YuChakTinMichael‘sGIACGCFWProjectAssignment
Page 67
PRIMARYFirewallConfiguration
Tutorial–Che ckPointFW1
ConfiguringtheR ulebaseforFW1_B2C
Refertot he“ProductsPreparation”section forinformationonFW1and WindowsNT hardening.
SecurityPolicies:
FW1_B2CisthefrontlinefirewallagainstoutsideintrusionalongtheB2Clink.The
securitypolicyherecontainstheelementslistedbelow(intheorderspecifiedbelow
aswell):
1. Ecommercewebservice– TCPport80(HTTP)and443(SSL)allowedIN
2. Emailservicefortheexternalworld– TCPport25(SMTP)allowedIN
3. DNSservicefortheexternalworld–UDPport53(DNSrequest)allowedIN
4. Dropandlogeverythingelse
RuleProcessingandOrders:
FW1hasafriendlyyetpowerfulrulebaseinterface.Asasecurityadministrator,a
centralizedinterfacefordefiningallthesecurityelementsisgood.However,FW1
introducesconfusionsbyallowingsomeofthesecurityelementstobeactivatedvia
separatepropertiesdialogs.Thisisnotonlyconfusing,butisalsogivingroomfor
conflicts.Totrulydeterminetheeffectivesecuritypolicies,thecombinationof
SecurityPolicyPropertiessettingsandRuleBasemustbetakenaccountinto.
InFW1,packetsarematchedinthefollowingorder:
1. AntiSpoofing
2. PropertiesmarkedFIRSTintheSecurityPolicyProperties
3. Rulebaseorderexceptforthelastrule
Commentaires sur ces manuels