Cisco Secure Firewall Services Module - Blair_ Ray.pdf - Cisco Secure Firewall Services Module (1276) - superktos86

Cisco Secure Firewall Services

Module (FWSM)

Ray Blair, CCIE No. 7050

Arvind Durai, CCIE No. 7016

Cisco Press

800 East 96th Street

Indianapolis, IN 46240 USA

Cisco Secure Firewall Services Module (FWSM)

Ray Blair, Arvind Durai

Published by:

Cisco Press

800 East 96th Street

Indianapolis, IN 46240 USA

or mechanical, including photocopying, recording, or by any information storage and retrieval system, without writ-

ten permission from the publisher, except for the inclusion of brief quotations in a review.

Printed in the United States of America

First Printing September 2008

Library of Congress Cataloging-in-Publication Data:

Blair, Ray, 1965-

Cisco secure ﬁrewall services module (FWSM) / Ray Blair, Arvind Durai.

p. cm.

ISBN-13: 978-1-58705-353-5 (pbk.)

ISBN-10: 1-58705-353-5 (pbk.)

1. Computer networks—Security measures. 2. Firewalls (Computer security) 3. Cisco Systems, Inc. I. Durai,

Arvind. II. Title.

TK5105.59.B563 2009

005.8—dc22

2008030575

ISBN-13: 978-1-58705-353-5

ISBN-10: 1-58705-353-5

Warning and Disclaimer

This book is designed to provide information about the Firewall Services Module, using practical design examples.

Every effort has been made to make this book as complete and as accurate as possible, but no warranty or ﬁtness is

implied.

The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have neither

liability nor responsibility to any person or entity with respect to any loss or damages arising from the information

contained in this book or from the use of the discs or programs that may accompany it.

The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.

Trademark Acknowledgments

All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capital-

ized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book

should not be regarded as affecting the validity of any trademark or service mark.

iii

Corporate and Government Sales

The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales,

which may include electronic versions and/or custom covers and content particular to your business, training goals,

marketing focus, and branding interests. For more information, please contact:

U.S. Corporate and Government Sales 1-800-382-3419 corpsales@pearsontechgroup.com

For sales outside the United States please contact:

International Sales international@pearsoned.com

Feedback Information

At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted

with care and precision, undergoing rigorous development that involves the unique expertise of members from the

professional technical community.

Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we could

improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through email at

feedback@ciscopress.com. Please make sure to include the book title and ISBN in your message.

We greatly appreciate your assistance.

Publisher

Paul Boger

Associate Publisher

Dave Dusthimer

Cisco Representative

Anthony Wolfenden

Cisco Press Program Manager

Jeff Brady

Executive Editor

Brett Bartow

Managing Editor

Patrick Kanouse

Development Editor

Dan Young

Senior Project Editor

Tonya Simpson

Copy Editor

Barbara Hacha

Technical Editors

Sunil Gul Wadwani, Bryan Osoro

Editorial Assistant

Vanessa Evans

Designer

Louisa Adair

Composition

Mark Shirar

Indexer

John Bickelhaupt

Proofreader

Kathy Ruiz

Americas Headquarters

Cisco Systems, Inc.

San Jose, CA

Asia Pacific Headquarters

Cisco Systems (USA) Pte. Ltd.

Singapore

Europe Headquarters

Cisco Systems International BV

Amsterdam, The Netherlands

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks.; Changing the Way We Work, Live, Play, and Learn is a service mark; and

Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems,

Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,

iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PCNow,

PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of

Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0805R)

About the Authors

Ray Blair is a consulting systems architect and has been with Cisco Systems for more than eight years,

working primarily on security and large network designs. He has 20 years of experience with designing,

implementing, and maintaining networks that have included nearly all networking technologies. His

ﬁrst four years in the high-technology industry started with designing industrial computer systems for

process monitoring. Mr. Blair maintains three Cisco Certiﬁed Internetwork Expert (CCIE) certiﬁcations

in Routing and Switching, Security, and Service Provider. He also is a Certiﬁed Novell Engineer (CNE)

and a Certiﬁed Information Systems Security Professional (CISSP).

Arvind Durai is an advanced services technical leader for Cisco Systems. His primary responsibility has

been in supporting major Cisco customers in the Enterprise sector, some of which includes Financial,

Manufacturing, E-commerce, State Government, and Health Care sectors. One of his focuses has been on

security, and he has authored several white papers and design guides in various technologies. Mr. Durai

maintains two Cisco Certiﬁed Internetwork Expert (CCIE) certiﬁcations in Routing and Switching and

Security. Mr. Durai holds a Bachelor of Science degree in Electronics and Communication, a Master’s

degree in Electrical Engineering (MS), and Master’s degree in Business Administration (MBA).

About the Technical Reviewers

Sunil Wadwani, M.S, M.B.A, is a technical marketing engineer for the Security Technology Business

Unit (STBU) at Cisco. Sunil is a 20-year veteran of the technology ﬁeld with experiences in the design,

development, and provisioning of networking products. His career in Cisco began in 1992, when he was

part of a design team developing the ﬁrst version of the Cisco 7200 router. Sunil’s primary responsibiliy

today as a technical marketing engineer requires him to advise customers and sales engineeers on some

of the deployment aspects of security products such as VPN, ﬁrewall, and IPS.

Sunil has an M.S in Computer Engineering from the University of California, Irvine, and an M.B.A

from Santa Clara University. He lives in Saratoga, California with his wife Shalini and two sons, Shiv

and Kunal.

Bryan Osoro, CCIE No. 8548, is a systems engineer with Cisco and has covered the small/medium

business, large enterprise, and some service provider networks in the Paciﬁc Northwest for the past ﬁve

years. He also has spent time working in the TAC organization supporting a variety of technologies,

including the PIX and VPN security devices. Mr. Osoro has been responsible for designing highly com-

plex network environments with strict requirements for availability and reliability. He currently main-

tains four CCIE certiﬁcations in Routing/Switching, Security, Service Provider, and Voice. He is also a

Certiﬁed Information Systems Security Professional (CISSP) and holds the Juniper Networks Certiﬁed

Internet Specialist (JNCIS-M) certiﬁcation.

Cisco Secure Firewall Services Module - Blair_ Ray.pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: