Eicon Networks S92 Manuel d'utilisateur télécharger pdf (Page 67)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 67

PRIMARYFirewallConfiguration

Tutorial–Che ckPointFW1

ConfiguringtheR ulebaseforFW1_B2C

Refertot he“ProductsPreparation”section forinformationonFW1and WindowsNT hardening.

SecurityPolicies:

FW1_B2CisthefrontlinefirewallagainstoutsideintrusionalongtheB2Clink.The

securitypolicyherecontainstheelementslistedbelow(intheorderspecifiedbelow

aswell):

1. Ecommercewebservice– TCPport80(HTTP)and443(SSL)allowedIN

2. Emailservicefortheexternalworld– TCPport25(SMTP)allowedIN

3. DNSservicefortheexternalworld–UDPport53(DNSrequest)allowedIN

4. Dropandlogeverythingelse

RuleProcessingandOrders:

FW1hasafriendlyyetpowerfulrulebaseinterface.Asasecurityadministrator,a

centralizedinterfacefordefiningallthesecurityelementsisgood.However,FW1

introducesconfusionsbyallowingsomeofthesecurityelementstobeactivatedvia

separatepropertiesdialogs.Thisisnotonlyconfusing,butisalsogivingroomfor

conflicts.Totrulydeterminetheeffectivesecuritypolicies,thecombinationof

SecurityPolicyPropertiessettingsandRuleBasemustbetakenaccountinto.

InFW1,packetsarematchedinthefollowingorder:

1. AntiSpoofing

2. PropertiesmarkedFIRSTintheSecurityPolicyProperties

3. Rulebaseorderexceptforthelastrule

1 2 ... 62 63 64 65 66 67 68 69 70 71 72 ... 208 209

Pas de commentaire

Eicon Networks S92 Manuel d'utilisateur Page 67