© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.219-1 Lesson 19 Introduction to Enterprise PIX Firewall Management.

Презентация:



Advertisements
Похожие презентации
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 18 Enterprise PIX Firewall Maintenance.
Advertisements

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 17 Enterprise PIX Management.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 7 Configure the Cisco VPN Firewall Feature for IPSec Software Client.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA Installing and Configuring CSA MC.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 8 Object Grouping.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 17 Configure the Cisco Virtual Private Network 3000 Series Concentrator for LAN-to-LAN.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 15 Configure the Cisco Virtual Private Network 3000 Series Concentrator for LAN-to-LAN.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 8 Object Grouping.
© 2002, Cisco Systems, Inc. All rights reserved. AWLF 3.0Module 7-1 © 2002, Cisco Systems, Inc. All rights reserved.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 10 Configure the Cisco VPN 3002 Hardware Client for Remote Access Using Pre-Shared.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 13 Configure the Cisco Virtual Private Network 3002 Hardware Client for Software.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 11 Configure the Cisco Virtual Private Network 3002 Hardware Client for Unit and.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 3 Cisco PIX Firewall Technology and Features.
© 2000, Cisco Systems, Inc. CSPFF Chapter 5 Cisco Secure PIX Firewall Configuration.
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 12 Cisco Intrusion Detection System Maintenance.
© 2005 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA Installing CSA.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events.
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 7 Using the Intrusion Detection System Device Manager to Configure the Sensor.
Option_W_3
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 9 Routing.
Транксрипт:

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 19 Introduction to Enterprise PIX Firewall Management

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Objectives

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Objectives

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Objectives Upon completion of this lesson, you will be able to perform the following tasks: Define key features and concepts of the Firewall MC. Install the Firewall MC. Import and manage devices. Configure the PIX Firewall. Deploy the PIX Firewall configuration. Administer the Firewall MC server.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Introduction

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA CiscoWorks Management Center for Firewalls 1.2 Internet CiscoWorks Management Center for Firewalls 1.2 (Firewall MC) is a web-based interface for configuring and managing multiple Cisco PIX Firewalls. Import existing PIX Firewall configurations. Configure new PIX Firewalls. Firewall MC server Firewall MC client Firewall MC client

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Firewall MC Components A common set of management services shared by multiple network management applications Web-based applications for configuring and managing multiple devices such as PIX Firewalls, routers, IDS Sensors, host-based IDS, and so on Common Services CiscoWorks2000 Server CSAMC Firewall MC IDS MC Router MC

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Firewall MC 1.2Supported Devices Firewall MC 1.2 supports the following hardware platforms: – PIX 501 Firewall – PIX 506/506E Firewall – PIX 515/515E Firewall – PIX 525 Firewall – PIX 535 Firewall – FWSM Firewall MC 1.2 adds support for the following software versions: – PIX Firewall versions 6.0, 6.1, 6.2, and 6.3. x – FWSM versions and 1.1.2

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Firewall MC Hardware Requirements

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA MC Server Requirements Hardware –IBM PC-compatible computer with 1-GHz or faster CPU –Color monitor capable of viewing 256 colors –CD-ROM drive –10BASE-T or faster network connection Memory1 GB of RAM minimum Disk space –9 GB minimum –2 GB of virtual memory –NTFS file system recommended Software –Windows 2000 Professional or Server with Service Pack 3 or later –ODBC Driver Manager or later Internet Firewall MC server Firewall MC client

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA MC Client Access Requirements Hardware –IBM PC-compatible computer with 300-MHz or faster CPU –10BASE-T or faster network connection SoftwareOne of the following: –Windows 98 –Windows NT 4.0 –Windows 2000 Server or Professional with Service Pack 3 or later Memory256 MB of RAM minimum Disk space400 MB virtual memory BrowserInternet Explorer 6.0 or Netscape Navigator 4.78 Internet Firewall MC server Firewall MC client

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Installation Process Step 1Install Common Services Step 2Install Firewall MC –Auto Update Server –Other MCs

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Preparing for Firewall MC

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA PIX Firewall Setup Dialog Pre-configure PIX Firewall now through interactive prompts [yes]? Enable Password [ ]: ciscopix Clock (UTC): Year [2003]: Month [Sep]: Day [10]: 18 Time [22:47:37]: 14:22:00 Inside IP address: Inside network mask: Host name: pixP Domain name: cisco.com IP address of host running PIX Device Manager: Use this configuration and write to flash? Y Internet Firewall MC server

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA PIX Firewall Bootstrap Commands Enables the PIX Firewall to be monitored or have its configuration modified from a browser. pix1(config)# http server enable pix1(config)# http inside pixfirewall(config)# http server enable Specifies the host or network authorized to initiate an HTTP connection to the PIX Firewall. pixfirewall(config)# http ip_address [netmask] [if_name] Internet Firewall MC server HTTP server

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Understanding the Firewall MC

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA CiscoWorks Login

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA CiscoWorks User Authorization Roles CiscoWorks user authorization roles allow for different privileges within the PIX MC: Help DeskRead-only for the entire system. ApproverCan review policy changes and accept or reject changes. Network OperatorCan create and submit jobs. Network AdministratorCan perform administrative tasks on the PIX MC. System AdministratorCan perform all tasks on the PIX MC. UsersCan be assigned multiple authorization roles.

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA CiscoWorks Add User Choose Server Configuration>Setup>Security>Add Users.

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Launch Firewall MC

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Firewall MC Home Page

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Firewall MC Interface Object Selector Path bar TOC ScopeTabsActivity/actions bar Instructions Page OptionsTools Object bar

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Basic User Task Flow You will find it useful to understand the basic user task flow for Firewall MC operations when performing a common task from beginning to end. The following are part of the basic user task flow: Task 1Create device groups. Task 2Import devices. Task 3Configure building blocks. Task 4Configure settings. Task 5Configure access and translation rules. Task 6Generate and view the configuration. Task 7 Deploy the configuration.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Importing and Managing Devices

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Managing Groups and Devices Firewall MC Internet Singapore London New York NY1 S1 UK1 Groups-devices: Global New_York - NY1 Singapore - S1 London - UK1

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Devices Tab

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Managing Groups

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Import Configuration from Device

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA PIX Firewall Contact Information

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Import Summary

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Configuring Settings

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Configuration Tab

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Object Selector Configuration: Global – pod6 pix6

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Add Interface

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA ConfigurationInterfaces

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Configuring Building Blocks

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Building Blocks

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Network ObjectsAdded

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Service DefinitionAdded

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Enter Service Group Objects

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Service GroupsAdded

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Configuring Access and Translation Rules

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Static Translation RulesAdded

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Dynamic Translation RulesAdded

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Access RulesAdded

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Address Translation PoolAdded

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Enter Syslog Setup

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Deployment Tab

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Generate Summary and Deploy Now

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Deploy Later

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Deployment Summary

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Deployment Transcript

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Deployment Config

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Deployed

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Managing Workflow

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Workflow Setup

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Create Activity

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Submit Activity and Generate Configuration

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Job Requested and Approved

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Job Deployed

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Reporting

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Reports

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Activity Report

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Configuration Differences Report

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Settings Report

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Summary

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Summary The Firewall MC provides a web-based interface for configuring and managing multiple PIX Firewalls without requiring CLI knowledge. The Firewall MC centralizes and accelerates the deployment and management of multiple PIX Firewalls. The Firewall MC supports up to 1,000 PIX Firewalls. The Firewall MC enables the grouping of PIX Firewalls for ease of management and configuration. The Firewall MC allows you to generate activity reports based upon configuration changes to the PIX Firewall and the Firewall MC.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lab Exercise

© 2004, Cisco Systems, Inc. All rights reserved. CSFPA Q P.0 Lab Visual Objective.2.1 Student PC Firewall MC PIX Firewall Web/FTP PIX Firewall.1 Local: 10.0.P.11Local: 10.0.Q P Q.0 RTS.100 RTS.100 Pods 1–5 Pods 6– Web FTP RBB.2 bastionhost: Web FTP P Q.0 bastionhost: Web FTP.1 Student PC Firewall MC