Enviar pesquisa
Carregar
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instructor
•
0 gostou
•
1,741 visualizações
Salem Trabelsi
Seguir
bhkg
Leia menos
Leia mais
Educação
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 5
Baixar agora
Baixar para ler offline
Recomendados
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
Salem Trabelsi
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
Router configuration in packet tracer
Router configuration in packet tracer
Anabia Anabia
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
Salem Trabelsi
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
Salem Trabelsi
Cisco CCNA- NAT Configuration
Cisco CCNA- NAT Configuration
Hamed Moghaddam
MikroTik Security
MikroTik Security
Rofiq Fauzi
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
Harris Andrea
Recomendados
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
Salem Trabelsi
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
Router configuration in packet tracer
Router configuration in packet tracer
Anabia Anabia
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
Salem Trabelsi
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
Salem Trabelsi
Cisco CCNA- NAT Configuration
Cisco CCNA- NAT Configuration
Hamed Moghaddam
MikroTik Security
MikroTik Security
Rofiq Fauzi
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
Harris Andrea
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
NetProtocol Xpert
MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - English
Adhie Lesmana
2.2.4.9 packet tracer configuring switch port security instructions - ig
2.2.4.9 packet tracer configuring switch port security instructions - ig
Alex Ramirez
Mail server on using cisco packet tracer
Mail server on using cisco packet tracer
SabrinaUporna
MikroTik & RouterOS
MikroTik & RouterOS
Faelix Ltd
Cisco router configuration tutorial
Cisco router configuration tutorial
IT Tech
How to configure port security in cisco switch
How to configure port security in cisco switch
IT Tech
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6
Nil Menon
6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor
Salem Trabelsi
The TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux Kernel
Divye Kapoor
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking Walkthrough
Thomas Graf
MikroTik MTCNA
MikroTik MTCNA
Ali Layth
01- intro to firewall concepts
01- intro to firewall concepts
Mostafa El Lathy
OpenCanary and Canary Tokens
OpenCanary and Canary Tokens
Mats Karlsson
Access Control List & its Types
Access Control List & its Types
Netwax Lab
Ftp server configuration on cisco packet tracer
Ftp server configuration on cisco packet tracer
prodhan999
Ccna rse dynamic routing
Ccna rse dynamic routing
newbie2019
Palo alto networks NAT flow logic
Palo alto networks NAT flow logic
Alberto Rivai
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking Walkthrough
Thomas Graf
CCNA v6.0 ITN - Chapter 09
CCNA v6.0 ITN - Chapter 09
Irsandi Hasan
Sc manual
Sc manual
MugdhaDeodhar
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
galerussel59292
Mais conteúdo relacionado
Mais procurados
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
NetProtocol Xpert
MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - English
Adhie Lesmana
2.2.4.9 packet tracer configuring switch port security instructions - ig
2.2.4.9 packet tracer configuring switch port security instructions - ig
Alex Ramirez
Mail server on using cisco packet tracer
Mail server on using cisco packet tracer
SabrinaUporna
MikroTik & RouterOS
MikroTik & RouterOS
Faelix Ltd
Cisco router configuration tutorial
Cisco router configuration tutorial
IT Tech
How to configure port security in cisco switch
How to configure port security in cisco switch
IT Tech
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6
Nil Menon
6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor
Salem Trabelsi
The TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux Kernel
Divye Kapoor
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking Walkthrough
Thomas Graf
MikroTik MTCNA
MikroTik MTCNA
Ali Layth
01- intro to firewall concepts
01- intro to firewall concepts
Mostafa El Lathy
OpenCanary and Canary Tokens
OpenCanary and Canary Tokens
Mats Karlsson
Access Control List & its Types
Access Control List & its Types
Netwax Lab
Ftp server configuration on cisco packet tracer
Ftp server configuration on cisco packet tracer
prodhan999
Ccna rse dynamic routing
Ccna rse dynamic routing
newbie2019
Palo alto networks NAT flow logic
Palo alto networks NAT flow logic
Alberto Rivai
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking Walkthrough
Thomas Graf
CCNA v6.0 ITN - Chapter 09
CCNA v6.0 ITN - Chapter 09
Irsandi Hasan
Mais procurados
(20)
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - English
2.2.4.9 packet tracer configuring switch port security instructions - ig
2.2.4.9 packet tracer configuring switch port security instructions - ig
Mail server on using cisco packet tracer
Mail server on using cisco packet tracer
MikroTik & RouterOS
MikroTik & RouterOS
Cisco router configuration tutorial
Cisco router configuration tutorial
How to configure port security in cisco switch
How to configure port security in cisco switch
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6
6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor
The TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux Kernel
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking Walkthrough
MikroTik MTCNA
MikroTik MTCNA
01- intro to firewall concepts
01- intro to firewall concepts
OpenCanary and Canary Tokens
OpenCanary and Canary Tokens
Access Control List & its Types
Access Control List & its Types
Ftp server configuration on cisco packet tracer
Ftp server configuration on cisco packet tracer
Ccna rse dynamic routing
Ccna rse dynamic routing
Palo alto networks NAT flow logic
Palo alto networks NAT flow logic
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking Walkthrough
CCNA v6.0 ITN - Chapter 09
CCNA v6.0 ITN - Chapter 09
Semelhante a 4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instructor
Sc manual
Sc manual
MugdhaDeodhar
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
galerussel59292
managing your network environment
managing your network environment
scooby_doo
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
keturahhazelhurst
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
Abhilash Kuniyil
05 module managing your network enviornment
05 module managing your network enviornment
Asif
Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations
Kelson Silva
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
Freddy Buenaño
Saad baig practical file
Saad baig practical file
SaadBaig33
Lab 9 instructions
Lab 9 instructions
trayyoo
lab1
lab1
guest575c3e
Network topology by essay corp uk
Network topology by essay corp uk
Johnsmith5188
TN566 labs
TN566 labs
Lochana Pasyala
119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tut
nicolelemmimg
Ccnav5.org ccna 4-v5_practice_skills_assessment__packet_tracer
Ccnav5.org ccna 4-v5_practice_skills_assessment__packet_tracer
Đồng Quốc Vương
Student packet tracer manual v1.1
Student packet tracer manual v1.1
milkux
CCNA 1 Final v5.0 2014
CCNA 1 Final v5.0 2014
Đồng Quốc Vương
Frame relay
Frame relay
Ihda N
General lab documentation~cisco router configuration
General lab documentation~cisco router configuration
sayedatif
Id. 01 router (computing)
Id. 01 router (computing)
Rawa KirKuKi
Semelhante a 4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instructor
(20)
Sc manual
Sc manual
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
managing your network environment
managing your network environment
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
05 module managing your network enviornment
05 module managing your network enviornment
Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
Saad baig practical file
Saad baig practical file
Lab 9 instructions
Lab 9 instructions
lab1
lab1
Network topology by essay corp uk
Network topology by essay corp uk
TN566 labs
TN566 labs
119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tut
Ccnav5.org ccna 4-v5_practice_skills_assessment__packet_tracer
Ccnav5.org ccna 4-v5_practice_skills_assessment__packet_tracer
Student packet tracer manual v1.1
Student packet tracer manual v1.1
CCNA 1 Final v5.0 2014
CCNA 1 Final v5.0 2014
Frame relay
Frame relay
General lab documentation~cisco router configuration
General lab documentation~cisco router configuration
Id. 01 router (computing)
Id. 01 router (computing)
Último
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
sanyamsingh5019
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
EduSkills OECD
microwave assisted reaction. General introduction
microwave assisted reaction. General introduction
Maksud Ahmed
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
JemimahLaneBuaron
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
Thiyagu K
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
agholdier
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
National Information Standards Organization (NISO)
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
Steve Thomason
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
pragatimahajan3
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
Celine George
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
dawncurless
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
Admir Softic
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
christianmathematics
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
TechSoup
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
Janet Corral
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
discovermytutordmt
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
Chameera Dedduwage
Último
(20)
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
microwave assisted reaction. General introduction
microwave assisted reaction. General introduction
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instructor
1.
© 2014 Cisco
and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 5 Packet Tracer - Configuring a Zone-Based Policy Firewall (ZPF) (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Device Interface IP Address Subnet Mask Default Gateway Switch Port R1 Fa0/1 192.168.1.1 255.255.255.0 N/A S1 Fa0/5 S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A N/A R2 S0/0/0 10.1.1.2 255.255.255.252 N/A N/A S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A N/A R3 Fa0/1 192.168.3.1 255.255.255.0 N/A S3 Fa0/5 S0/0/1 10.2.2.1 255.255.255.252 N/A N/A PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1 S1 Fa0/6 PC-C NIC 192.168.3.3 255.255.255.0 192.168.3.1 S3 Fa0/18 Objectives Verify connectivity among devices before firewall configuration. Configure a zone-based policy (ZPF) firewall on router R3. Verify ZPF firewall functionality using ping, Telnet and a web browser. Background / Scenario Zone-based policy (ZPF) firewalls are the latest development in the evolution of Cisco firewall technologies. In this activity, you configure a basic ZPF on an edge router R3 that allows internal hosts access to external resources and blocks external hosts from accessing internal resources. You then verify firewall functionality from internal and external hosts. The routers have been pre-configured with the following: o Console password: ciscoconpa55
2.
Packet Tracer -
Configuring a Zone-Based Policy Firewall (ZPF) © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 5 o Password for vty lines: ciscovtypa55 o Enable password: ciscoenpa55 o Host names and IP addressing o Static routing Part 1: Verify Basic Network Connectivity Verify network connectivity prior to configuring the zone-based policy firewall. Step 1: From the PC-A command prompt, ping PC-C at 192.168.3.3. Step 2: From the PC-C command prompt, telnet to the Router R2 S0/0/1 interface at 10.2.2.2. Exit the Telnet session. Step 3: From PC-C, open a web browser to the PC-A server. a. Click the Desktop tab and click the Web Browser application. Enter the PC-A IP address 192.168.1.3 as the URL. The Packet Tracer welcome page from the web server should be displayed. b. Close the browser on PC-C. Part 2: Create the Firewall Zones on Router R3 Note: For all configuration tasks, be sure to use the exact names as specified. Step 1: Create an internal zone. Use the zone security command to create a zone named IN-ZONE. R3(config)# zone security IN-ZONE Step 2: Create an external zone. Use the zone security command to create a zone named OUT-ZONE. R3(config-sec-zone)# zone security OUT-ZONE R3(config-sec-zone)# exit Part 3: Define a Traffic Class and Access List Step 1: Create an ACL that defines internal traffic. Use the access-list command to create extended ACL 101 to permit all IP protocols from the 192.168.3.0/24 source network to any destination. R3(config)# access-list 101 permit ip 192.168.3.0 0.0.0.255 any Step 2: Create a class map referencing the internal traffic ACL. Use the class-map type inspect command with the match-all option to create a class map named IN-NET- CLASS-MAP. Use the match access-group command to match ACL 101. R3(config)# class-map type inspect match-all IN-NET-CLASS-MAP R3(config-cmap)# match access-group 101 R3(config-cmap)# exit
3.
Packet Tracer -
Configuring a Zone-Based Policy Firewall (ZPF) © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 5 Note: Although not supported in this Packet Tracer exercise, individual protocols (HTTP, FTP, etc.) can be specific to be matched using the match-any option in order to provide more precise control over what type of traffic is inspected. Part 4: Specify Firewall Policies Step 1: Create a policy map to determine what to do with matched traffic. Use the policy-map type inspect command and create a policy map named IN-2-OUT-PMAP. R3(config)# policy-map type inspect IN-2-OUT-PMAP Step 2: Specify a class type of inspect and reference class map IN-NET-CLASS-MAP. R3(config-pmap)# class type inspect IN-NET-CLASS-MAP Step 3: Specify the action of inspect for this policy map. The use of the inspect command invokes context-based access control (other options include pass and drop). R3(config-pmap-c)# inspect %No specific protocol configured in class IN-NET-CLASS-MAP for inspection. All protocols will be inspected. Issue the exit command twice to leave config-pmap-c mode and return to config mode. R3(config-pmap-c)# exit R3(config-pmap)# exit Part 5: Apply Firewall Policies Step 1: Create a pair of zones. Using the zone-pair security command, create a zone pair named IN-2-OUT-ZPAIR. Specify the source and destination zones that were created in Task 1. R3(config)# zone-pair security IN-2-OUT-ZPAIR source IN-ZONE destination OUT- ZONE Step 2: Specify the policy map for handling the traffic between the two zones. Attach a policy-map and its associated actions to the zone pair using the service-policy type inspect command and reference the policy map previously created, IN-2-OUT-PMAP. R3(config-sec-zone-pair)# service-policy type inspect IN-2-OUT-PMAP R3(config-sec-zone-pair)# exit R3(config)# Step 3: Assign interfaces to the appropriate security zones. Use the zone-member security command in interface configuration mode to assign Fa0/1 to IN-ZONE and S0/0/1 to OUT-ZONE. R3(config)# interface fa0/1 R3(config-if)# zone-member security IN-ZONE R3(config-if)# exit
4.
Packet Tracer -
Configuring a Zone-Based Policy Firewall (ZPF) © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 5 R3(config)# interface s0/0/1 R3(config-if)# zone-member security OUT-ZONE R3(config-if)# exit Step 4: Copy the running configuration to the startup configuration. Part 6: Test Firewall Functionality from IN-ZONE to OUT-ZONE Verify that internal hosts can still access external resources after configuring the zone-based policy firewall. Step 1: From internal PC-C, ping the external PC-A server. From the PC-C command prompt, ping PC-A at 192.168.1.3. The ping should succeed. Step 2: From internal PC-C, telnet to the router R2 S0/0/1 interface. a. From the PC-C command prompt, telnet to R2 at 10.2.2.2 and provide the vty password ciscovtypa55. The Telnet session should succeed. b. While the Telnet session is active, issue the command show policy-map type inspect zone-pair sessions on R3 to view established sessions. R3# show policy-map type inspect zone-pair sessions Zone-pair: IN-ZONE-OUT-ZONE Service-policy inspect : IN-2-OUT-PMAP Class-map: IN-NET-CLASS-MAP (match-all) Match: access-group 101 Inspect Established Sessions Session 218154328 (192.168.3.3:1025)=>(10.2.2.2:23) :tcp SIS_OPEN Created 00:03:07, Last heard 00:02:54 Bytes sent (initiator:responder) [0:0] Class-map: class-default (match-any) Match: any Drop (default action) 0 packets, 0 bytes What is the source IP address and port number? ____________________________________________________________________________________ 192.168.3.3:1025 (port 1025 is random) What is the destination IP address and port number? ____________________________________________________________________________________ 10.2.2.2:23 (Telnet = port 23)
5.
Packet Tracer -
Configuring a Zone-Based Policy Firewall (ZPF) © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 5 Step 3: From PC-C, exit the Telnet session on R2 and close the command prompt window. Step 4: From internal PC-C, open a web browser to the PC-A server web page. Enter the server IP address 192.168.1.3 in the browser URL field, and click Go. The HTTP session should succeed. While the HTTP session is active, issue the command show policy-map type inspect zone-pair sessions on R3 to view established sessions. Note: If the HTTP session times out before you execute the command on R3, you will have to click the Go button on PC-C to generate a session between PC-C and PC-A. R3# show policy-map type inspect zone-pair sessions Zone-pair: IN-ZONE-OUT-ZONE Service-policy inspect : IN-2-OUT-PMAP Class-map: IN-NET-CLASS-MAP (match-all) Match: access-group 101 Inspect Established Sessions Session 167029736 (192.168.3.3:1027)=>(192.168.1.3:80) :tcp SIS_OPEN Created 00:00:01, Last heard 00:00:01 Bytes sent (initiator:responder) [0:0] Class-map: class-default (match-any) Match: any Drop (default action) 0 packets, 0 bytes What is the source IP address and port number? _______________________________________________________________________________________ 192.168.3.3:1027 (port 1027 is random) What is the destination IP address and port number? _______________________________________________________________________________________ 192.168.1.3:80 (HTTP web = port 80) Step 5: Close the Browser on PC-C. Part 7: Test Firewall Functionality from OUT-ZONE to IN-ZONE Verify that external hosts CANNOT access internal resources after configuring the zone-based policy firewall. Step 1: From the PC-A server command prompt, ping PC-C. From the PC-A command prompt, ping PC-C at 192.168.3.3. The ping should fail. Step 2: From router R2, ping PC-C. From R2, ping PC-C at 192.168.3.3. The ping should fail. Step 3: Check results. Your completion percentage should be 100%. Click Check Results to see feedback and verification of which required components have been completed.
Baixar agora