Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D."— Presentation transcript:

1 Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

2 Chapter Objective Discuss various additional and important features of a firewall –DHCP –Virtual server –Enabling applications that require multiple connections –Filters (IP, MAC etc. ) –Firewall rules regulating traffic –DMZ –Remote management –etc.

3 Module WAN Side IP Specifications © N. Ganesan, Ph.D.

4 WAN Side IP In the case of the firewall/switch, an address for the firewall must be specified for both the WAN side and the LAN side –The LAN side address will be a private address that is not visible to the Internet

5 IP Options Static IP –Demonstrated early Dynamic IP –Cable modem and LAN Internet sharing –Could also be employed in the case of DSL PPPoE –DSL specific

6

7

8

9

10

11

12

13 Module LAN Side IP Specification © N. Ganesan, Ph.D.

14 IP Options Generally speaking, a static private IP is specified for the firewall/switch for the LAN side

15

16 Module DHCP © N. Ganesan, Ph.D.

17 DHCP Enabling DHCP can be enabled to deliver dynamic IP addresses for all the LAN side clients At the same time, static IP addresses can be assigned to selected clients based on their MAC addresses

18

19 Change this slide, make it enabled.

20

21

22 Module Advanced Features © N. Ganesan, Ph.D.

23 Advanced Features Virtual servers Applications Filters Firewalls DMZ

24 Virtual Servers Opening a port through the firewall to give access to a web server that is hosted on the private LAN

25

26 Web Server Settings Private IP address: 192.168.0.1 Public Port: 80 Private Port: 80 Availability: Always

27

28 Another Way to Set the Web Server Pass Through Select from the virtual server list and edit the entry

29

30 Edit

31

32 Other servers

33 Module Special Applications © N. Ganean, Ph.D.

34 Opening Ports for Special Applications There are special applications that would require one or more ports to be opened through the firewall/switch Examples include Internet chat, telephony applications etc.

35

36 Module Filters © N. Ganesan, Ph.D.

37 Filters and Blockers IP Filters –LAN clients can be selectively blocked from accessing the Internet based on their IP address MAC Filters –The same as above, but the filter is based on MAC address of a client URL Blocking –URLs can be blocked from being accessed Domain Blocking –Access to domains can be blocked as well

38

39 IP Filters IP filters can be applied altogether to a client or they can be applied to specific ports of a client A range of IP addresses and a range of port numbers can be specified to be filtered

40 IP range can be specified. A range of ports can be specified.

41

42 Module Firewall Rules © N. Ganesan, Ph.D.

43 Firewall Rules Firewall rules can be specified to allow or block traffic entering the firewall or passing through the firewall/switch For example, pinking the firewall from the Internet (WAN) side can be disabled using firewall rules

44

45 Module Creating Demilitarized Zones (DMZ) © N. Ganesan, Ph.D.

46 DMZ Defined Computers in the DMZ by pass the control of the firewall –In other words, for all practical purposes, they could be considered as being directly connected to the Internet

47

48 Module Firewall Tools © N. Ganesan, Ph.D.

49 Tools Administrative –Set passwords and enable or disable remote management Time –Set the current time and date System –Store and load firewall settings Firmware upgrade Miscellaneous tools

50 Administrative Tools Set administrator and a user password Enable the firewall to be managed from a remote computer probably over the Internet –In general, it is not desirable to enable this option for security reasons

51 1 2 3

52 Module Set Time © N. Ganesan, Ph.D.

53

54 System Store current firewall settings to the hard drive Load a previously stored firewall settings from the hard drive Restore factory default settings for the firewall

55 1 2 3

56 Module Firmware Upgrade © N. Ganesan, Ph.D.

57

58

59 Module Miscellaneous Tools © N. Ganesan, Ph.D.

60 Miscellaneous Tools Pinging a host name or an IP address Restarting the firewall –Probably to activate any changes made Block the pinging of the firewall from the Internet (WAN) side Enabling UPNP and gaming mode Allow VPN traffic based on PPTP and IPSec to pass through Enable dynamic DNS service

61 Ping Test

62

63 Block Pinging from the Internet Side

64

65 Enabling UPNP Settings and Game Mode

66

67 Allowing Virtual Private Networks (VPN) Connections

68 VPN Connections Firewall can be set to allow VPN links to the clients on the LAN side for the two popular protocols used in implementing VPNs

69

70 Module Status Reporting © N. Ganesan, Ph.D.

71 Status Reporting Display LAN and WAN settings Log and display the log of activities –Attacks, dropped packets etc. Display traffic statistics –Number of packets transmitted and received on the WAN (Internet – External) and LAN (Internal) side

72 Display of WAN and LAN Settings

73

74 Log of Activities

75 System activity Debug information Attacks Dropped packets Notice Note: The log can also be transmitted to an administrators email

76

77

78

79

80 Traffic Statistics

81

82 Additional Help

83

84 The End

Download ppt "Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D."

Similar presentations

DNA-A212 / DNA-A213 ADSL 2+ Modem/Router

DNA-A212 / DNA-A213 ADSL 2+ Modem/Router
DSL-2730B, DSL-2740B, DSL-2750B.

DSL-2730B, DSL-2740B, DSL-2750B.
Ming-Chang Cheng 鄭明彰 May 22 / May 29 , 2014

Ming-Chang Cheng 鄭明彰 May 22 / May 29 , 2014
1 Basic Installation and GUI Tech 130. 2 Basic Installation and GUI : Objectives  Installing the Quadro  Configuring the Quadro  Installing IP phones.

1 Basic Installation and GUI Tech Basic Installation and GUI : Objectives  Installing the Quadro  Configuring the Quadro  Installing IP phones.
DSL-2870B How to Change ADSL Username and Password in your modem router How to Change Wireless Channel in your modem router How to Open Ports in your modem.

DSL-2870B How to Change ADSL Username and Password in your modem router How to Change Wireless Channel in your modem router How to Open Ports in your modem.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.

Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.
Introduction to Fortinet Unified Threat Management

Introduction to Fortinet Unified Threat Management
LAN Protocols and TCP/IP © N. Ganesan, Ph.D.. Module A Preview of Major LAN Protocols.

LAN Protocols and TCP/IP © N. Ganesan, Ph.D.. Module A Preview of Major LAN Protocols.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Wi-Fi Structures.

Wi-Fi Structures.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Hardware Firewall Feature © N. Ganesan, Ph.D.. Chapter Objectives Show the configuration of a hardware firewall such as Dlink DI 604 Illustrate the sharing.

Hardware Firewall Feature © N. Ganesan, Ph.D.. Chapter Objectives Show the configuration of a hardware firewall such as Dlink DI 604 Illustrate the sharing.
Advanced Routers Opening Ports

Advanced Routers Opening Ports

Similar presentations

Ads by Google