mod 3 CCNSP firewall.pdf - INTRODUCTION 1 Access...

This preview shows page 1 - 6 out of 33 pages.

INTRODUCTION ...................................................................................................................................... 1 Access Control (Appliance Access) ......................................................................................................................... 1 Managing IP address at each port of the security solution ....................................................................................... 2 Bridge Pair IP Management .................................................................................................................................... 4 Zone Management ................................................................................................................................................ 4 Default Zones ............................................................................................................................................................. 4 Creating a Zone on the security appliance ................................................................................................................ 5 Rule Management ................................................................................................................................................. 7 Default Firewall Rules ................................................................................................................................................ 7 Default firewall rule for “Monitor only” IAP .......................................................................................................... 8 Default firewal l rules for “General Internet policy” .............................................................................................. 9 Default firewall rules for “Strict Internet policy” ................................................................................................. 10 Managing Objects ................................................................................................................................................ 10 Defining Custom Services ........................................................................................................................................ 11 IP Host ...................................................................................................................................................................... 11 MAC host ................................................................................................................................................................. 11 FQDN Host ............................................................................................................................................................... 13 Country Host ............................................................................................................................................................ 13 Outbound NAT (Source NAT) ............................................................................................................................... 14 Create a Firewall rule to include the NAT policy ..................................................................................................... 14 Inbound NAT (Virtual Host) .................................................................................................................................. 14 Create Virtual Host .................................................................................................................................................. 15 Create firewall rule to include Virtual host .............................................................................................................. 16 Loopback Firewall Rule ............................................................................................................................................ 16 Reflexive Firewall Rule ............................................................................................................................................. 17 Fusion Firewall Technology .................................................................................................................................. 17 Load Balance & Failover .......................................................................................................................................... 17 Unified Threat Control ............................................................................................................................................. 17 Routing ................................................................................................................................................................ 18 What is Routing? ...................................................................................................................................................... 18 Algorithm types ....................................................................................................................................................... 18 Static V/S Dynamic ............................................................................................................................................... 18 Single-path V/S Multipath ................................................................................................................................... 19 Link-State V/S Distance-Vector ............................................................................................................................ 19 Routing in Cyberoam ............................................................................................................................................... 19 Static Routing ....................................................................................................................................................... 19 Multicast Forwarding ........................................................................................................................................... 21 Policy based routing ............................................................................................................................................ 21 Summary ............................................................................................................................................................. 23 Labs ..................................................................................................................................................................... 24 Lab #6 Securing the Appliance ................................................................................................................................. 24
Lab #7 Create a DROP firewall rule for your m achine’s IP address ......................................................................... 26 Lab #8 Create an ACCEPT firewall rule for your machine’s IP address .................................................................... 27 Lab #9 Create Schedule & Apply in Firewall Rule .................................................................................................... 28 Lab #10 Create Firewall Rule to Allow DNS Traffic .................................................................................................. 28 Lab #11 Create Virtual Host to Publish a RDP Server residing in the LAN ............................................................... 29
Firewall Cyberoam Certified Network & Security Professional 1 Introduction After deploying Cyberoam in the network as a bridge or a gateway, this module highlights in depth features of Cyberoam as a firewall. From previous learning, we know what a firewall is, and the types of firewalls. We have seen the evolution of firewalls, starting from packet filters, application proxies, stateful inspection firewall, UTM, and Cyberoam - Next Generation UTM. We know that adding a firewall to the network will allow the network administrator to control the access to network resources. Cyberoam Layer 8 Firewall controls the packets in network by adding identity to each packet and hence has a better understanding to each packet, than to apply only ACL’s. Cyberoam Layer 8 not only repl aces the traditional firewall’s functionalities, but also adds zone based firewalling mechanisms to the network. To summarize, we now see the Cyberoam Layer 8 as a “Zone and identity based firewall”. Access Control (Appliance Access) Using Appliance Access to limit the Administrative access to the following services from LAN/WAN/DMZ: Admin Services (HTTP, HTTPS, Telnet, SSH) Authentication Services (User Login options) Proxy Services (Web proxy) Network Services (DNS, Ping) Default Access Control configuration When Cyberoam appliance is connected and powered up for the first time, it will have a default Access configuration as specified below: Admin Services HTTPS (TCP port 443) and SSH (TCP port 22) services will be open for administrative functions for LAN zone Authentication Services

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture