© 2000, Cisco Systems, Inc. CSPFF 1.115-1 Chapter 5 Cisco Secure PIX Firewall Configuration.

Презентация:



Advertisements
Похожие презентации
© 2000, Cisco Systems, Inc. CSPFF Chapter 8 Configuration of Multiple Interfaces.
Advertisements

© 2000, Cisco Systems, Inc. 7-1 Chapter 7 Access Configuration Through the Cisco Secure PIX Firewall.
© 2000, Cisco Systems, Inc. CSPFF Chapter 4 Image Upgrade of the Cisco Secure PIX Firewall Software.
© 2000, Cisco Systems, Inc. CSPFF Chapter 6 Cisco Secure PIX Firewall Translations.
© 2000, Cisco Systems, Inc. CSPFF Chapter 9 Configure Syslog and Perform General Maintenance Tasks.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 8 Object Grouping.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 8 Object Grouping.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 9 Routing.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 6 Translations and Connections.
Option_W_3
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 3 Cisco PIX Firewall Technology and Features.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 7 Access Control Lists and Content Filtering.
© 2000, Cisco Systems, Inc. CSPFF Chapter 10 Cisco Secure PIX Firewall Advanced Features.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 6 Translations and Connections.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.
© 2001, Cisco Systems, Inc. CSIDS Chapter 8 Sensor Configuration.
© 2000, Cisco Systems, Inc. CSPFF Chapter 1 Network Security and the Cisco Secure PIX Firewall.
© 2001, Cisco Systems, Inc. CSIDS Chapter 9 Signature and Intrusion Detection Configuration.
© 1999, Cisco Systems, Inc. 5-1 Configuring PIX Firewall Basics Chapter 5.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 11 Configure the Cisco Virtual Private Network 3002 Hardware Client for Unit and.
Транксрипт:

© 2000, Cisco Systems, Inc. CSPFF Chapter 5 Cisco Secure PIX Firewall Configuration

© 2000, Cisco Systems, Inc. CSPFF Objectives Upon completion of this chapter, you will be able to perform the following tasks: Describe the security levels. Describe the six basic commands used to configure the PIX Firewall. Configure the PIX Firewall with six commands.

© 2000, Cisco Systems, Inc. CSPFF Security Levels

© 2000, Cisco Systems, Inc. CSPFF ASA Security Levels PIX Firewall Outside Network e0 Security level 0 Interface name=outside e0 Security level 0 Interface name=outside Perimeter Network e2 Security level 50 Interface name=pix/intf2 e2 Security level 50 Interface name=pix/intf2 Inside Network e1 Security level 100 Interface name=inside e1 Security level 100 Interface name=inside e0 e1 e2 Internet

© 2000, Cisco Systems, Inc. CSPFF The Six Basic Commands

© 2000, Cisco Systems, Inc. CSPFF PIX Firewall Basic Commands There are six basic configuration commands for the PIX Firewall: nameif interface ip address nat global route

© 2000, Cisco Systems, Inc. CSPFF nameif hardware_id if_name security_level pixfirewall(config)# pixfirewall(config)# nameif ethernet2 dmz sec50 Command 1: nameif The nameif command assigns a name to each perimeter interface on the PIX Firewall and specifies its security level.

© 2000, Cisco Systems, Inc. CSPFF interface hardware_id hardware_speed pixfirewall(config)# Command 2: interface The interface command configures the type and capability of each perimeter interface. pixfirewall(config)# interface ethernet0 auto pixfirewall(config)# interface token-ring0 16mbps pixfirewall(config)# interface fddi1 auto pixfirewall(config)# interface ethernet0 auto pixfirewall(config)# interface token-ring0 16mbps pixfirewall(config)# interface fddi1 auto

© 2000, Cisco Systems, Inc. CSPFF ip address if_name ip_address [netmask] pixfirewall(config)# Command 3: ip address The ip address command assigns an IP address to each interface. pixfirewall(config)# ip address dmz pixfirewall(config)#

© 2000, Cisco Systems, Inc. CSPFF nat [(if_name)] nat_id local_ip [netmask] pixfirewall(config)# Command 4: nat The nat command shields IP addresses on the inside network from the outside network. pixfirewall(config)# nat (inside) pixfirewall(config)#

© 2000, Cisco Systems, Inc. CSPFF NAT Example Source Port Destination Addr Source Addr Destination Port Source Port Destination Addr Source Addr Destination Port InsideOutside Inside Local IP Address Global IP Pool Internet Translation table

© 2000, Cisco Systems, Inc. CSPFF global [(if_name)] nat_id global_ip[-global_ip] [netmask global_mask] pixfirewall(config)# Command 5: global The global command shields IP addresses on the inside network from the outside network using a pool of IP addresses. pixfirewall(config)# nat (inside) pixfirewall(config)# global (outside) pixfirewall(config)# nat (inside) pixfirewall(config)# global (outside)

© 2000, Cisco Systems, Inc. CSPFF route if_name ip_address netmask gateway_ip [metric] pixfirewall(config)# Command 6: route The route command defines a static or default route for an interface. pixfirewall(config)# route outside

© 2000, Cisco Systems, Inc. CSPFF Lab Exercise

© 2000, Cisco Systems, Inc. CSPFF Lab Visual Objective Inside host Web and FTP server Backbone server Web, FTP, and TFTP server Pod Perimeter Router PIX Firewall P.0/24.1 e1 inside P.0 /24 e0 outside.2 e2 dmz.1 Bastion host Web and ftp server P.0/24 Internet

© 2000, Cisco Systems, Inc. CSPFF Summary

© 2000, Cisco Systems, Inc. CSPFF Summary Interfaces with higher security levels are more secure than interfaces with lower security levels. Interfaces with a higher security level can access interfaces with a lower security level, while interfaces with a lower security level cannot access interfaces with a higher security level unless given permission. The six basic commands necessary to configure the PIX Firewall are: nameif, interface, ip address, nat, global, route.

© 2000, Cisco Systems, Inc. CSPFF Review Questions

© 2000, Cisco Systems, Inc. CSPFF Review Questions Q1) What function does the nameif command provide? Q2) Explain the function of the nat command. Q3) How do you activate an interface? Q4) What function does the route command serve? Q5) How do you delete a global entry?