The Complete Guide to Network Firewall 2019

Introduction to Hardware and Software Firewall

Firewall is a network security system which controls and monitors incoming and outgoing network traffic. Firewalls have two types, the first one is Hardware Firewalls and another one is Software firewalls. Hardware firewalls have a separate hardware with their own Operating System, CPU, RAM and different types of interfaces (ports). Software Firewall, basically a software that can install in other operating systems like Windows, Linux, and MAC. However, we have to write policies on both of them. Firewall’s behaviors always depend upon written policies. In firewalls, we have to write Inbound and Outbound rules, every packet which try to cross the boundary (Inbound to Outbound or Outbound to inbound), first checked by the written policies. If the packet marks as allowed in firewall policies list then it can cross the Firewall, otherwise the firewall drops that packet.

IP Address and Domain Name

To know firewall in details, we must first understand how networking works. IP address plays a vital role in networking. We have two types IP address one is IPv4 another one is IPv6. In this world, every small computer, networking devices and servers have a unique IP address. We have DNS (Domain Name Server), which converts, IP address to Domain Name. Human beings, usually use domain name instant of IP address, because he can easily remember and understand domain name like ““, in comparison of IP address

Network Port and Protocols

Ports and protocols, both play an essential role in networking. In computer Networking, Ports are a virtual path from source to destination. So, whenever, a user request for service’s to server’s, their system itself add a source port number and destination port number. Ports have three types Well Knows, Registered and PrivateInternet Assigned Numbers Authority manages all ports numbers and protocols.

  • Well Known:  From 0-1023 ( used by commonly used protocols. )
  • Registered: 1024 to 49151
  • Private: 49152 to 65 535 ( Also, known as dynamic Ports )

Protocols are the set of rules, which follow by every computer, in order to communicate with another computer. For example, we have protocols like FTP, DNS, HTTP, TELNET, SSH, HTTPS etc. All these protocols are use port from Well Known Ports.

Now, if we have to block a service then we have to directly block the access to that protocol’s port. Some common Protocols and their Port numbers are mentioned below :

Serial NoProtocolPort Number
2Secure Shell (SSH)22

Firewall Zones [Inside, Outside and DMZ]

Firewall interfaces (ports), always keep into various zones. Just, for example, most of the time, network designer called them Inside, Outside and Demilitarized Zone. In Inside zone, we have various switches and routers. Most of the end users are there and working for an organisation. In the Outside Zone, there is the Global internet. This zone is also known as the “World of Hackers”. In the Demilitarized zone, we have our servers like Web Server, FTP Server. This zone is commonly known as DMZ. People’s from outside internet can access our DMZ  Servers like Web Server. In the Cisco ASA firewall, we have to define a security level for each interface. Higher the security level, higher is the trust on that side network.

In this pictures, Router is in Inside, Web Server is in DMZ, and ISP is in Outside zone.

Cisco ASA Firewall with DMZ zone

Firewall Configuration

Although, firewalls are manufactured by many vendors. So, their configurations are also different. In this session, we are going to configure our Cisco ASA firewall using Telnet. First, we have to configure a management port with an IP address as shown below configuration :

ciscoasa# configure terminal 
ciscoasa(config)# interface management 0/0
ciscoasa(config-if)# ip address
ciscoasa(config-if)# nameif management
ciscoasa(config-if)# security-level 100
ciscoasa(config-if)# no shut
ciscoasa(config-if)# exit
ciscoasa(config)# telnet 0 0 management
ciscoasa(config)# aaa authentication telnet console LOCAL
ASA Firewall configurations with Telnet and ASDM

Now, we are open the terminal/cmd in our PC and connect to the ASA Firewall using telnet. An output of the command is showing below :

networking@firewall$ telnet
Connected to
Escape character is ‘^]’.
User Access Verification
Username: vicky
Password: *****
Type help or ‘?’ for a list of available commands.
ciscoasa> en
ciscoasa> enable

Now, we have to configure different interfaces of the firewall. Here, I will configure two interfaces, one is in inside zone and another one is in outside zone. Also, the name of both of the interfaces will be inside and outside. Security level on both of the interfaces will be “100” and “0” respectively. If we give zone name “inside” to any interface, the firewall set security level “100” by default. Also, if any interface in “outside” zone, then firewall set security level “0” by default. One interesting thing is that if we are not given any subnet mask after the IP address, firewall by default set it to the default subnet mask of that class.

Firewall Interface Configuration

Inside Interface Configuration

ciscoasa# configure terminal
ciscoasa(config)# interface GigabitEthernet 0/0
ciscoasa(config-if)# ip address
ciscoasa(config-if)# nameif inside
INFO: Security level for “inside” set to 100 by default.
ciscoasa(config-if)# security-level 100
ciscoasa(config-if)# no shutdown

Outside Interface Configuration

ciscoasa(config)# configure terminal
ciscoasa(config)# interface GigabitEthernet 0/1
ciscoasa(config-if)# ip address
ciscoasa(config-if)# nameif outside
INFO: Security level for “outside” set to 0 by default.
ciscoasa(config-if)# security-level 0
ciscoasa(config-if)# no shut
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# exit

Traffic, which is from Higher Security Level to Lower Security Level is by default allowed in CISCO ASA Firewall. However, the network traffic from Lower Security Level to Higher Security level is set to denied by default. So, if we have to allow traffic from Lower Security Level to Higher Security level, then we can write ACL (Access Control List).

By default, the hostname is set to “ciscoasa” in CISCO ASA Firewall, we can change it by using following commands :

ciscoasa# configure terminal
ciscoasa(config)# hostname networking-firewall

You can add credentials of users with a unique username and password with their Privilege Levels (0 to 15 ) in Cisco ASA. You can follow following guide to add users credentials in Firewall :

ciscoasa# configure terminal 
ciscoasa(config)# username networking password firewall privilege 15

How to setup ASDM on CISCO ASA

ASDM (Adaptive Security Device Manager) is a GUI (Graphical User Interface) application, which is used to configure Cisco ASA in graphical way instant of Command Line. To access ASA in graphical mode, you need to install Java Webstart on your PC. You can access ASDM using below command guide.

networking-firewall# configure terminal 
networking-firewall(config)# http server enable
networking-firewall(config)# http 0 0 Management
networking-firewall(config)# aaa authentication http console LOCAL

In the above configuration, I have enabled HTTP Server(Web Server) on Cisco ASA Firewall. Then we have to provide access to this HTTP Server to users which are part of Management Network (using wildcard bits). At last, configuration line, I enable the authentication for HTTP console. Every user’s which are part of “LOCAL” database can access ASDM of CISCO ASA firewall using their credentials.

After, the above configuration, you can open your web browser and hit the address of Cisco ASA firewall ( in this case. Also, if you are using a Linux Operating System then you can execute the following command in the terminal to open ASDM :

networking@firewall$ javaws 

Access to ASA ASDM using Java Webstart


Guys, In this article, we learn about Firewalls. First of all, we learn a basic of IP addresses and Domain Names. We also studied Network Ports and Protocols. After that, we studied Firewall Zones. Finally, we took an example of a Cisco ASA Firewall and configured it from beginning.


Feel free to ask your queries. We will try to address your questions as soon as possible. Thanks!


Leave a Reply

Your email address will not be published. Required fields are marked *