Rather, it is mainly used to define the attributes of other security context attributes. Unlike other contexts, the system execution space does not have any Layer 2 or Layer 3 interfaces or any network settings. Similar to a real network, in which one misconfigured device can affect the operations of other network devices, misconfiguration of a security context can impact the overall operation of a security appliance. In multiple security context mode, the Cisco security appliance can be divided into three types:Īll contexts must be configured correctly for proper function. In this figure, each horizontal dotted box represents a security context that has a Cisco ASA inspecting and protecting the packets going through it, while the vertical box represents the physical Cisco security appliance with multiple security contexts. On the other hand, the security appliance administrator manages the system execution space, which is discussed in the next section. Each customer can manage and administer its own security context without interfering with the other context. To implement a cost-effective solution, SecureMe has configured two security contexts in the security appliance: CustA for Customer A and CustB for Customer B. In Figure 9-1, SecureMe, an enterprise headquartered in Chicago, has a Cisco ASA providing firewall services to two of its customers. You currently manage many physical firewalls and you want to integrate security policies into one physical firewall.
You administer a large enterprise with different departmental groups, and each department wants to implement its own security policies.You manage an educational institution and you want to segregate student networks from faculty networks for improved security using one physical security appliance.However, you do not want to purchase additional physical firewalls for each customer. You act as a service provider and you want to provide firewall services to customers.The following are some example scenarios in which security contexts are useful in network deployments:
In Cisco ASA, these virtual firewalls are known as security contexts. Each standalone firewall acts and behaves as an independent entity with its own configuration, interfaces, security policies, routing table, and administrators. The virtual firewall methodology enables a physical firewall to be partitioned into multiple standalone firewalls. This chapter covers the following topics: For more information on Security, visit our Security Reference Guide or sign up for our Security Newsletter
0 kommentar(er)
