Hardening of Firewall

Unanswered Question
Aug 25th, 2008

can any one explain me about Cleanup & stealth rule of ASA F/W.Kindly advice how to configure it..!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Syed Iftekhar Ahmed Mon, 08/25/2008 - 16:29

Stealth Rule ( putting management ACEs at the top of your ACL): This is not relevant to Cisco firewalls as the two ACLs are completely separate entities.

Cleanup Rule ( denying all traffic that is not explicitly permitted):This is implicit in every ACL on a Cisco product. There is always an

implicit deny at the end of every ACL.


khanindra Tue, 08/26/2008 - 14:03

Its not clear about staelth rule.

Kindly explain about hardening of firewall like how stop Dos attack.How to save my network from hacker because my firewall open port is 53 & 80 due to running webserver and dns forwarding .....

Syed Iftekhar Ahmed Tue, 08/26/2008 - 14:21

By definition Stealth rule defines the policy that restrict access to the Firewall itself and protect the firewall from traffic directed towards itself.

In cisco firewalls the direct traffic (telnet,ssh,icmp,Http..) is controlled seperately.

"Traffic through the firewall" is controlled by ACL and "traffic to the firewall" is controlled by separate set of commands.

For cisco's recommendation on FW hardening p

Check the examples on Cisco SAFE Blueprint


SAFE: A Security Blueprint for Enterprise Networks

SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User


Syed Iftekhar Ahmed


This Discussion