Escolar Documentos
Profissional Documentos
Cultura Documentos
Firewall Objectives
> Upon completion of this module, you should be familiar with the following:
Firewall Concepts Review Firewall Rules Firewall Rule Components Services and Service Groups Bandwidth Management Scheduling Authorization Content Filtering Virtual Servers Port Address Translation
Types of Firewalls
> Proxy
Acts as a middle man Handles all external connections on behalf of internal clients
> The X505 is a Stateful Firewall and more (IPS, rate shaping, content filtering, etc.)
Firewall Rules
Firewall Rules
> Rules are top down > Implicit deny at the end > Click on (highlight) an existing rule to create a new rule above it > There are many default rules to facilitate such things as DHCP requests, DNS queries and VPN termination
> Action
Permit/Block/Content Filter
> Services/Service Groups > Rate Limiting > Scheduling > Authentication
Bandwidth Management
> Bandwidth management can be applied to applications on a per rule or per session basis > For example, use per session for voice and per rule for limiting WWW access, etc.
Scheduling
> Schedules can be defined to limit a firewall rule to certain times of the day/week
i.e. Work Day = MTWThF from 8AM-6PM
Authorization
> Users can be forced to authorize themselves before accessing various resources > By defining firewall rules that reference privilege groups, users can be authorized before access is allowed > You may need to position authorization rules before the LAN WAN Any rule to ensure that authorization is performed first
10
Authorization
11
Authorization
12
Content Filtering
13
Content Filtering
> Backed by Surf Control > Content Categories > Manual URL Filter > Custom Web Response Page
14
15
> Select whether to permit or block > Specify a partial URL or enter a regular expression
16
Virtual Servers
> Virtual Servers provide the means with which to do one-to-one NAT as well as Port Address Translation (PAT)
17
> Also known as port forwarding > The virtual server listens on a certain port on the outside, and the X505 will forward the connection request to the real port internally
18