Presentation is loading. Please wait.

Presentation is loading. Please wait.

A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C.

Similar presentations


Presentation on theme: "A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C."— Presentation transcript:

1 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 1 FC 2.0 Labs (v1.1) StoneBeat™ FullCluster Labs Installation Files

2 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 2 FC 2.0 Labs (v1.1) Installation Files on Windows NT: Create installation folders: C:\Install\Sbfc C:\Install\Sbgui Use WinZip to unzip files to installation folders: CDROM:\sbfc_fw1_20\nt\sbfc_xxx.zip to folder c:\install\sbfc CDROM:\sbgui_42\nt\sbgui_xxx.zip to folder c:\install\sbgui

3 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 3 FC 2.0 Labs (v1.1) Installation Files on Solaris: Create installation folder: mkdir /install Copy files from the cdrom to the installation folder: cp /cdrom/cdrom0/sbfc_fw1_20/solaris/sbfc_xxx.gz /install cp /cdrom/cdrom0/sbgui_42/solaris/sbgui_xxx.gz /install Unzip files: /cdrom/cdrom0/Zip/gunzip.bin /install/sbfc_xxx.gz /cdrom/cdrom0/Zip/gunzip.bin /install/sbgui_xxx.gz Untar files: tar xvf /install/sbfc_xxx tar xvf /install/sbgui_xxx

4 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 4 FC 2.0 Labs (v1.1) StoneBeat™ FullCluster Labs Network Topology

5 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 5 FC 2.0 Labs (v1.1) FTP-CLIENT SBFC SBFC FTP-SERVER StoneBeat FullCluster Lab Network Topology Site #1

6 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 6 FC 2.0 Labs (v1.1) Site #1: /etc/hosts localhost #Ftp-server for all the sites ftp-server #Site sbfc101#Control sbfc site1-external#External sbfc101-external sbfc102-external site1-internal#Internal sbfc101-internal sbfc102-internal ftp-client1#Ftp-client

7 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 7 FC 2.0 Labs (v1.1) FTP-CLIENT SBFC SBFC FTP-SERVER StoneBeat FullCluster Lab Network Topology Site #2

8 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 8 FC 2.0 Labs (v1.1) Site #2: /etc/hosts localhost #Ftp-server for all the sites ftp-server #Site sbfc103#Control sbfc site1-external#External sbfc103-external sbfc104-external site1-internal#Internal sbfc103-internal sbfc104-internal ftp-client2#Ftp-client

9 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 9 FC 2.0 Labs (v1.1) FTP-CLIENT SBFC SBFC FTP-SERVER StoneBeat FullCluster Lab Network Topology Site #3

10 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 10 FC 2.0 Labs (v1.1) Site #3: /etc/hosts localhost #Ftp-server for all the sites ftp-server #Site sbfc105#Control sbfc site3-external#External sbfc105-external sbfc106-external site3-internal#Internal sbfc105-internal sbfc106-internal ftp-client3#Ftp-client

11 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 11 FC 2.0 Labs (v1.1) FTP-CLIENT SBFC SBFC FTP-SERVER StoneBeat FullCluster Lab Network Topology Site #4

12 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 12 FC 2.0 Labs (v1.1) Site #4: /etc/hosts localhost #Ftp-server for all the sites ftp-server #Site sbfc107#Control sbfc site4-external#External sbfc107-external sbfc108-external site4-internal#Internal sbfc107-internal sbfc108-internal ftp-client4#Ftp-client

13 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 13 FC 2.0 Labs (v1.1) StoneBeat™ FullCluster Lab Installation on Sun Solaris (FireWall-1)

14 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 14 FC 2.0 Labs (v1.1) Installation: Step 1 - Operating System Install Solaris 7 - DONE Install Solaris 7 suggested patches - DONE Check the hostname - DONE Check the /etc/hosts and /etc/netmasks files - DONE Configure the Control Interfaces - DONE Connect the Control Network Cables - DONE

15 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 15 FC 2.0 Labs (v1.1) Installation: Step 2 - FireWall-1 Install FireWall DONE Install FireWall-1 Policy - DONE Check the /.profile - DONE Configure Operative Interfaces Edit /etc/hostname.qfe files: qfe0External Dedicated IP: yyy/ qfe0:1External Cluster IP: x/ qfe1Internal Dedicated IP:10.0.x.yyy/ qfe1:1Internal Cluster IP:10.0.x.1/ Delete the directly connected route from the alias interface /etc/rc3.d/S99staticroutes: route delete net x route delete net 10.0.x x.1 x=site number, yyy=node number and zzz=partner node number

16 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 16 FC 2.0 Labs (v1.1) Installation: Step 2 - FireWall-1 Enable FireWall-1 Synchronization Edit $FWDIR/conf/sync.conf zzz $FWDIR/bin/fwstop $FWDIR/bin/fw putkey zzz $FWDIR/bin/fwstart Edit /etc/fw.boot/ifdev Add row: sbif accept Reboot

17 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 17 FC 2.0 Labs (v1.1) Installation: Step 3 - FullCluster Install FullCluster cd /install pkgadd -d. Choose all packages: SBFCbase, SBFCconf, SBFCdrv, SBFCgui, SBFCmod and SBFCsnmp Create the SBFCHOME environment variable Edit /.profile: SBFCHOME=/opt/fullcluster PATH=$SBFCHOME/bin:$PATH export PATH SBFCHOME Use Web Configuration GUI Wizard: hotjava $SBFCHOME/bin/sbfcwebconfig install

18 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 18 FC 2.0 Labs (v1.1) Installation: Step 3 - FullCluster node #2

19 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 19 FC 2.0 Labs (v1.1) Installation: Step 3 - FullCluster node #2 #reboot

20 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 20 FC 2.0 Labs (v1.1) Installation: Step 3 - FullCluster node #1

21 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 21 FC 2.0 Labs (v1.1) Installation: Step 3 - FullCluster node #1 How many nodes: 2 How many operative interfaces: 2 Configuration type: multicast Heartbeat IP addresses: yyy and zzz Cluster mode: balancing Is this machine FireWall-1 management station: Yes Username: fwadmin Password: password Policy name: Standard Remember to download and rename the GUI certificate files to /install/guikey.pem and /install/guicerts.pem Check the node.conf file!

22 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 22 FC 2.0 Labs (v1.1) Installation: Step 3 - FullCluster node #1 #reboot

23 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 23 FC 2.0 Labs (v1.1) Installation: Step 4 - StoneBeat GUI Install StoneBeat GUI version 4.2 pkgadd -d /install/SBFCgui - DONE Copy Key and Certificate Files: From /install/gui*.pem to /stonebeat/etc

24 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 24 FC 2.0 Labs (v1.1) Installation: Step 4 - StoneBeat GUI Create and connect a new FullCluster Site Run: /opt/stonebeat/gui/bin/sbgui Select: Site->New->FullCluster Enter Site Name and Password Enter ID, Hostname, IP address and SSL port (3002) Retrieve Select: Site->Connect

25 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 25 FC 2.0 Labs (v1.1) Installation: Step 5 - Testing Connect the Operative Network Cables Configure Ftp-Server Control Panel->Network->Protocols->TCP/IP Protocol->Properties IP Address / Add routes to internal networks: 10.0.x.0 Configure Ftp-Client Control Panel->Network->Protocols->TCP/IP Protocol->Properties IP Address 10.0.x.254/ Default Gateway: 10.0.x.1 Test Programs in Ftp-Client Run: \\ftp-server\avi\forest.avi Run: telnet ftp-server 19 Run: ftp ftp-server (configure filter.conf)

26 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 26 FC 2.0 Labs (v1.1) Installation: Additional Step 6 Install StoneBeat GUI in FTP-Client Create installation folder: C:\Install\Sbgui Use WinZip to unzip files to installation folder: CDROM:\sbgui_42\nt\sbgui_xxx.zip to folder c:\install\sbgui Install StoneBeat GUI Run from C:\Install\Sbgui\Setup.exe Copy Key and Certificate Files Run: Start->Programs->StoneBeat->StoneBeat GUI Create and connect a new FullCluster Site

27 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 27 FC 2.0 Labs (v1.1) StoneBeat™ FullCluster Lab Installation on Windows NT (FireWall-1)

28 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 28 FC 2.0 Labs (v1.1) Installation: Step 1 - Operating System Install WindowsNT 4.0 Server - DONE Install the network - DONE Only TCP/IP Protocol Only SNMP Service Enable IP Forwarding Install WindowsNT 4.0 Service Pack 6a - DONE Check the Computer name and the Hosts file - DONE Configure the Control Interfaces - DONE Connect the Control Network Cables - DONE

29 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 29 FC 2.0 Labs (v1.1) Installation: Step 2 - FireWall-1 Install FireWall DONE Install FireWall-1 Policy - DONE Configure Operative Interfaces Do you want to install Windows NT Networking now? NO Control Panel->Network-> ->Protocols->TCP/IP Protocol->Properties->Advanced External Dedicated IP: yyy/ External Cluster IP: x/ (alias) Internal Dedicated IP: yyy/ Internal Cluster IP:10.0.x.1/ (alias) x=site number, yyy=node number and zzz=partner node number

30 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 30 FC 2.0 Labs (v1.1) Installation: Step 2 - FireWall-1 Enable FireWall-1 Synchronization Edit %FWDIR%\conf\sync.conf zzz %FWDIR%\bin\fwstop %FWDIR%\bin\fw putkey zzz %FWDIR%\bin\fwstart

31 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 31 FC 2.0 Labs (v1.1) Installation: Step 3 - FullCluster Install FullCluster Driver Control Panel->Network->Protocols Add StoneBeat Driver from C:\Install\Sbfc Reboot Install FullCluster Module Run from C:\Install\Sbfc\Setup.exe Use SNMP Agent Destination Folder: C:\Program Files\FullCluster Use WEB Configuration GUI wizard: The browser will be started automatically

32 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 32 FC 2.0 Labs (v1.1) Installation: Step 3 - FullCluster node #2

33 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 33 FC 2.0 Labs (v1.1) Installation: Step 3 - FullCluster node #2

34 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 34 FC 2.0 Labs (v1.1) Installation: Step 3 - FullCluster node #1

35 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 35 FC 2.0 Labs (v1.1) Installation: Step 3 - FullCluster node #1 How many nodes: 2 How many operative interfaces: 2 Configuration type: multicast Heartbeat IP addresses: yyy and zzz Cluster mode: balancing Is this machine FireWall-1 management station: Yes Username: fwadmin Password: password Policy name: Standard Remember to download and rename the GUI certificate files to C:\Install\guikey.pem and C:\install\guicerts.pem Check the node.conf file!

36 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 36 FC 2.0 Labs (v1.1) Installation: Step 3 - FullCluster node #1

37 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 37 FC 2.0 Labs (v1.1) Installation: Step 4 - StoneBeat GUI Install StoneBeat GUI version 4.2 Run from C:\Install\Sbgui\Setup.exe Destination Folder: C:\Program Files\StoneBeat Program Folder: Start->Programs->StoneBeat Copy Key and Certificate Files: From C:\Install\gui*.pem to C:\StoneBeat\etc

38 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 38 FC 2.0 Labs (v1.1) Installation: Step 4 - StoneBeat GUI Create and connect a new FullCluster Site Run: Start->Programs->StoneBeat->StoneBeat GUI Select: Site->New->FullCluster Enter Site Name and Password Enter ID, Hostname, IP address and SSL port (3002) Retrieve Select: Site->Connect

39 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 39 FC 2.0 Labs (v1.1) Installation: Step 5 - Testing Connect the Operative Network Cables Configure Ftp-Server Control Panel->Network->Protocols->TCP/IP Protocol->Properties IP Address / Add routes to internal networks: 10.0.x.0 Configure Ftp-Client Control Panel->Network->Protocols->TCP/IP Protocol->Properties IP Address 10.0.x.254/ Default Gateway: 10.0.x.1 Test Programs in Ftp-Client Run: \\ftp-server\avi\forest.avi Run: telnet ftp-server 19 Run: ftp ftp-server (configure filter.conf)

40 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 40 FC 2.0 Labs (v1.1) Installation: Additional Step 6 Install StoneBeat GUI in FTP-Client Create installation folder: C:\Install\Sbgui Use WinZip to unzip files to installation folder: CDROM:\sbgui_42\nt\sbgui_xxx.zip to folder c:\install\sbgui Install StoneBeat GUI Run from C:\Install\Sbgui\Setup.exe Copy Key and Certificate Files Run: Start->Programs->StoneBeat->StoneBeat GUI Create and connect a new FullCluster Site

41 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 41 FC 2.0 Labs (v1.1) StoneBeat™ FullCluster Lab Filter.conf settings

42 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 42 FC 2.0 Labs (v1.1) Filter.conf settings Configure in filter.conf Tunnel statement Hide NAT statement Ignore port statement for FTP Note! Edit filter.conf in all nodes Reread configuration files

43 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 43 FC 2.0 Labs (v1.1) StoneBeat™ FullCluster Lab Fetching NAT rules (FireWall-1)

44 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 44 FC 2.0 Labs (v1.1) Fetching NAT rules Create a simple NAT rule in your FireWall-1 rule base Fetch NAT rules using FullCluster Web Configuration GUI Check the filter-nat.conf file!

45 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 45 FC 2.0 Labs (v1.1) StoneBeat™ FullCluster Lab Test Subsystem

46 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 46 FC 2.0 Labs (v1.1) Test Subsystem Configure a multiping test that commands node to offline in case of failure for external unicast addresses Test multi-ping (configure filter.conf) Edit $SBFCHOME/etc/checklist: multiping 30 online offline multi-ping sbfc reconfigure sbfc restart disconnect cable from external interface (blue)

47 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 47 FC 2.0 Labs (v1.1) Test Subsystem Test firewall functionality with fw-module-running (Check Point’s FireWall-1) servicerunning (Network Associate’s Gauntlet and Axent’s Raptor) Test fw-module-running Edit $SBFCHOME/etc/checklist: firewall-module-on 60 online offline 1 1 fw-module-running sbfc reconfigure sbfc restart fwstop

48 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 48 FC 2.0 Labs (v1.1) StoneBeat™ FullCluster Lab Management GUI and sbfc Command Line Interface

49 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 49 FC 2.0 Labs (v1.1) GUI and Command Line Interface Try do following things on both StoneBeat GUI and command line interface Command one node first to offline state and to online state Restart all nodes Check the status of FullCluster site

50 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 50 FC 2.0 Labs (v1.1) StoneBeat™ FullCluster Lab Ten problems

51 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 51 FC 2.0 Labs (v1.1) Ten problems The instructor has changed ten things in the demo site: Note! Only software configuration changes!

52 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 52 FC 2.0 Labs (v1.1) StoneBeat™ FullCluster Lab Switch Configuration

53 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 53 FC 2.0 Labs (v1.1) Switch Configuration Cisco Catalyst 2900 Series XL or equivalent Configure VLANs EXTERNAL: external ports of the FullCluster nodes and ftp-server INTERNAL: internal ports of the FullCluster nodes and ftp-client CONTROL: control ports of the FullCluster nodes Configure static multicast support : EXTERNAL VLAN ports : INTERNAL VLAN ports : CONTROL VLAN ports

54 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 54 FC 2.0 Labs (v1.1) Catalyst 2900 Series XL: VLAN Switch>enable Switch#vlan database Switch(vlan)#vlan 10 name EXTERNAL media ethernet Switch(vlan)#exit Switch#configure terminal Switch(config)#interface fastEthernet 0/1 Switch(config-if)#switchport access vlan 10 Switch(config-if)#exit Switch(config)#interface fastEthernet 0/2 Switch(config-if)#switchport access vlan 10 Switch(config-if)#exit Switch(config)#interface fastEthernet 0/3 Switch(config-if)#switchport access vlan 10 Switch(config-if)#exit Switch(config)#interface fastEthernet 0/4 Switch(config-if)#switchport access vlan 10 Switch(config-if)#exit Switch(config)#exit Switch#write memory

55 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 55 FC 2.0 Labs (v1.1) Catalyst 2900 Series XL: VLAN Switch# Switch#show vlan VLAN Name Status Ports default active Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 10 EXTERNAL active Fa0/1, Fa0/2, Fa0/3, Fa0/4 20 INTERNAL active Fa0/9, Fa0/10, Fa0/11, Fa0/12 30 CONTROL active Fa0/17, Fa0/18, Fa0/19 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans enet enet enet enet Switch#

56 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 56 FC 2.0 Labs (v1.1) Catalyst 2900 Series XL: Multicast Group Switch>enable Switch#configure terminal Switch(config)# Switch(config)#mac-address-table static fastEthernet 0/4 fastEthernet 0/1 fastEthernet 0/2 fastEthernet 0/3 Switch(config)# Switch(config)#mac-address-table static fastEthernet 0/12 fastEthernet 0/9 fastEthernet 0/10 fastEthernet 0/11 Switch(config)# Switch(config)#mac-address-table static fastEthernet 0/17 fastEthernet 0/18 fastEthernet 0/19 Switch(config)#mac-address-table static fastEthernet 0/18 fastEthernet 0/17 fastEthernet 0/19 Switch(config)#mac-address-table static fastEthernet 0/19 fastEthernet 0/17 fastEthernet 0/18 Switch(config)# Switch(config)#exit Switch#write memory Switch#show conf Switch#

57 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 57 FC 2.0 Labs (v1.1) Catalyst 2900 Series XL: Multicast Group Switch# Switch#show mac-address-table Dynamic Address Count: 11 Secure Address Count: 0 Static Address (User-defined) Count: 3 System Self Address Count: 47 Total MAC addresses: 61 Maximum MAC addresses: 8192 Non-static Address Table: Destination Address Address Type VLAN Destination Port d1ec.e3b1 Dynamic 20 FastEthernet0/ d1ec.fde1 Dynamic 30 FastEthernet0/ d1ec.fde2 Dynamic 10 FastEthernet0/ d1ec.fde3 Dynamic 20 FastEthernet0/ d1ec.fed5 Dynamic 30 FastEthernet0/ d1ec.fed6 Dynamic 10 FastEthernet0/ d1ec.fed7 Dynamic 20 FastEthernet0/ d1ec.fef5 Dynamic 10 FastEthernet0/4

58 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 58 FC 2.0 Labs (v1.1) Catalyst 2900 Series XL: Multicast Group 0000.d1ed.aa16 Dynamic 10 FastEthernet0/ d1ed.aa17 Dynamic 20 FastEthernet0/ d1ed.aa18 Dynamic 30 FastEthernet0/19 Static Address Table: Destination Address VLAN Input Port Output Ports Fa0/1 10 Fa0/2 10 Fa0/3 10 Fa0/4 Fa0/1 Fa0/2 Fa0/ Fa0/9 20 Fa0/10 20 Fa0/11 20 Fa0/12 Fa0/9 Fa0/10 Fa0/ Fa0/17 Fa0/18 Fa0/19 30 Fa0/18 Fa0/17 Fa0/19 30 Fa0/19 Fa0/17 Fa0/18 Switch#

59 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 59 FC 2.0 Labs (v1.1) StoneBeat™ FullCluster Lab VPN Tunnel (FireWall-1) Note! A separated FireWall-1 management server is needed to load policy with Gateway Cluster Object!

60 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 60 FC 2.0 Labs (v1.1) VPN Tunnel between sites #1 and #2 See the StoneBeat FullCluster Manual Appendix B: 1. Define FireWall-1 and network objects: Local FireWall-1 Modules: sbfc101 and sbfc102 Local FireWall-1 Management: sbfc105 Local Network: site1-network Remote Gateway: site2-external (IPSec, Domain: site2-network) Remote Network: site2-network 2. Enable gateway clustering and define a gateway cluster objects: Local FireWall-1 Gateway Cluster: site1-external (IPSec, Domain: site1-network) Cluster members: sbfc101 and sbfc Create SEP VPN-1 configuration on the management Manual IPSec SPI 0x1234: EPS encryption key 0x abcdef, no AH

61 A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C l u s t e r 61 FC 2.0 Labs (v1.1) VPN Tunnel between sites #1 and #2 4. Add encryption rules in the FireWall-1 security policies sbfc101 site2-external IPSEC accept long sbfc102 sbfc102 site2-external sbfc101 site1-network site2-network any encrypt long site2-network site1-network 5. Install the security policy 6. Delete the external routes via dedicated IP addresses and create a route via the cluster IP 7. Configure FullCluster load balancing filter (filter.conf) tunnel netmask Reconfigure and restart FullCluster using GUI sbfc reconfigure all sbfc restart all


Download ppt "A New Dimension of Network Security and Information Management w w w. s t o n e s o f t. c o m Training - Customer Services S t o n e B e a t F u l l C."

Similar presentations


Ads by Google