Professional Documents
Culture Documents
1. Log on to https://www.cloudharmonics.com/ with the e-mail you used to register for the class.
2. Click the LABS tab.
3. Click the screen of the Student PC in the network diagram.
Click here to
access
student PC
desktop
4. The browser opens a separate tab with a connection to a Windows virtual machine.
5. If you see a windows installer, close it.
6. You can do all of the labs on that virtual machine, or do some with your browser connecting to
the firewall's user interface.
1. Return to the lab diagram and click the icon to connect to the firewall's web interface ( ).
2. Log on as admin with the password admin (the default credentials) and click OK to dismiss
the warning.
3. Select Do not show again and click Close to close the "what is new" window.
4. Click the Device tab.
5. Click the Administrators node (the link in the side bar).
6. Click admin.
7. Change the password from admin to Knowledge4u!.
There is no need to commit after this step. Password changes happen immediately.
1a
1b 1c
3. If you change the IP address, the lab will stop working. So instead, change the netmask to
255.0.0.0. The change is meaningless in this environment, because the firewall never needs
to access a 10.<not thirty>.<x>.<y> IP address.
4. Click OK.
5. Click Commit, and confirm with another Commit.
6. Click Close.
6. Click the XML API and Command Line tabs to see there is no access allowed through those
interfaces.
7. Click OK.
Create an operator
8. Click Device > Administrator.
9. Click Add.
10. Create an administrator with these parameters:
Name operator
Password Knowledge4u!
Administrator Type Role Based
Profile operator
11. Click the Commit icon ( ) in the top right of the window.
12. Click Commit and then OK.
13. After the commit process, click Close.
Export a configuration
In this portion of the lab you act as the administrator, having just finished quality assurance on a new
firewall policy. Uptime is extremely important to your organization, so you have a separate QA setup
from your production network.
3. Click Save named configuration snapshot.
4. Name the configuration passed-qa and click OK and then Close.
5. Click Export named configuration snapshot.
6. Select passed-qa and click OK.
7. If you'd like, open the downloaded XML file in Internet Explorer to see it.
Import a configuration
Now you need to upload the verified configuration to your production firewall. Pretend you logged out
of the QA firewall and gone to the production one.
8. Before you modify the configuration, save the current production configuration into prod-
conf-old.
9. Click Import named configuration snapshot. Select passed-qa from the Downloads folder.
Click OK and then Close.
10. Click Load named configuration snapshot.
11. Select passed-qa. Click OK and then Close.
This rule does not apply to the VLAN interfaces, because their zones are not in the
source zone field. In a real life implementation, you would need to add them.
8. Run this command to only see the logical interface information for interfaces that are part of a
VLAN:
Remember to use match and not grep. While a grep command exists in the command
line interface, it is used for searching in files, not in pipeline mode
configure
set deviceconfig system login-banner "Authorized users only"
commit
1. Return to the lab diagram and click the icon to connect to the firewall's web interface ( ).
2. Log on as admin with the password Knownledge4u!.
3. Click Policies > Security.
4. See the three rules. Rule #1 allows some applications access from the trusted zone to the
untrusted zone (this also includes replies going back to the trusted zone). The bottom two rules
are the defaults: anything within a zone that is not explicitly denied above is allowed, anything
between zones that is not explicitly allowed is denied.
5. Return to the lab diagram and click the icon to connect to the student PC.
6. Go to a news site, such as http://www.slashdot.org. See you have access.
7. Try to go to Google Drive (https:/drive.google.com) and see it is blocked.
5. Click OK.
6. Click Commit.
7. Click Preview Changes and then OK.
8. If the popup is blocked by your browser, allow it. You might need to repeat the previous step.