Explain Cisco ASA security level with practical example
In this
article we learn about what is security level of cisco ASA firewall ,different
types of security levels, different types of security zones and explain all the
above concern with practical example.
What is Cisco ASA security level
Cisco ASA security
value describes which interface is more trusted than the other interface based
on security level. More security level
indicated most trusted interface among the other interface. We can also define
the security zone based on the security level.
Types of Cisco ASA security levels
There are three
types of security levels.
Security level
100 is the highest security level on the Cisco ASA firewall and by default it
it assigned the inside interface of the cisco ASA firewall. As it has highest
security level traffic from internal network can roam any where.
Security level
0 is the lowest security level on the cisco
ASA firewall and by default it is assigned to the outside interface of the
cisco ASA firewall. As it is lowest security level traffic from the outside interface
can not reach the internal network
unless we apply policy within the access-list.
Security level<1-99>
is the another security level you can create any security level. Lets take an
example suppose we create a DMZ zone and give one security level which is
50.traffic from the DMZ zone move to outside interface and traffic from the inside interface move to
DMZ zone but traffic from the DMZ zone can not reach to inside interface because
inside interface has security level which is higher the security level of DMZ
zone.
 |
Explain Cisco ASA security level with practical example
Types of Cisco ASA security zones
There are
three types of zones based on the security level of the cisco ASA firewall.
One is the
inside zone ,you can say it is the internal network of an organization . it is
more secured zone because by default its
security level is 100. More security level indicates the most trusted interface
as well as zone. User can send traffic any where from this zone.
Second is
DMZ zone where all web servers as well as ftp servers are located. Traffic from
the inside zone can reach DMZ zone but traffic from the DMZ zone can not reach
to inside zone but traffic from the DMZ zone can reach to outside zone.
Third is
outside zone which is less secure zone as its security level is 0.traffic from
the outside zone can not reach to DMZ zone as well as inside zone unless we
apply policy within the access-list.
0 comments:
Post a Comment