11.2.7 Configure a Perimeter Firewall
You work as the IT security administrator for a small corporate network. You recently placed a web server in the DMZ. You need to configure the perimeter firewall on the network security appliance to allow access to the web server from the LAN and the WAN. You would also like to improve security by utilizing the attack security features provided by the firewall.
In this lab, your task is to:
- Add an HTTP firewall rule that allows traffic from the WAN to the web server in the DMZ.
Parameter Setting From Zone UNSECURE (WAN) To Zone DMZ Service HTTP Action Allow Always Source Hosts Any Internal IP Address 172.16.2.100 External IP Address Dedicated WAN - Add an HTTPS firewall rule that allows traffic from the WAN to the web server in the DMZ.
Parameter Setting From Zone UNSECURE (WAN) To Zone DMZ Service HTTPS Action Allow Always Source Hosts Any Internal IP Address 172.16.2.100 External IP Address Dedicated WAN - Add a firewall rule to allow traffic from the LAN to the DMZ.
Parameter Setting From Zone SECURE (LAN) To Zone DMZ Service Any Action Allow Always Source Hosts Any Destination Hosts Any - Enable all the firewall attack checks.
Complete this lab as follows:
- Configure the firewall as follows:
- From the top menu of the Security Appliance Configuration Utility, select Firewall.
- From the left pane, select IPv4 Rules.
- In the right pane, select Add.
- Modify the firewall rule parameters.
- Click Apply.
- Repeat steps 1c–1e for each firewall rule.
- Enable firewall attack checks as follows:
- From the left pane, select Attacks.
- Select all the WAN security checks.
- Select all the LAN security checks.
- Select all the ICSA settings.
- Click Apply.
Comments
Post a Comment