Firewall - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Firewall

Description:

The address of a subnet. for a class C subnet IP address: 192.168.20.0/255.255.255.0 ... used to change the destination port of the forwarded packets. 9 ... – PowerPoint PPT presentation

Number of Views:31
Avg rating:3.0/5.0
Slides: 25
Provided by: jbu92
Category:
Tags: address | change | firewall | ip

less

Transcript and Presenter's Notes

Title: Firewall


1
Firewall Policies
2
Firewall Policies
  • Instructions used by your FortiGate unit to
    decide what to do with a connection request
  • Firewall gt Policy gt Policy

3
FortiOS Zone-based Security
  • Physical and logical (VLAN) interfaces are
    assigned to zones
  • Policies are defined between zones
  • Routing is used to choose the right policy set

4
Addresses
  • Configure addresses with a name, an IP address,
    and a netmask, or name and IP address range
  • The address of a subnet
  • for a class C subnet IP address
    192.168.20.0/255.255.255.0
  • A single IP address
  • 192.168.20.1/255.255.255.255
  • All possible IP addresses
  • 0.0.0.0/0.0.0.0
  • A range of IP addresses in a subnet
  • 192.168.20.1 to 192.168.20.10

5
Create Addresses
  • Add, edit, and delete firewall addresses and
    address ranges
  • Firewall gt Address gt Address gt Create New

6
Create Address Groups
  • Organize related addresses into address groups to
    simplify policy configuration
  • Firewall gt Address gt Group gt Create New

7
Virtual IP Addresses
  • Access IP addresses on a destination network that
    are hidden from the source network by NAT
    security policies
  • Static NAT
  • used to translate an address on a source network
    to a hidden address on a destination network
  • translates the source address of return packets
    to the address on the source network
  • Firewall gt Virtual IP gt Virtual IP gt Create New

8
Port Forwarding
  • aka Port Address translation (PAT)
  • used to translate an address and a port number on
    a source network to a hidden address and,
    optionally, a different port number on a
    destination network
  • used to route packets with a specific port number
    and a destination address that matches the IP
    address of the interface that receives the
    packets
  • used to change the destination port of the
    forwarded packets

9
IP Pools
  • A range of IP addresses added to a firewall
    interface
  • Used IP pools for
  • NAT mode policies that translate source addresses
    to addresses randomly selected from the pool
  • the destination interface to support multiple
    connections when using fixed ports
  • dynamic NAT
  • Firewall gt IP Pool gt IP Pool gtCreate New

10
Schedules
  • Use schedules to control when policies are active
    or inactive
  • One-time schedules
  • Recurring schedules

11
One-time Schedules
  • Create a one-time schedule that activates or
    deactivates a policy for a specified period of
    time
  • Firewall gt Schedule gt One-time gt Create New

12
Recurring Schedules
  • Create a recurring schedule that activates or
    deactivates policies at specified times of the
    day or on specified days of the week
  • Firewall gt Schedule gt Recurring gt Create New

13
Services
  • Determine the types of communication accepted or
    denied by the firewall
  • Add any of the predefined services to a policy
  • Create custom services and add services to
    service groups
  • Firewall gt Service gt Predefined

14
Custom Services
  • Add a custom service if you need to create a
    policy for a service that is not in the
    predefined services list
  • Firewall gt Service gt Custom gt Create New

15
Service Groups
  • Create groups of services and then add one policy
    to provide or block access for all the services
    in the group
  • predefined services
  • custom services
  • Firewall gt Service gt Group gt Create New

16
Firewall Policies
  • Policy matching
  • Protection profiles
  • Logging
  • Authentication
  • Traffic shaping
  • Differentiated services

17
Authentication
  • Create user groups
  • Require group members to provide user name and
    password
  • Apply to specified services or service groups
  • Requires human interface application (Internet
    browser, telnet, FTP) to authenticate
  • configure DNS allow policy

18
Traffic Shaping
  • Control bandwidth available to traffic
  • Set priorities for different types of traffic
  • Must be applied in every policy to take effect
  • Firewall gt Policy gt Policy gt Create New gt Advanced

19
Differentiated Services
  • Defined by RFC 2474 and RFC 2475
  • Enable scalable service discrimination in the IP
    network
  • Does not require per-flow state and signaling at
    every hop
  • Sorts IP traffic into classes by inspecting the
    DS field in an IPv4 header or the Traffic Class
    field in an IPv6 header
  • Firewall gt Policy gt Policy gt Create New gt Advanced

20
Policy Sequence
  • Policies should be listed from specific to
    general
  • In the example below, specific policies for lunch
    and weekend are below the general always policy
  • The two specific policies will never be
    implemented
  • Encrypt policies are always on top (above general
    policies)

21
Creating Policies
  • Source interface
  • Destination interface
  • Source address name
  • Destination address name
  • Schedule
  • Service
  • Action
  • Accept
  • Deny
  • Encrypt

22
Accept Policy
  • Accept connections matched by the policy

23
Deny Policy
  • Reject connections matched by the policy

24
Encrypt Policy
  • Create policies for IPSec VPN
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Firewall" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!