Guest

Cisco 7200 Series Routers

Cisco IOS Firewall Feature Set for Cisco 7200, No. 977

Hierarchical Navigation

Product Bulletin, No. 977

Announcing Cisco IOS Firewall Feature Set for the Cisco 7200 Series

Introduction

The Cisco IOS® Firewall Feature set, which adds sophisticated firewall capabilities to the existing security services of Cisco IOS software, is now available for the Cisco 7200 series. Customers can now take advantage of high-performance firewall services integrated with the performance, flexibility, and cost-effectiveness of the Cisco 7200 platform. These services are of particular benefit for users deploying virtual private network (VPN) applications.

The Cisco IOS Firewall Feature set is available for the Cisco 7200 series beginning with Cisco IOS Release 12.0(3)T and subsequent releases of 12.0T. The Firewall Feature set is included with specific IP, desktop, and enterprise software images.

Cisco IOS Firewall Benefits

The Cisco IOS Firewall enhances existing Cisco IOS security capabilities such as authentication and encryption with firewall capability. This includes stateful, application-based filtering, Java blocking, defense against network attacks such as SYN flooding, port scans, and packet injection, and support for VPNs based on the Internet Protocol Security (IPSec) standard.

Benefits of the Cisco IOS Firewall feature set include:

  • VPN Support—using Cisco IOS Firewall with other Cisco IOS encryption and quality of service (QoS) features enables secure, low-cost transmission over public networks, reduces implementation and management costs for remote branch offices and extranets, and ensures mission-critical application traffic receives high-priority delivery. Cisco IOS supports multiple tunneling protocols, including Generic Routing Encapsulation (GRE), Layer 2 Forwarding (L2F), Layer 2 Tunneling Protocol (L2TP), and Internet Protocol Security (IPSec) with both 56-bit (DES) and 168-bit (3DES) encryption.

  • Flexibility—this all-in-one solution can perform routing, provide protected Internet connectivity, and apply distinct security characteristics according to a user-defined policy to each interface on a per-user or per-application basis.

  • Investment protection—integrating firewall functionality into a multiprotocol router leverages an existing router investment. Routers are usually deployed to separate sensitive network segments and manage private/public network interfaces. The addition of Cisco IOS Firewall saves costs and management training associated with learning a new platform.

  • Ease of management—with remote management capabilities, a network administrator can implement security features from a central console over the network.

Cisco IOS Firewall Features

Feature Description
Context-Based Access Control (CBAC)
  • Provides internal users secure, per-application-based access control for all traffic across perimeters, for example between private enterprise networks and the Internet

Java Blocking
  • Protects against unidentified, malicious Java applets

Denial of Service Detection/Prevention
  • Defends and protects router resources against common attacks; checks packet headers and drops suspicious packets

Audit Trail
  • Details transactions. Records time stamp, source host, destination host, ports, duration, and total number of bytes transmitted for detailed reporting

Real-Time Alerts
  • Logs alerts in case of denial-of-service attacks or other pre-configured conditions

Related Cisco IOS Security Features

Feature Description
Basic and Advanced Traffic Filtering
  • Standard and extended access control lists (ACLs) apply controls over access to specific network segments and define which traffic passes through a network segment

  • Lock and key—dynamic ACLs grant temporary access through firewalls upon user identification (username/password)

Policy-Based Multiple Interface Support
  • Controls user access by IP address and interface as determined by security policy

Peer Router Authentication
  • Ensures that routers receive reliable routing information from trusted sources

Event Logging
  • Allows administrators to track potential security breaches or other nonstandard activities on a real-time basis by logging output from system error messages to a console terminal or syslog server, setting severity levels, and recording other parameters

Availability and Ordering

Cisco IOS Firewall is available for the Cisco 7200 series with Cisco IOS Release 12.0(3)T and subsequent 12.0T releases. IP-only, Desktop/IBM, and Enterprise images with two levels of encryption (IPSec 56 and IPSec 3DES) can be ordered with the Cisco IOS Firewall option.

Cisco IOS Firewall is also available for Cisco 1600, 1720, 2500, 2600, and 3600 series routers.

Additional Information

Additional information about the Cisco IOS Firewall Feature Set can be found at: http://www.cisco.com/warp/public/778/security/firewall/.

Please contact Mark Jansen, product manager, Enterprise WAN Software Products, at mjansen@cisco.com or Jocelyne Okrent, product manager, Cisco IOS Firewall Feature Set, at jokrent@cisco.com for additional details.