Government Security
Network Security Resources

Jump to content


Cisco Virtual Firewalls review

- - - - - security firewall
  • Please log in to reply
1 reply to this topic

#1 desperado618


    Private First Class

  • Members
  • 31 posts

Posted 10 November 2008 - 11:55 AM

This is part 3 of the virtual firewalls review. We will take a look at Cisco Security Contexts It Security news and information in plain English.

#2 Marts McFly

Marts McFly

    Global Moderator

  • Colonel
  • 591 posts

Posted 10 November 2008 - 03:25 PM

Not a bad article. I am new to the concept of virtual firewalls. It makes sense. But i have a few questions...

I assume that when you are running in multi mode or have more than one context... you can't route traffic between the two? Because the article states one of the advantages is you can have overlapping networks using the same physical firewall but the contexts split them up. Then how to the clients on contextA reach clients on contextB? It can't because the IP addresses are the same and routing is a layer 3 function. So as the article shows the example of CompanyA acquiring CompanyB... and CompanyB having the same IP scheme, a security context will resolve the problem by separating the two (VLANing in a sense). But then how do they communicate? You can't route between two identical networks.

EDIT: Just went and read up more about it here ( http://www.informit....e.aspx?p=426641 ). Seems i am right. If you share the interfaces between contexts... so making it a virtual firewall, the destination IP address of a packet must be unique if you want to traverse the context into the other network. So in essence... I don't believe this is beneficial for say, a large WAN environment where you could do the same thing using VLANs. I do see how it is beneficial for a NOC or ISP or someone serving multiple customers in the same location (as the author stated haha)
Certified Information Systems Security Professional (CISSP)



Also tagged with one or more of these keywords: security, firewall