Firewalls

Firewall is the guard standing between your network and the big bad world outside. In the simplest sense firewall is a filter that filters traffic based on rules and policies.

The processes used by a firewall to filter traffic may include the following.

  • Simple packet-filtering techniques
  • Proxy Servers
  • NAT
  • Stateful Inspection Firewalls
  • Transparent Firewall
  • Next-generation context ad application-aware firewalls

Simple or Static packet filtering is the most basic form of packet filtering. It normally operates at layer 3 or 4 of OSI model. An example of static packet filtering will be an access list that simply allows or denys the traffic without any awareness of the communication.

Proxy Server Firewall is also known as Application Layer Gateway (AGL). A proxy server can operate at layer 3 or higher in the OSI model. A proxy server may include specialized application software that accepts a request for a connection from a client, puts the client on hold and makes that connection on his behalf as if its proxy servers own request to connect to that service that client wants to connect. If the connection is malicious, its dropped by the proxy server firewall.

Since we are talking about proxy servers we might as well address Reverse proxy server. A reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate backend server. A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and servers.

A Reverse proxy server can perform the following task

  • Load balancing
  • Web Acceleration
  • Security and anonymity

In Stateful Packet filtering the firewall remembers the state of the session. By default, a stateful firewall won’t allow traffic from the outside of the network through it. Devices in the local inside network have to initiate the session. Once a session is initiated, the firewall stores the source IP, Destination IP, ports, and any other information in the stateful database.

When the traffic returns from the outside network it is matched with ongoing sessions in the stateful database and then allowed through.

Transparent Firewall sits between the client and the server without the client or the server being aware of its presence. A transparent firewall can do pretty much everything a firewall can with few major exceptions

  • A transparent firewall works at layer 2 of OSI model
  • Apart from a management IP address, the interfaces of the transparent firewall don’t have IP’s
  • It can be integrated into the network without any change in topology

The following lab will clear more concepts

ZPFs are the latest development in the evolution of Cisco firewall technologies. In this activity, you will configure a basic ZPF on an edge router R3 that allows internal hosts access to external resources and
blocks external hosts from accessing internal resources. You will then verify firewall functionality from internal and external hosts.

Objectives
• Verify connectivity among devices before firewall configuration.
• Configure a zone-based policy (ZPF) firewall on R3.
• Verify ZPF firewall functionality using ping, SSH, and a web browser.

R3#sh run
Building configuration...

Current configuration : 3796 bytes
!
! Last configuration change at 16:27:31 UTC Sun Dec 22 2019
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
class-map type inspect match-any my-class-map
 match protocol ssh
 match protocol http
 match protocol icmp
!
policy-map type inspect my-policy-map
 class type inspect my-class-map
  inspect
 class class-default
  drop
!
zone security inside
zone security outside
zone-pair security inside-to-outside source inside destination outside
 service-policy type inspect my-policy-map
!
interface GigabitEthernet0/0
 description S3
 ip address 192.168.3.1 255.255.255.0
 zone-member security inside
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/1
 description R2
 ip address 10.2.2.1 255.255.255.252
 zone-member security outside
 duplex auto
 speed auto
 media-type rj45
!
router eigrp 10
 network 10.0.0.0
 network 192.168.3.0
 passive-interface default
 no passive-interface GigabitEthernet0/1
!
control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
 transport input none
!
no scheduler allocate
!
end

R2#sh run
Building configuration...

 
Current configuration : 3497 bytes
!
! Last configuration change at 16:30:15 UTC Sun Dec 22 2019
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!!
enable secret 5 $1$oj1p$Zc77yg0FrXh.Teg3zUdqd/
!
!
no ip domain lookup
!
username cisco password 0 cisco
!
redundancy
!
!
interface GigabitEthernet0/0
 description R1
 ip address 10.1.1.2 255.255.255.252
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/1
 description R3
 ip address 10.2.2.2 255.255.255.252
 duplex auto
 speed auto
 media-type rj45
!
router eigrp 10
 network 10.0.0.0
 passive-interface default
 no passive-interface GigabitEthernet0/1
 no passive-interface GigabitEthernet0/0
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login local
 transport input all
line vty 5 15
 login local
 transport input all
!
no scheduler allocate
!
end

Comments

  1. them g

    It’s the best time to make some plans for the future and it is time to be happy.
    I have read this post and if I could I wish to suggest you
    few interesting things or suggestions. Maybe you
    can write next articles referring to this article. I want to read even more things
    about it!

  2. they g

    Heya i’m for the first time here. I came across this board and I
    find It truly useful & it helped me out a lot. I hope to give something
    back and aid others like you helped me.

  3. http://www.wildnwassy.com/groups/cbd-oil/

    Hey I know this is off topic but I was wondering if you knew of any widgets I could add
    to my blog that automatically tweet my newest twitter updates.
    I’ve been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something like this.
    Please let me know if you run into anything. I truly
    enjoy reading your blog and I look forward to your new updates.

  4. tinyurl.com

    Wow that was unusual. I just wrote an very long comment but after I
    clicked submit my comment didn’t appear. Grrrr…
    well I’m not writing all that over again. Anyway, just wanted
    to say fantastic blog!

  5. best web hosting 2020

    Howdy! I could have sworn I’ve been to this website before but after browsing through some of the post I realized
    it’s new to me. Anyways, I’m definitely glad I found it and I’ll be book-marking and checking back frequently!

  6. best hosting

    You made some decent points there. I checked on the internet for additional information about the issue and found most people will go along
    with your views on this web site.

  7. webhosting

    Hey there! I’ve been following your weblog for a long time now and finally got the
    bravery to go ahead and give you a shout out from Porter Tx!

    Just wanted to tell you keep up the great work!

  8. cheaptickets

    Hi! I could have sworn I’ve been to this blog before
    but after looking at many of the posts I realized it’s new to me.
    Anyhow, I’m certainly happy I found it and I’ll be book-marking it
    and checking back frequently!

  9. content hosting

    Woah! I’m really loving the template/theme of this site. It’s simple, yet
    effective. A lot of times it’s hard to get that “perfect balance” between usability and appearance.
    I must say that you’ve done a superb job with this.
    In addition, the blog loads very fast for me on Chrome.
    Excellent Blog!

  10. website hosting

    Wonderful goods from you, man. I’ve understand your stuff previous to and you’re just extremely wonderful.
    I really like what you’ve acquired here, really like what you’re stating and the way in which
    you say it. You make it entertaining and you still care for to keep it smart.
    I cant wait to read far more from you. This is actually a
    tremendous website.

  11. web hosting

    Hi there, just became aware of your blog through Google, and
    found that it’s truly informative. I’m going to watch out for brussels.
    I will appreciate if you continue this in future.
    Many people will be benefited from your writing. Cheers!

  12. best website hosting

    Excellent post. I was checking continuously this weblog and I’m inspired!
    Extremely helpful information specifically the ultimate section 🙂 I care for such info much.
    I was looking for this certain info for a very lengthy time.
    Thanks and good luck.

  13. web hosting sites

    Hi would you mind letting me know which web host you’re utilizing?
    I’ve loaded your blog in 3 completely different browsers and I must say this blog
    loads a lot faster then most. Can you suggest a good hosting
    provider at a reasonable price? Thanks, I appreciate it!

  14. cheap flights

    I am not sure where you’re getting your information,
    but good topic. I needs to spend some time learning more or understanding more.
    Thanks for magnificent info I was looking for this information for my mission. 34pIoq5
    cheap flights

  15. cheap flights

    Howdy! I could have sworn I’ve visited this site before but after looking
    at a few of the articles I realized it’s new to me.

    Regardless, I’m definitely pleased I found it and I’ll be bookmarking it and
    checking back often! 3aN8IMa cheap flights

  16. cheap flights

    Hello, I do believe your website could possibly be having browser compatibility issues.
    Whenever I take a look at your web site in Safari, it looks fine however, if opening in I.E.,
    it’s got some overlapping issues. I merely wanted to provide you with
    a quick heads up! Apart from that, wonderful blog!

  17. cheap flights

    I like the valuable info you supply on your
    articles. I’ll bookmark your weblog and check again here regularly.

    I am moderately certain I’ll learn a lot of new stuff proper
    right here! Good luck for the following!

  18. cheap flights

    Hi there very nice website!! Guy .. Excellent .. Wonderful ..
    I’ll bookmark your blog and take the feeds also?

    I am happy to seek out numerous useful info right here in the post, we
    need develop more techniques in this regard, thank you for sharing.
    . . . . .

  19. web hosting reviews

    With havin so much content and articles do you ever run into any problems of plagorism or
    copyright violation? My blog has a lot of exclusive content I’ve either authored myself or outsourced
    but it looks like a lot of it is popping it up all over the web without my agreement.

    Do you know any techniques to help stop content from being
    stolen? I’d really appreciate it.

  20. web hosting company

    Hi there! Quick question that’s totally off
    topic. Do you know how to make your site mobile friendly? My blog looks weird when viewing from my apple iphone.

    I’m trying to find a template or plugin that might be able to correct this problem.
    If you have any suggestions, please share. Cheers!

Leave a Reply

Your email address will not be published.