User Account

All Pages

Implementing firewall technologies

Assignment Help Computer Networking
Reference no: EM132008395

Implementing Firewall Technologies

Objective: Configuring Zone-Based Policy Firewalls

323_figure.jpg

Note: ISR G1 devices have Fast Ethernet interfaces instead of Gigabit Ethernet Interfaces.

Addressing Table

Device

Interface

IP Address

Subnet Mask

Default

Switch Port

R1-S0000

F0/1

192.168.1.1

255.255.255.0

N/A

S1-S0000 F0/1

 

S0/0 (DEC)

10.1.1.1

255.255.255.252

N/A

N/A

R2-S0000

S0/0

10.1.1.2

255.255.255.252

N/A

N/A

 

S0/1 (DCE)

10.2.2.2

255.255.255.252

N/A

N/A

R3-S0000

F0/0

192.168.33.1

255.255.255.0

N/A

N/A

 

F0/1

192.168.3.1

255.255.255.0

N/A

S3-S0000 F0/1

 

S0/1

10.2.2.1

255.255.255.252

N/A

N/A

PC-A-S0000

NIC

192.168.1.3

255.255.255.0

192.168.1.1

S1-S0000 F0/2

PC-B-S0000

NIC

192.168.3.3

255.255.255.0

192.168.3.1

S3-S0000 F0/2

PC-C-S0000

NIC

192.168.33.3

255.255.255.0

192.168.33.1

N/A

In this lab, you will perform the following tasks:

Part 1: Configure Basic Device Settings

- Configure basic settings such as host name, interface IP addresses, and access passwords.

- Configure static routing to enable end-to-end connectivity.

Part 2: Configuring a Zone-Based Policy Firewall (ZPF)

- Use the CLI to configure a Zone-Based Policy Firewall.

- Use the CLI to verify the configuration.

BACKGROUND

The most basic form of a Cisco IOS firewall uses access control lists (ACLs) to filter IP traffic and monitorest ablished traffic patterns. A traditional Cisco IOS firewall is an ACL-based firewall.

The newer Cisco IOS Firewall implementation uses a zone-based approach that operates as a function of interfaces instead of access control lists. A Zone-Based Policy Firewall (ZPF) allows different inspection policies to be applied to multiple host groups connected to the same router interface. It can be configured for extremely advanced, protocol specific, granular control. It prohibits traffic via a default deny-all policy between different firewall zones. ZPF is suited for multiple interfaces that have similar or varying security requirements.

In this lab, you build a multi-router network, configure the routers and PC hosts, and configure a Zone-Based Policy Firewall using the Cisco IOS command line interface (CLI).

Note: The router commands and output in this lab are from a Cisco 1941 with Cisco IOS Release 15.4(3)M2 (UniversalK9-M). Other routers and Cisco IOS versions can be used. See the Router Interface Summary Table at the end of the lab to determine which interface identifiers to use based on the equipment in the lab. Depending on the router model and Cisco IOS version, the commands available and output produced might vary from what is shown in this lab.

Note: Before beginning, ensure that the routers and switches have been erased and have no startup configurations.

Part 1: Configure Basic Device Settings

The desktop system assigned to you serves as an end-user terminal. You access and manage the lab environment from the student desktop system using GNS3 Software.

Part 2: Configuring a Zone-Based Policy Firewall (ZPF)

In Part 2 of this lab, you configure a zone-based policy firewall (ZPF) on R3 using the command line interface (CLI).

Task 1: Verify Current Router Configurations.

In this task, you will verify end-to-end network connectivity before implementing ZPF.


Task 2: Create a Zone-Based Policy Firewall

In this task, you will create a zone-based policy firewall on R3, making it act not only as a router but also as afirewall. R3 is currently responsible for routing packets for the three networks connected to it. R3's interface roles are configured as follows:

Serial 0/1 is connected to the Internet. Because this is a public network, it is considered an untrusted network and should have the lowest security level.

F0/1 is connected to the internal network. Only authorized users have access to this network. In addition, vital institution resources also reside in this network. The internal network is to be considered a trusted network and should have the highest security level.

F0/0 is connected to a conference room. The conference room is used to host meetings with people who are not part of the organization.

