TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers
-
Upload
justingoldberg -
Category
Documents
-
view
61 -
download
0
description
Transcript of TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers
![Page 1: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/1.jpg)
TippingPoint X505 Training
Firewall Firewall –– Rules, Services and Virtual ServersRules, Services and Virtual Servers
![Page 2: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/2.jpg)
2
Firewall – Objectives
> Upon completion of this module, you should be familiar with the following:— Firewall Concepts Review
— Firewall Rules
— Firewall Rule Components
— Services and Service Groups
— Bandwidth Management
— Scheduling
— Authorization
— Content Filtering
— Virtual Servers
— Port Address Translation
![Page 3: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/3.jpg)
3
Types of Firewalls
> Network Address Translation— Translates internal IP addresses to external addresses
— Can be used to map many internal addresses to one (or few) external addresses
— Denies most connections inbound
> Proxy— Acts as a “middle man”
— Handles all external connections on behalf of internal clients
> Stateful Inspection— Keeps track of the state of all connections
— Denies out of state connection attempts
— Rules or policies determine what can or cannot be accessed from outside the network
> The X505 is a Stateful Firewall and more (IPS, rate shaping, content filtering, etc.)
![Page 4: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/4.jpg)
4
Firewall Rules
![Page 5: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/5.jpg)
5
Firewall Rules
> Rules are “top down”
> Implicit deny at the end
> Click on (highlight) an existing rule to create a new rule above it
> There are many default rules to facilitate such things as DHCP requests, DNS queries and VPN termination
![Page 6: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/6.jpg)
6
Firewall Rule Components
> Source/Destination Zones— IP Address Groups
> Action— Permit/Block/Content Filter
> Services/Service Groups
> Rate Limiting
> Scheduling
> Authentication
![Page 7: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/7.jpg)
7
Services and Service Groups
> Services are applications and protocols that can be configured in a firewall rule to police that traffic— The X505 comes with a host of pre-defined services
> i.e. – “dns-tcp” is protocol 6 (TCP) and port 53
> Service Groups are groupings of services— Similar to the Services, the X505 comes with a host of pre-defined service groups
> i.e. – “dns” consists of the services “dns-tcp” and “dns-udp”
![Page 8: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/8.jpg)
8
Bandwidth Management
> Bandwidth management can be applied to applications on a per rule or per session basis
> For example, use per session for voice and per rule for limitingWWW access, etc.
![Page 9: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/9.jpg)
9
Scheduling
> Schedules can be defined to limit a firewall rule to certain times of the day/week— i.e. – “Work Day” = MTWThF from 8AM-6PM
![Page 10: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/10.jpg)
10
Authorization
> Users can be forced to authorize themselves before accessing various resources
> By defining firewall rules that reference privilege groups, users can be authorized before access is allowed
> You may need to position authorization rules before the “LAN”“WAN” “Any” rule to ensure that authorization is performed first
![Page 11: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/11.jpg)
11
Authorization
Create a privilege group…
Assign the privilege groupto a user…
Enable user authentication in a firewall rule…
![Page 12: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/12.jpg)
12
Authorization
![Page 13: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/13.jpg)
13
Content Filtering
![Page 14: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/14.jpg)
14
Content Filtering
> 3Com Content Filter Service — Servers based in NA, Europe or Asia
> Subscription Service— Must have “DV Gold” Maintenance level
> Backed by Surf Control
> Content Categories
> Manual URL Filter
> Custom Web Response Page
![Page 15: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/15.jpg)
15
Content Filtering Configuration
> Enable Content Filter and/or Manual URL Filter— Optional: Custom Response Page
> Create a firewall rule with the action “Content Filter”— Position the rule above the “LAN” “WAN” “Any” rule to ensure that
content filtering takes place first
![Page 16: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/16.jpg)
16
Manual URL Filter
> Select whether to permit or block
> Specify a partial URL or enter a regular expression
![Page 17: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/17.jpg)
17
Virtual Servers
> Virtual Servers provide the means with which to do one-to-one NAT as well as Port Address Translation (PAT)
![Page 18: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/18.jpg)
18
Port Address Translation
> Also known as “port forwarding”
> The virtual server “listens” on a certain port on the outside, and the X505 will forward the connection request to the “real” port internally
![Page 19: TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers](https://reader033.fdocuments.us/reader033/viewer/2022061110/54512b2ab1af9f87248b4590/html5/thumbnails/19.jpg)
LAB 4Firewall and Virtual Server