Scribd Logo
Upload

Welcome to Scribd!

  • Infosec - DMZ Konfig A ROUTEREN

    Uploaded by

    Squi Dgamed
    19 views2 pages
    The document outlines the steps to configure a Zone Policy Firewall (ZPF) on a router, including: creating internal and external security zones, defining traffic classes to allow internal hosts access to the internet and traffic from the internet to the DMZ, specifying firewall policies for each traffic class, and applying the firewall policies between the internal and external zones.

    Original Description:

    infosec, DMZ

    Original Title

    infosec - DMZ konfig a ROUTEREN

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document outlines the steps to configure a Zone Policy Firewall (ZPF) on a router, including: creating internal and external security zones, defining traffic classes to allow internal hosts access to the internet and traffic from the internet to the DMZ, specifying firewall policies for each traffic class, and applying the firewall policies between the internal and external zones.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    19 views2 pages

    Infosec - DMZ Konfig A ROUTEREN

    Uploaded by

    Squi Dgamed
    The document outlines the steps to configure a Zone Policy Firewall (ZPF) on a router, including: creating internal and external security zones, defining traffic classes to allow internal hosts access to the internet and traffic from the internet to the DMZ, specifying firewall policies for each traffic class, and applying the firewall policies between the internal and external zones.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    STEP 7.

    config ZPF on Router


    (Zone Policy Firewall)

    -create zones

    internal zone named CORP-INSIDE:


    Router(config)# zone security CORP-INSIDE

    external zone named INTERNET:


    Router(config)# zone security INTERNET

    -define a traffic class to allow traffic from the internal network to the
    Internet-----

    a) create a class map named INSIDE_PROTOCOLS (class map type inspect; match-any
    keyword):*
    Router(config)# class-map type inspect match-any INSIDE_PROTOCOLS

    b) match the protocols (http, tcp, udp, icmp, dns) in this class map:
    Router(config-cmap)#match protocol http
    Router(config-cmap)#match protocol tcp
    Router(config-cmap)#match protocol udp
    Router(config-cmap)#match protocol icmp
    Router(config-cmap)#match protocol dns
    *to delete: 'no' keyword in front of all

    c)specify firewall policies to allow internal hosts Internet access

    > create policy called INSIDE_TO_INTERNET, use the INSIDE_PROTOCOLS class map,set
    the 'inspect' action:
    Router(config)# policy-map type inspect INSIDE_TO_INTERNET
    Router(config-pmap)# class type inspect INSIDE_PROTOCOLS
    Router(config-pmap-c)# inspect

    -define a traffic class to allow traffic from the Internet to DMZ-----

    a) create class map named DMZ_WEB


    Router(config)# class-map type inspect match-any DMZ_WEB

    b) match the protocols:


    Router(config-cmap)#match protocol http
    Router(config-cmap)#match protocol dns

    c) specify firewall policies

    > create policy called INTERNET_TO_DMZWEB, use the DMZ_WEB class map, set the
    'pass' action:
    Router(config)# policy-map type inspect INTERNET_TO_DMZWEB
    Router(config-pmap)# class type inspect DMZ_WEB
    Router(config-pmap-c)# pass

    -apply the firewall

    a) create a zone-pair named IN_TO_OUT_ZONE


    (source: CORP-INSIDE; destination: INTERNET)

    Router(config)# zone-pair security IN_TO_OUT_ZONE source CORP-INSIDE destination


    INTERNET
    Router(config-sec-zone-pair)#

    You might also like