The Complete Guide to Network Firewall 2023

Introduction to Hardware and Software Firewall

A firewall is a network security system that controls and monitors incoming and outgoing network traffic. Firewalls have two types, the first one is Hardware Firewalls and another one is Software firewalls. Hardware firewalls have separate hardware with their Operating System, CPU, RAM, and different types of interfaces (ports). Software Firewall is software that can install in other operating systems like Windows, Linux, and MAC. However, we have to write policies on both of them. Firewall behaviors always depend upon written policies. In firewalls, we have to write Inbound and Outbound rules, every packet which tries to cross the boundary (Inbound to Outbound or Outbound to inbound), is first checked by the written policies. If the packet marks as allowed in the firewall policies list then it can cross the Firewall, otherwise the firewall drops that packet.

IP Address and Domain Name

To know the firewall in detail, we must first understand how networking works. The IP address plays a vital role in networking. We have two types of IP addresses one is IPv4 the other is IPv6. In this world, every small computer, networking device, and the server has a unique IP address. We have DNS (Domain Name Server), which converts, IP addresses to Domain Name. Human beings, usually use domain name instant of IP addresses, because they can easily remember and understand domain names like ““, in comparison of IP address

Network Port and Protocols

Ports and protocols, both play an essential role in networking. In computer Networking, Ports are a virtual path from source to destination. So, whenever, a user requests services from servers, their system itself adds a source port number and destination port number. Ports have three types Well Knows, Registered, and PrivateInternet Assigned Numbers Authority manages all port numbers and protocols.

  • Well Known:  From 0-1023 ( used by commonly used protocols. )
  • Registered: 1024 to 49151
  • Private: 49152 to 65 535 ( Also, known as dynamic Ports )

Protocols are the set of rules, which follow by every computer, to communicate with another computer. For example, we have protocols like FTP, DNS, HTTP, TELNET, SSH, HTTPS, etc. All these protocols use ports from Well Known Ports.

Now, if we have to block a service then we have to directly block the access to that protocol port. Some common Protocols and their Port numbers are mentioned below :

Recommended:  SSL Decryption on Palo Alto Next-Generation Firewall
Serial NoProtocolPort Number
2Secure Shell (SSH)22

Firewall Zones [Inside, Outside, and DMZ]

Firewall interfaces (ports), always keep in various zones. Just, for example, most of the time, network designers called them Inside, Outside, and Demilitarized Zone. In the Inside zone, we have various switches and routers. Most of the end-users are there and working for an organization. In the Outside Zone, there is the Global Internet. This zone is also known as the “World of Hackers”. In the Demilitarized zone, we have our servers like Web Server and FTP Server. This zone is commonly known as DMZ. People from outside the internet can access our DMZ  Servers like Web Server. In the Cisco ASA firewall, we have to define a security level for each interface. The higher the security level, the higher the trust on that side network.

In this picture, Router is Inside, Web Server is in DMZ, and ISP is in the Outside zone.

Cisco ASA Firewall with DMZ

Firewall Configuration

Although, firewalls are manufactured by many vendors. So, their configurations are also different. In this session, we are going to configure our Cisco ASA firewall using Telnet. First, we have to configure a management port with an IP address as shown below configuration:

Now, we open the terminal/cmd in our PC and connect to the ASA Firewall using telnet. An output of the command is shown below :

Recommended:  How to configure External Dynamic List - EDL on Palo Alto Firewall

Now, we have to configure different interfaces of the firewall. Here, I will configure two interfaces, one is in the inside zone and another one is in the outside zone. Also, the name of both of the interfaces will be inside and outside. The security level on both of the interfaces will be “100” and “0” respectively. If we give the zone name “inside” to any interface, the firewall set the security level “100” by default. Also, if any interface is in the “outside” zone, then the firewall set the security level “0” by default. One interesting thing is that if we are not given any subnet mask after the IP address, the firewall by default set it to the default subnet mask of that class.

Firewall Interface Configuration

Inside Interface Configuration

Outside Interface Configuration

Traffic, which is from Higher Security Levels to Lower Security Levels is by default allowed in CISCO ASA Firewall. However, the network traffic from Lower Security Level to the Higher Security level is set to deny by default. So, if we have to allow traffic from Lower Security Level to the Higher Security level, then we can write ACL (Access Control List).

By default, the hostname is set to “ciscoasa” in CISCO ASA Firewall, we can change it by using the following commands:

Recommended:  How to Configure GlobalProtect VPN on Palo Alto Firewall

You can add the credentials of users with a unique username and password with their Privilege Levels (0 to 15 ) in Cisco ASA. You can follow the following guide to add users credentials to the Firewall:

How to setup ASDM on CISCO ASA

ASDM (Adaptive Security Device Manager) is a GUI (Graphical User Interface) application, which is used to configure Cisco ASA in a /graphical way instant of Command-Line. To access ASA in graphical mode, you need to install Java Webstart on your PC. You can access ASDM using the below command guide.

In the above configuration, I have enabled HTTP Server(Web Server) on Cisco ASA Firewall. Then we have to provide access to this HTTP Server to users who are part of the Management Network (using wildcard bits). At last, in the configuration line, I enable the authentication for the HTTP console. Every user who is part of the “LOCAL” database can access the ASDM of the CISCO ASA firewall using their local credentials.

After, the above configuration, you can open your web browser and hit the address of the Cisco ASA firewall ( in this case. Also, if you are using a Linux Operating System then you can execute the following command in the terminal to open ASDM :

Access to ASA ASDM using Java Webstart


Guys, In this article, we learn about Firewalls. First of all, we learn the basics of IP addresses and Domain Names. We also studied Network Ports and Protocols. After that, we studied Firewall Zones. Finally, we took an example of a Cisco ASA Firewall and configured it from the beginning.

Related Articles


Feel free to ask your queries. Share us on social media like facebook and shows us some love 🙂

Support our work:

If you appreciate what we do and would like to contribute to our efforts, we kindly ask you to consider buying us a coffee or donate a small contribution on PayPal. Your small donation can go a long way in helping us cover the costs of hosting, maintenance, and further development.

Please consider buying us a coffee or donation on PayPal as a token of appreciation.

Support Us Support Us

We are always thankful for your never-ending support.

Leave a Reply

Your email address will not be published. Required fields are marked *

Share via
Copy link
Powered by Social Snap