User Account

All Pages

Implementing firewall technologies

Assignment Help Computer Networking
Reference no: EM132008395

Implementing Firewall Technologies

Objective: Configuring Zone-Based Policy Firewalls

323_figure.jpg

Note: ISR G1 devices have Fast Ethernet interfaces instead of Gigabit Ethernet Interfaces.

Addressing Table

Device

Interface

IP Address

Subnet Mask

Default

Switch Port

R1-S0000

F0/1

192.168.1.1

255.255.255.0

N/A

S1-S0000 F0/1

 

S0/0 (DEC)

10.1.1.1

255.255.255.252

N/A

N/A

R2-S0000

S0/0

10.1.1.2

255.255.255.252

N/A

N/A

 

S0/1 (DCE)

10.2.2.2

255.255.255.252

N/A

N/A

R3-S0000

F0/0

192.168.33.1

255.255.255.0

N/A

N/A

 

F0/1

192.168.3.1

255.255.255.0

N/A

S3-S0000 F0/1

 

S0/1

10.2.2.1

255.255.255.252

N/A

N/A

PC-A-S0000

NIC

192.168.1.3

255.255.255.0

192.168.1.1

S1-S0000 F0/2

PC-B-S0000

NIC

192.168.3.3

255.255.255.0

192.168.3.1

S3-S0000 F0/2

PC-C-S0000

NIC

192.168.33.3

255.255.255.0

192.168.33.1

N/A

In this lab, you will perform the following tasks:

Part 1: Configure Basic Device Settings

- Configure basic settings such as host name, interface IP addresses, and access passwords.

- Configure static routing to enable end-to-end connectivity.

Part 2: Configuring a Zone-Based Policy Firewall (ZPF)

- Use the CLI to configure a Zone-Based Policy Firewall.

- Use the CLI to verify the configuration.

BACKGROUND

The most basic form of a Cisco IOS firewall uses access control lists (ACLs) to filter IP traffic and monitorest ablished traffic patterns. A traditional Cisco IOS firewall is an ACL-based firewall.

The newer Cisco IOS Firewall implementation uses a zone-based approach that operates as a function of interfaces instead of access control lists. A Zone-Based Policy Firewall (ZPF) allows different inspection policies to be applied to multiple host groups connected to the same router interface. It can be configured for extremely advanced, protocol specific, granular control. It prohibits traffic via a default deny-all policy between different firewall zones. ZPF is suited for multiple interfaces that have similar or varying security requirements.

In this lab, you build a multi-router network, configure the routers and PC hosts, and configure a Zone-Based Policy Firewall using the Cisco IOS command line interface (CLI).

Note: The router commands and output in this lab are from a Cisco 1941 with Cisco IOS Release 15.4(3)M2 (UniversalK9-M). Other routers and Cisco IOS versions can be used. See the Router Interface Summary Table at the end of the lab to determine which interface identifiers to use based on the equipment in the lab. Depending on the router model and Cisco IOS version, the commands available and output produced might vary from what is shown in this lab.

Note: Before beginning, ensure that the routers and switches have been erased and have no startup configurations.

Part 1: Configure Basic Device Settings

The desktop system assigned to you serves as an end-user terminal. You access and manage the lab environment from the student desktop system using GNS3 Software.

Part 2: Configuring a Zone-Based Policy Firewall (ZPF)

In Part 2 of this lab, you configure a zone-based policy firewall (ZPF) on R3 using the command line interface (CLI).

Task 1: Verify Current Router Configurations.

In this task, you will verify end-to-end network connectivity before implementing ZPF.


Task 2: Create a Zone-Based Policy Firewall

In this task, you will create a zone-based policy firewall on R3, making it act not only as a router but also as afirewall. R3 is currently responsible for routing packets for the three networks connected to it. R3's interface roles are configured as follows:

Serial 0/1 is connected to the Internet. Because this is a public network, it is considered an untrusted network and should have the lowest security level.

F0/1 is connected to the internal network. Only authorized users have access to this network. In addition, vital institution resources also reside in this network. The internal network is to be considered a trusted network and should have the highest security level.

F0/0 is connected to a conference room. The conference room is used to host meetings with people who are not part of the organization.

The security policy to be enforced by R3 when it is acting as a firewall dictates that:

- No traffic initiated from the Internet should be allowed into the internal or conference room networks.
- Returning Internet traffic (return packets coming from the Internet into the R3 site, in response to requests originating from any of the R3 networks) should be allowed.
- Computers in the R3 internal network are considered trusted and are allowed to initiate any type traffic (TCP, UDP or ICMP based traffic).
- Computers in the R3 conference room network are considered untrusted and are allowed to initiate only web traffic (HTTP or HTTPS) to the Internet.
- No traffic is allowed between the internal network and the conference room network. There is no guarantee regarding the condition of guest computers in the conference room network. Such machines could be infected with malware and might attempt to send out spam or other malicious traffic.

Part 3: ZPF Verification

Task 1: Verify ZPF Firewall Functionality

Challenge (optional)

Create the proper zone-pair, class-maps, and policy-maps and configure R3 to prevent Internet originating traffic from reaching the Self Zone.

Attachment:- Configuring Zone-Based Policy Firewalls.rar

Reference no: EM132008395

Questions Cloud

What rate of return should an investor : Under these conditions, what rate of return should an investor expect to earn if he or she purchases these bonds?
Graph the call option cash flow schedule : Graph the call option cash flow schedule. Determine the speculator’s profit if the yen appreciates to $1.00/100 yen.
Compute the depreciation for this asset : Bonds Company purchased a new plant asset on April 1, 2015, at a cost of $355,500. Compute the depreciation for this asset for 2015 and 2016
What is the default risk premium : White Corporation's 5-year bonds yield 5.75% and 5-year T-bonds yield 4.40%. The real risk-free rate is r* = 2.5%, the inflation premium for 5-year bonds
Implementing firewall technologies : ITNE - Implementing Firewall Technologies - Configuring Zone-Based Policy Firewalls - Configure static routing to enable end-to-end connectivity
Company plans to buy insurance to cover : The company plans to buy insurance to cover such a loss. Given its WACC of 13%, what will be the maximum premium?
What will the depreciation expense for this purchase : What will the depreciation expense for this purchase (exclude all other plant and equipment) be after its second year of use
Discuss the sharing of ideas that we see : Discuss the sharing of ideas that we see in the 7th and 6th centuries BCE. Identify 2 specific examples that illustrate this sharing of ideas .
Spot-futures parity with continuously compounded interest : Assume that interest is continuously compounded (i.e., use the spot-futures parity with continuously compounded interest).

Reviews

Write a Review

Computer Networking Questions & Answers

  Networking and types of networking

This assignment explains the networking features, different kinds of networks and also how they are arranged.

  National and Global economic environment and ICICI Bank

While working in an economy, it has a separate identity but cannot operate insolently.

  Ssh or openssh server services

Write about SSH or OpenSSH server services discussion questions

  Network simulation

Network simulation on Hierarchical Network Rerouting against wormhole attacks

  Small internet works

Prepare a network simulation

  Solidify the concepts of client/server computing

One-way to solidify the concepts of client/server computing and interprocess communication is to develop the requirements for a computer game which plays "Rock, Paper, Scissors" using these techniques.

  Identify the various costs associated with the deployment

Identify the various costs associated with the deployment, operation and maintenance of a mobile-access system. Identify the benefits to the various categories of user, arising from the addition of a mobile-access facility.

  Describe how the modern view of customer service

Describe how the greater reach of telecommunication networks today affects the security of resources which an organisation provides for its employees and customers.

  Technology in improving the relationship building process

Discuss the role of Technology in improving the relationship building process Do you think that the setting of a PR department may be helpful for the ISP provider? Why?

  Remote access networks and vpns

safekeeping posture of enterprise (venture) wired and wireless LANs (WLANs), steps listed in OWASP, Securing User Services, IPV4 ip address, IPV6 address format, V4 address, VPN, Deploying Voice over IP, Remote Management of Applications and Ser..

  Dns

problems of IPV, DNS server software, TCP SYN attack, Ping of Death, Land attack, Teardrop attack, Smurf attack, Fraggle attack

  Outline the difference between an intranet and an extranet

Outline the difference between an intranet and an extranet A programmer is trying to produce an applet with the display shown in Figure 1 below such that whenever one of the checkboxes is selected the label changes to indicate correctly what has..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd