Presentation is loading. Please wait.

Presentation is loading. Please wait.

2008 NetDefend Firewall Series Technical Training Firewall Fundamental - Part 2 ©Copyright 2008. All rights reserved.

Similar presentations


Presentation on theme: "2008 NetDefend Firewall Series Technical Training Firewall Fundamental - Part 2 ©Copyright 2008. All rights reserved."— Presentation transcript:

1 2008 NetDefend Firewall Series Technical Training Firewall Fundamental - Part 2 ©Copyright All rights reserved

2 Hands-On 1.Publish Web Server that located in LAN side 2.WAN Load Sharing 3.IPsec Hub and Spoke

3 Hands-On 1 Publish Web Server that located in LAN side From DFL-1600 LAN user can access both DFL-210 and DFL-860 web server using Public IP and Each LAN Users of each DFL can access their own web server using their own public IP

4 Hands-On 1 Set WAN IP, WAN Subnet, WAN Gateway and assign one object for Web Server

5 Hands-On 1 Add SAT Rule

6 Hands-On 1 Add Allow Rule

7 Hands-On 1 Add NAT for LAN traffic Rule

8 Hands-On 1 Enable Log for each Rule, for troubleshooting purpose

9 Hands-On 1 Review all IP Rule Why do we must put LAN_to_WAN rule between SAT and Allow?

10 Hands-On 1 PC 1 : LAN IP : WAN IP : Web Server : PC 1 open web server using Public IP :1050  :80 Firewall translate it to :1050  :80 Web Server reply it directly to PC :80  :1050 Reply packet will never arrive, because PC 1 expect reply packet come from and not from PC 1 open web server using Public IP :1050  :80 Firewall translate it and doing NAT here :35879  :80 Web Server reply it to Firewall first :80  :35879 Packet send back to PC1 and restore both address translation :80  :1050 Reply packet will arrive at PC 1 as expected

11 Hands-On 2 WAN Load Sharing Http Traffic goes through WAN 1 Telnet Traffic goes through WAN 2

12 Hands-On 2 Create object (IP, Subnet and Gateway) for both WAN

13 Hands-On 2 Make sure, there is no default gateway for both WAN interface

14 Hands-On 2 Add route for WAN1 with metric 10

15 Hands-On 2 Add another routing table Add route for WAN 2 with metric 0

16 Hands-On 2 Add routing rule for telnet traffic

17 Hands-On 2 Add IP Rules like this below :

18 Enable Log for each Rule, for troubleshooting purpose Hands-On 2

19 Hands-On 3 IPsec Hub and Spoke

20 Hands-On 3 Spoke Surabaya Local Net : /24 Remote Net : /24 (Hub Jakarta) and /24 (Spoke Bandung) Remote Gateway : (Hub Jakarta WAN) Create Address Book like this below :

21 Hands-On 3 Create Authentication Object, for example :

22 Hands-On 3 Add default gateway to WAN interface

23 Hands-On 3 Create IPsec for tunneling to Jakarta / Bandung

24 Hands-On 3 Create Interface Group like this below :

25 Hands-On 3 Create IP Rule for tunnel and put it on the top :

26 Hands-On 3 Spoke Bandung Local Net : /24 Remote Net : /24 (Hub Jakarta) and /24 (Spoke Surabaya) Remote Gateway : (Hub Jakarta WAN) Create Address Book like this below :

27 Hands-On 3 Create Authentication Object, for example :

28 Hands-On 3 Add default gateway to WAN 1 interface

29 Hands-On 3 Create IPsec for tunneling to Jakarta / Surabaya

30 Hands-On 3 Create Interface Group like this below :

31 Hands-On 3 Create IP Rule for tunnel and put it on the top :

32 Hands-On 3 Hub Jakarta Tunnel JKT-SBY Local Net : /24 (Spoke Bandung) and /24 (Hub Jakarta) Remote Net : /24 (Spoke Surabaya) Remote Gateway : (Spoke Surabaya WAN) Tunnel JKT-BDG Local Net : /24 (Spoke Surabaya) and /24 (Hub Jakarta) Remote Net : /24 (Spoke Bandung) Remote Gateway : (Spoke Bandung WAN)

33 Hands-On 3 Create Address Book like this below :

34 Hands-On 3 Create Authentication Object, for example :

35 Hands-On 3 Add default gateway to WAN 1 interface

36 Hands-On 3 Create IPsec for tunneling to Surabaya

37 Hands-On 3 Create IPsec for tunneling to Bandung

38 Hands-On 3 Create Interface Group like this below :

39 Hands-On 3 Create IP Rule for tunnel and put it on the top :

40 Hands-On 3 Cek Main Routing Table and IPsec Status at Hub : Tunnel to Surabaya Tunnel to Bandung

41 Hands-On 3 Cek Main Routing Table and IPsec Status at Spoke Bandung : Tunnel to Jakarta and Surabaya

42 Hands-On 3 Cek Main Routing Table and IPsec Status at Spoke Surabaya : Tunnel to Jakarta and Bandung

43 Questions & Answers THANK YOU D-Link Call Center : D-Link Support D-Link Support Website :


Download ppt "2008 NetDefend Firewall Series Technical Training Firewall Fundamental - Part 2 ©Copyright 2008. All rights reserved."

Similar presentations


Ads by Google