A firewall's essential function is to isolate its interfaces from each other and to carefully control how packets are forwarded from one interface to another. In its default state, a firewall does not allow any packets to pass through it until some security policies are configured.
Before connections can form between firewall interfaces, two conditions must be met:
An address translation policy must be configured between a pair of interfaces.
A security policy must be configured to allow the connection to initiate toward the destination. This is usually in the form of an access list applied to a firewall interface.
A Cisco firewall inspects traffic through a progression of functions. Figure 1-3 shows the order ...