For example, if an inside host sends an ICMP echo (ping) packet to another host, the firewall will allow only a single reply packet to return. With PIX 7.0, a firewall can emulate a stateful inspection of ICMP by applying some intuitive rules.
Traditionally, ICMP traffic has been difficult to inspect because it is statelessone host can send one or more ICMP messages without expecting a reply. As with anything, the more "knobs" there are to turn, the more flexibility (and complexity) is available. The Cisco PIX Firewall 7.0 software includes a staggering list of new features and enhancements that can breathe new life into a traditional firewall.
Cisco Systems®, Inc., recently released a major new version of the Cisco PIX® Firewall, version 7.0, and introduced the Cisco Adaptive Security Appliance (ASA) 5500 Series product suite.
0 kommentar(er)
