Cisco PIX Security Appliances 515, 515E, 525, 535 and Cisco ASA Adaptive Security Appliances 5510, 5520 and 5540
|Product type: Network and Network Related Devices and Systems|
Product Status: Completed
Assurance Level: EAL4+ CC EAL4+ ALC_FLR.1
Certification Country: UNITED STATES (2007)
The Cisco PIX Security Appliance and the Cisco ASA Adaptive Security Appliance are stateful packet filtering firewalls. A stateful packet filtering firewall controls the flow of IP traffic by matching information contained in the headers of connection-oriented or connectionless IP packets against a set of rules specified by the firewall\\\'s authorised administrator. This header information includes source and destination host (IP) addresses, source and destination port numbers, and the transport service application protocol (TSAP) held within the data field of the IP packet. Depending upon the rule and the results of the match, the firewall either passes or drops the packet. The stateful firewall remembers the state of the connection from information gleaned from prior packets flowing on the connection and uses it to regulate current packets. The packet will be denied if the security policy is violated. In addition to IP header information,Cisco PIX and ASA appliances mediate information flows on the basis of other information, such as the direction (incoming or outgoing) of the packet on any given firewall network interface. For connection-oriented transport services, the firewall either permits connections and subsequent packets for the connection or denies the connection and subsequent packets associated with the connection.