Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.

Published byArchibald Waters Modified over 8 years ago

Similar presentations

Presentation on theme: "1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely."— Presentation transcript:

1 1 The Firewall Menu

2 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely to suit your network requirements. By default, each component is set to provide the highest levels of security (deny), as to provide maximum protection against internal and external threats.

3 3 Firewall Overview The Firewall Menu

4 4 Firewall Deny vs. Reject There are two different ways to implement a block rule when creating firewall rules, REJECT or DENY: REJECT: This will send an ICMP Port Unreachable packet for every requested connection or received packet. DENY: This means the packet is discarded completely and no packet is sent back to the requesting machine.

5 5 Destination NAT (DNAT) Destination NAT provides port forwarding capabilities, enabling access to internal resources from an external network (i.e. Internet). This is the most common use of the firewall, given that it is typically deployed as the gateway appliance between the Internet and the local network, protecting internal resources. The Firewall Menu

6 6 Destination NAT (DNAT)

7 7 Troubleshooting Port Forwarding There are mainly two reasons why port-forwarding may not work: GateDefender is behind a NAT device. In this case there is a device like a router or like another firewall between the GD and the Internet, which does not allow direct incoming connections. The solution is to configure port forwarding also in that device to the RED IP of the Panda GateDefender Appliance. The destination host has the wrong default gateway. The host set as the destination of a port forwarding rule is configured with a default gateway address different from the GD address. Connections will be directed to the target host IP but, due to the incorrect default gateway, packets will not be directed through the appliance. The solution is to configure the host with the correct gateway. The Firewall Menu

8 8 Source NAT (SNAT) The Source NAT (SNAT) provides the ability to rewrite the source IP and/or port on outbound traffic to external networks. This can be useful when one has multiple external IP addresses and needs to manipulate certain traffic to appear to come from specific external IPs. Note: By default all outbound Internet traffic will automatically Source NAT to the Primary IP on the Red (main uplink) interface. This is a default masquerading rule created in order to hide the internal, private IP addresses. The Firewall Menu

9 9 Incoming Routed Firewall The Incoming Routed firewall provides the ability to redirect incoming traffic destined for the GD eSeries external interface to an internal network or zone. This can be used to route a public, external network through the GD eSeries without having to NAT the traffic. Since the Incoming Routed feature does not use NAT, your public (external) network will live on your hosted devices – thus every internal device will use a public network IP (and not a private IP). Example: You wish to route the public network 1.1.1.0/24 to your Orange zone (interface). Every device inside the Orange zone will then directly be assigned an IP in the 1.1.1.0/24 network. The Firewall Menu

10 10 Incoming Routed Firewall The Firewall Menu

11 11 Outgoing Firewall The Outgoing firewall provides the ability to filter outbound traffic originating from an internal, protected network. Using the outgoing firewall is highly recommended as it ensures that only traffic you explicitly approve is leaving your internal network(s). By default, the outgoing firewall is enabled with a limited set of protocols approved to leave specific network zones.. Warning: Always keep in mind that any traffic not explicitly allowed will be denied! You can also choose to disable the outgoing firewall to ensure all outbound traffic is passed by the GD eSeries. The Firewall Menu

12 12 Outgoing Firewall These are the services and zones allowed access via the WAN (RED) interface by default: GREEN: HTTP, HTTPS, FTP, SMTP, POP, IMAP, POP3s, IMAPs, DNS and ping (ICMP) BLUE: HTTP, HTTPS, DNS, and ping (ICMP) ORANGE: DNS and ping (ICMP) Everything else is forbidden except for some system rules which allow access to the services in the Panda Perimetral Management Console. The system rules are defined even if the corresponding zones are not enabled. Please remember that the order of rules is important: the first matching rule decides whether a packet is allowed or denied, regardless of how many matching rules follow. The order of the rules can be changed by using the up and down arrow icons next to each rule. The Firewall Menu

13 13 Outgoing Firewall The Firewall Menu

14 14 Inter-Zone Firewall The Inter-Zone firewall provides filtering capabilities between the internal network zones of GD eSeries. By default, these are configured based on the predefined security levels of each network zone (i.e. Green = most protected and Orange/Blue = less protected). The Firewall Menu

15 15 VPN Firewall The VPN firewall allows to explicitly filter VPN users access to internal resources. By default, the VPN firewall is disabled and all VPN users are automatically allowed access to any internal resources as if they were directly connected to the Green network. The rules themselves are relatively straightforward to build and have the same format as any other firewall rule.. Warning: The VPN firewall only applies to users connected through VPN. The Outgoing and Inter-zone firewall does not apply to VPN users so the only place to filter VPN users is within the VPN firewall. The Firewall Menu

16 16 VPN Firewall The Firewall Menu

17 17 System Access Firewall The System firewall provides granular filtering capability over access to services running on the GD eSeries device directly (e.g. HTTPS console, SSH, DNS, etc). By default, no services are made available externally including all management services (via web & SSH) to eliminate direct outside access to the device. More system access rules can be added by clicking on the “Add a new system access rule” link. The setting specific to this module of the firewall are: Log packets: All packets that access or try to access the GD eSeries are logged when this checkbox is ticked. This option proves useful to know who accessed – or tried to access – the system itself. Source address: The MAC addresses of the incoming connection. Source interface: The interface from which the system can be accessed. NOTE: There is no Destination address, as this will match the IP address of the interface from which the access is granted or attempted. The Firewall Menu

18 18 System Access Firewall The Firewall Menu

Download ppt "1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely."

Similar presentations

Access Control List (ACL)

Access Control List (ACL)
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 10 Access Control Lists CCNA2: Module 11.

WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.

Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –

Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
1 The VPN Menu. 2 The VPN Menu VPN The GD eSeries can be set up either as an OpenVPN server or as a client, and even play both roles at the same time,

1 The VPN Menu. 2 The VPN Menu VPN The GD eSeries can be set up either as an OpenVPN server or as a client, and even play both roles at the same time,
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.

Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

Similar presentations

Ads by Google