fw mgmt - Cyber-JL/SEC-350-01 GitHub Wiki

3.1 Segmentation 1

Configuration

   Network adapter 1: SEC350-01-LAN-jude.lindale
   Network adapter 2: SEC350-01-MGMT-jude.lindale

   configure
   set interfaces ethernet eth0 description SEC350-LAN
   set interfaces ethernet eth1 description SEC350-MGMT
   set interfaces ethernet eth0 address 172.16.150.3/24
   set interfaces ethernet eth1 address 172.16.200.2/28
   set protocols static route 0.0.0.0/0 next-hop 172.16.150.2
   set system name-server 172.16.150.2
   commit 
   save
   exit

RIP on FW-MGMT

   set protocols rip interface eth0
   set protocols rip network 172.16.200.0/28

Lab 4.1 Network Firewalls 1

Point-to-Point LAN and MGMT configurations

LAN-to-MGMT

  set firewall name LAN-to-MGMT default-action 'drop'
  set firewall name LAN-to-MGMT enable-default-log

  set firewall name LAN-to-MGMT rule 1 action 'accept'
  set firewall name LAN-to-MGMT rule 1 state established 'enable'

  set firewall name LAN-to-MGMT rule 10 action 'accept'
  set firewall name LAN-to-MGMT rule 10 destination address '172.16.200.10'
  set firewall name LAN-to-MGMT rule 10 destination port '1514,1515'
  set firewall name LAN-to-MGMT rule 10 protocol 'tcp'

  set firewall name LAN-to-MGMT rule 20 action 'accept'
  set firewall name LAN-to-MGMT rule 20 destination address '172.16.200.10'
  set firewall name LAN-to-MGMT rule 20 destination port '443'
  set firewall name LAN-to-MGMT rule 20 protocol 'tcp'

  set firewall name LAN-to-MGMT rule 30 action 'accept'
  set firewall name LAN-to-MGMT rule 30 destination address '172.16.200.10'
  set firewall name LAN-to-MGMT rule 30 destination port '22'
  set firewall name LAN-to-MGMT rule 30 protocol 'tcp'

MGMT-to-LAN

  set firewall name MGMT-to-LAN default-action 'drop'
  set firewall name MGMT-to-LAN enable-default-log

  set firewall name MGMT-to-LAN rule 1 action 'accept'
  set firewall name MGMT-to-LAN rule 1 state established 'enable'

  set firewall name MGMT-to-LAN rule 10 action 'accept'
  set firewall name MGMT-to-LAN rule 10 description 'MGMT to LAN'
  set firewall name MGMT-to-LAN rule 10 destination address '172.16.50.0/29'

  set firewall name MGMT-to-LAN rule 20 action 'accept'
  set firewall name MGMT-to-LAN rule 20 description 'MGMT to DMZ'
  set firewall name MGMT-to-LAN rule 20 destination address '172.16.150.0/24'

Zone Policy

MGMT

  MGMT
  set zone-policy zone LAN from MGMT firewall name 'MGMT-to-LAN'
  set zone-policy zone LAN interface 'eth0'

  LAN
  set zone-policy zone MGMT from LAN firewall name 'LAN-to-MGMT'
  set zone-policy zone MGMT interface 'eth1'