet connectivity, and apply distinct security
characteristics according to a user-defined policy to each interface on a per-user or per-application basis.

•

Investment Protection—integrating firewall functionality into a multiprotocol router leverages an existing router
investment. Routers are usually deployed to separate sensitive network segments and manage private/public network
interfaces. The incremental change saves costs and management training associated with learning a new platform.

•

Easier management—with remote management capabilities, a network administrator can implement security features
from a central console over the network.

•

Seamless interoperability—use with other Cisco IOS software features, optimize, WAN utilization, provide robust,
scalable routing, and interoperate with existing Cisco IOS-based networks (such as the Internet).

Context-based access control

With Context-based access control (CBAC), administrators can implement firewall intelligence as part of an integrated,
single-box solution. Now tightly secured networks can allow today’s application traffic and be ready for future advanced
applications such as multimedia and videoconferencing. CBAC enhances security for TCP and UDP applications that use
well-known ports (such as ftpand email traffic) by scrutinizing source and destination addresses.

Specifications

Hardware

For hardware specification information for this IOS feature, refer to the Cisco IOS Software chapter, the appropriate
hardware section, or access Cisco Connection Online at the following URL:

http://www.cisco.com

Software

For additional software specification information, access Cisco Connection Online at the following URL:

2 Cisco Product Catalog, February 1999

http://www.cisco.com

Ordering Information

Configuration Worksheets

For ordering information, access Cisco Connection Online at the following URL:

http://www.cisco.com