Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Hardening of Firewall

can any one explain me about Cleanup & stealth rule of ASA F/W.Kindly advice how to configure it..!

3 REPLIES

Re: Hardening of Firewall

Stealth Rule ( putting management ACEs at the top of your ACL): This is not relevant to Cisco firewalls as the two ACLs are completely separate entities.

Cleanup Rule ( denying all traffic that is not explicitly permitted):This is implicit in every ACL on a Cisco product. There is always an

implicit deny at the end of every ACL.

Syed

Community Member

Re: Hardening of Firewall

Its not clear about staelth rule.

Kindly explain about hardening of firewall like how stop Dos attack.How to save my network from hacker because my firewall open port is 53 & 80 due to running webserver and dns forwarding .....

Re: Hardening of Firewall

By definition Stealth rule defines the policy that restrict access to the Firewall itself and protect the firewall from traffic directed towards itself.

In cisco firewalls the direct traffic (telnet,ssh,icmp,Http..) is controlled seperately.

"Traffic through the firewall" is controlled by ACL and "traffic to the firewall" is controlled by separate set of commands.

For cisco's recommendation on FW hardening p

Check the examples on Cisco SAFE Blueprint

http://www.cisco.com/safe

SAFE: A Security Blueprint for Enterprise Networks

SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User

Networks

Syed Iftekhar Ahmed

2040
Views
0
Helpful
3
Replies
CreatePlease to create content