The security policy to be enforced by R3 when it is acting as a firewall dictates that:

- No traffic initiated from the Internet should be allowed into the internal or conference room networks.
- Returning Internet traffic (return packets coming from the Internet into the R3 site, in response to requests originating from any of the R3 networks) should be allowed.
- Computers in the R3 internal network are considered trusted and are allowed to initiate any type traffic (TCP, UDP or ICMP based traffic).
- Computers in the R3 conference room network are considered untrusted and are allowed to initiate only web traffic (HTTP or HTTPS) to the Internet.
- No traffic is allowed between the internal network and the conference room network. There is no guarantee regarding the condition of guest computers in the conference room network. Such machines could be infected with malware and might attempt to send out spam or other malicious traffic.

Part 3: ZPF Verification

Task 1: Verify ZPF Firewall Functionality

Challenge (optional)

Create the proper zone-pair, class-maps, and policy-maps and configure R3 to prevent Internet originating traffic from reaching the Self Zone.

Attachment:- Configuring Zone-Based Policy Firewalls.rar

Reference no: EM132008395

Questions Cloud

What rate of return should an investor : Under these conditions, what rate of return should an investor expect to earn if he or she purchases these bonds?
Graph the call option cash flow schedule : Graph the call option cash flow schedule. Determine the speculator’s profit if the yen appreciates to $1.00/100 yen.
Compute the depreciation for this asset : Bonds Company purchased a new plant asset on April 1, 2015, at a cost of $355,500. Compute the depreciation for this asset for 2015 and 2016
What is the default risk premium : White Corporation's 5-year bonds yield 5.75% and 5-year T-bonds yield 4.40%. The real risk-free rate is r* = 2.5%, the inflation premium for 5-year bonds
Implementing firewall technologies : ITNE - Implementing Firewall Technologies - Configuring Zone-Based Policy Firewalls - Configure static routing to enable end-to-end connectivity
Company plans to buy insurance to cover : The company plans to buy insurance to cover such a loss. Given its WACC of 13%, what will be the maximum premium?
What will the depreciation expense for this purchase : What will the depreciation expense for this purchase (exclude all other plant and equipment) be after its second year of use
Discuss the sharing of ideas that we see : Discuss the sharing of ideas that we see in the 7th and 6th centuries BCE. Identify 2 specific examples that illustrate this sharing of ideas .
Spot-futures parity with continuously compounded interest : Assume that interest is continuously compounded (i.e., use the spot-futures parity with continuously compounded interest).

Reviews

Write a Review

Computer Networking Questions & Answers

  What percentage bus is required to keep atm interface busy

A typical connection between a host and a private ATM switch operates at 155 Mbps. Consider the speed of the bus on your favorite computer.

  Locations and a single internet connection

Each company has a WAN with three locations and a single internet connection. Each network is using the same private IP address block (10.0.0.0/24).

  How technology will allow data request from multiple users

The technology that allows this to happen. How this technology will allow the data request from multiple users to flow across a single link

  What are advantages and disadvanges of session in osi model

What are the advantages and disadvanges of session,presentation and application layer in OSI model into one single application layer in the internet model?

  Define an organization of your choosing

Define an organization of your choosing, describing both the organization's primary purpose and its physical infrastructure.

  Assignment on processor performance & pipeline

We wish to compare two systems S1 and S2. The table below presents measurements for the two systems when running two programs, Program 1 and Program 2.

  Write down a java application which effectively employs

write a java application that effectively uses java collections to store up to 20 instances of the person class and its

  Completed ip addressing table

XUMUC has the WAN links in place to the new locations in the Houston Region.  XUMUC currently has 2 other Regions San Francisco and Denver. Completed IP addressing table

  Vpn and wireless access to external users

Prepare a 2-page e-mail reply to the CEO explaining what you would do to secure the new VPN and wireless access to external users.

  How physical-data link-internet layers contribute

The essential qualities of any system are correctness, reliability, robustness and security, compatibility and scalability, ease of use, and efficiency.

  Discuss advantage to using ip multicast over networks

When the underlying hardware does not support multicast, IF multicast uses hardware broadcast for delivery. How can doing so cause problems?

  Organization wanted to connect three remote sites

The IP network available for the remote sites is: 206.244.21.0/24. The Findlay site has 64 workstations on the LAN. There are 16 workstations in Fostoria, and 34 workstations in Fremont.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd