![Page 1: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/1.jpg)
Hardware Firewalls: Advanced Feature
© N. Ganesan, Ph.D.
![Page 2: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/2.jpg)
Chapter Objective
• Discuss various additional and important features of a firewall– DHCP– Virtual server– Enabling applications that require multiple
connections– Filters (IP, MAC etc. )– Firewall rules regulating traffic– DMZ– Remote management– etc.
![Page 3: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/3.jpg)
Module
WAN Side IP Specifications © N. Ganesan, Ph.D.
![Page 4: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/4.jpg)
WAN Side IP
• In the case of the firewall/switch, an address for the firewall must be specified for both the WAN side and the LAN side– The LAN side address will be a private
address that is not visible to the Internet
![Page 5: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/5.jpg)
IP Options
• Static IP– Demonstrated early
• Dynamic IP– Cable modem and LAN Internet sharing– Could also be employed in the case of
DSL
• PPPoE– DSL specific
![Page 6: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/6.jpg)
![Page 7: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/7.jpg)
![Page 8: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/8.jpg)
![Page 9: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/9.jpg)
![Page 10: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/10.jpg)
![Page 11: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/11.jpg)
![Page 12: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/12.jpg)
![Page 13: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/13.jpg)
Module
LAN Side IP Specification© N. Ganesan, Ph.D.
![Page 14: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/14.jpg)
IP Options
• Generally speaking, a static private IP is specified for the firewall/switch for the LAN side
![Page 15: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/15.jpg)
![Page 16: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/16.jpg)
Module
DHCP© N. Ganesan, Ph.D.
![Page 17: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/17.jpg)
DHCP Enabling
• DHCP can be enabled to deliver dynamic IP addresses for all the LAN side clients
• At the same time, static IP addresses can be assigned to selected clients based on their MAC addresses
![Page 18: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/18.jpg)
![Page 19: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/19.jpg)
Change this slide, make it enabled.
![Page 20: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/20.jpg)
![Page 21: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/21.jpg)
![Page 22: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/22.jpg)
Module
Advanced Features© N. Ganesan, Ph.D.
![Page 23: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/23.jpg)
Advanced Features
• Virtual servers• Applications• Filters• Firewalls• DMZ
![Page 24: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/24.jpg)
Virtual Servers
• Opening a port through the firewall to give access to a web server that is hosted on the private LAN
![Page 25: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/25.jpg)
![Page 26: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/26.jpg)
Web Server Settings
• Private IP address: 192.168.0.1• Public Port: 80• Private Port: 80• Availability: Always
![Page 27: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/27.jpg)
![Page 28: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/28.jpg)
Another Way to Set the Web Server Pass Through
• Select from the virtual server list and edit the entry
![Page 29: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/29.jpg)
![Page 30: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/30.jpg)
Edit
![Page 31: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/31.jpg)
![Page 32: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/32.jpg)
Other servers
![Page 33: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/33.jpg)
Module
Special Applications© N. Ganean, Ph.D.
![Page 34: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/34.jpg)
Opening Ports for Special Applications
• There are special applications that would require one or more ports to be opened through the firewall/switch
• Examples include Internet chat, telephony applications etc.
![Page 35: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/35.jpg)
![Page 36: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/36.jpg)
Module
Filters© N. Ganesan, Ph.D.
![Page 37: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/37.jpg)
Filters and Blockers
• IP Filters– LAN clients can be selectively blocked from
accessing the Internet based on their IP address
• MAC Filters– The same as above, but the filter is based
on MAC address of a client• URL Blocking
– URLs can be blocked from being accessed• Domain Blocking
– Access to domains can be blocked as well
![Page 38: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/38.jpg)
![Page 39: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/39.jpg)
IP Filters
• IP filters can be applied altogether to a client or they can be applied to specific ports of a client
• A range of IP addresses and a range of port numbers can be specified to be filtered
![Page 40: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/40.jpg)
IP range can be specified.
A range of ports can be specified.
![Page 41: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/41.jpg)
![Page 42: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/42.jpg)
Module
Firewall Rules© N. Ganesan, Ph.D.
![Page 43: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/43.jpg)
Firewall Rules
• Firewall rules can be specified to allow or block traffic entering the firewall or passing through the firewall/switch
• For example, pinking the firewall from the Internet (WAN) side can be disabled using firewall rules
![Page 44: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/44.jpg)
![Page 45: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/45.jpg)
Module
Creating Demilitarized Zones (DMZ)
© N. Ganesan, Ph.D.
![Page 46: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/46.jpg)
DMZ Defined
• Computers in the DMZ by pass the control of the firewall– In other words, for all practical
purposes, they could be considered as being directly connected to the Internet
![Page 47: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/47.jpg)
![Page 48: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/48.jpg)
Module
Firewall Tools© N. Ganesan, Ph.D.
![Page 49: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/49.jpg)
Tools
• Administrative– Set passwords and enable or disable remote
management
• Time– Set the current time and date
• System– Store and load firewall settings
• Firmware upgrade• Miscellaneous tools
![Page 50: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/50.jpg)
Administrative Tools
• Set administrator and a user password
• Enable the firewall to be managed from a remote computer probably over the Internet– In general, it is not desirable to
enable this option for security reasons
![Page 51: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/51.jpg)
1
2
3
![Page 52: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/52.jpg)
Module
Set Time© N. Ganesan, Ph.D.
![Page 53: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/53.jpg)
![Page 54: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/54.jpg)
System
• Store current firewall settings to the hard drive
• Load a previously stored firewall settings from the hard drive
• Restore factory default settings for the firewall
![Page 55: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/55.jpg)
1
2
3
![Page 56: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/56.jpg)
Module
Firmware Upgrade© N. Ganesan, Ph.D.
![Page 57: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/57.jpg)
![Page 58: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/58.jpg)
![Page 59: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/59.jpg)
Module
Miscellaneous Tools© N. Ganesan, Ph.D.
![Page 60: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/60.jpg)
Miscellaneous Tools
• Pinging a host name or an IP address• Restarting the firewall
– Probably to activate any changes made
• Block the pinging of the firewall from the Internet (WAN) side
• Enabling UPNP and gaming mode• Allow VPN traffic based on PPTP and
IPSec to pass through • Enable dynamic DNS service
![Page 61: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/61.jpg)
Ping Test
![Page 62: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/62.jpg)
![Page 63: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/63.jpg)
Block Pinging from the Internet Side
![Page 64: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/64.jpg)
![Page 65: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/65.jpg)
Enabling UPNP Settings and Game Mode
![Page 66: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/66.jpg)
![Page 67: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/67.jpg)
Allowing Virtual Private Networks (VPN) Connections
![Page 68: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/68.jpg)
VPN Connections
• Firewall can be set to allow VPN links to the clients on the LAN side for the two popular protocols used in implementing VPNs
![Page 69: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/69.jpg)
![Page 70: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/70.jpg)
Module
Status Reporting© N. Ganesan, Ph.D.
![Page 71: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/71.jpg)
Status Reporting
• Display LAN and WAN settings • Log and display the log of activities
– Attacks, dropped packets etc.
• Display traffic statistics– Number of packets transmitted and
received on the WAN (Internet – External) and LAN (Internal) side
![Page 72: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/72.jpg)
Display of WAN and LAN Settings
![Page 73: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/73.jpg)
![Page 74: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/74.jpg)
Log of Activities
![Page 75: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/75.jpg)
Log of Activities
• System activity• Debug information• Attacks• Dropped packets• Notice• Note: The log can also be
transmitted to an administrators email
![Page 76: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/76.jpg)
![Page 77: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/77.jpg)
![Page 78: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/78.jpg)
![Page 79: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/79.jpg)
![Page 80: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/80.jpg)
Traffic Statistics
![Page 81: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/81.jpg)
![Page 82: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/82.jpg)
Additional Help
![Page 83: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/83.jpg)
![Page 84: Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D](https://reader037.vdocuments.mx/reader037/viewer/2022103123/56649d395503460f94a12bf3/html5/thumbnails/84.jpg)
The End