Lab10:1Firewalling - echadbourne/NET-330 GitHub Wiki

Firewalling activity

Start by denying the network 192.168.11.0 access to the network connected to router 3, as close to that network as possible (outbound interface)

  • Just using a simple blanket standard rule

image

Ping test

image

Then deny network 192.168.10.0/24 access to the ISP (I think the actual address was 200.200.200.2, I would have changed this later)

  • This uses an extended rule for more detailed permit/deny actions

image

Ping test

image

Next is the Deny2Fileserver and Web2Webserver rules. Basically I just specified the one protocol I wanted to get through for the web server, and denied the file server access to the ISP

I do understand that there is a blanket deny any at the bottom of these rules, but I had some trouble with that so I added more. Turns out the issue wasn't related, so it was unnecessary.

image

Side note, I don't like how cisco packet tracer shows the interface connections in the overall topology. I was applying rules to the wrong interface. And apparently you can only have one access list active at a time.

Deleting an Access List

image