1. Firewall Reconciliation
(Six Months Industrial Training Report)
By- Gurjan Singh
Roll no.- 1054
Firewall Reconciliation 1
2. COMPANY PROFILE
3. COMPANY PROFILE
Bharti Enterprises has been at the forefront of technology and has
revolutionized telecommunications with its world-class products and services.
Today Bharti Teletech is the major PTT supplier in South Asia. It has ISO 9002
accreditation and also an OEM for Sprint Corporation and Siemens.
It’s range of products marketed under the brand name Beetel constitute a 30%
market share in India thereby making it the market leader in the domestic
Firewall Reconciliation 3
4. COMPANY ACHIEVEMENTS & AWARDS
Awarded the Excellence Award for Telecommunication by Geospacial World
Awarded as the Global Gamechanger, Innovative VAS provider, Customer
Experience Enhancement at the ET Telecom awards 2011.
Ranked 6th in Asia-Pacific and 5th in India in the list of ‘Top 25 Companies for
Firewall Reconciliation 4
5. COMPANY ACHIEVEMENTS & AWARDS
Beyond Excellence – Improvement of Voice Network Quality by National award
on Economics of Quality by Quality Council of India (QCI).
‘Har Ek Friend Zaroori Hota Hai’ – One of the most loved campaigns was the
second most awarded campaign at the Creative ABBY Awards! It won total of 7
metals including 2 gold, 4 silver and 1 bronze.
‘Product of the Year’ award for Airtel Digital TV (HD).
Firewall Reconciliation 5
6. PROJECT UNDERTAKEN
Firewall Reconciliation 6
7. FIREWALL RECONCILIATION
A firewall is a part of a computer system or network that is designed to block
unauthorized access while permitting authorized communications.
There are several types of firewall techniques:
Firewall Reconciliation 7
8. FUNCTIONS OF FIREWALL
A firewall is a dedicated appliance, or software running on a computer, which
inspects network traffic passing through it, and denies or permits passage
based on a set of rules.
It is normally placed between a protected network and an unprotected
network and acts like a gate to protect assets to ensure that nothing private
goes out and nothing malicious comes in.
Firewall Reconciliation 8
9. SOFTWARES USED FOR FIREWALL
SOFTWARES BEING USED:
CHECKPOINT SMART DASHBOARD.
CHECKPOINT SMARTVIEW MONITOR.
CHECKPOINT SMARTVIEW TRACKER.
Firewall Reconciliation 9
10. SOFTWARES BEING USED
CHECKPOINT SMART DASHBOARD
Smart Dashboard is a single, comprehensive user interface for defining and
managing multiple elements of a security policy: firewall security, VPNs,
network address translation, web security.
CHECKPOINT SMARTVIEW MONITOR
SmartView Monitor centrally monitors Check Point and OPSEC devices,
presenting a complete visual picture of changes to gateways, remote users
and security activities. This enables administrators to immediately identify
changes in network traffic flow patterns that may signify malicious activity.
Firewall Reconciliation 10
11. Firewall Reconciliation 11
12. Firewall Reconciliation 12
13. SOFTWARES BEING USED
Administrators can use SmartView Tracker in order to ensure their products
are operating properly, troubleshoot system and security issues, gather
information for legal or audit purposes, and generate reports to analyze
network traffic patterns.
SUBNET MASK CALCULATOR
With subnet mask you can split your network into subnets. Enter your IP
address and play with the second netmask until the result matches your need.
Firewall Reconciliation 13
14. Firewall Reconciliation 14
15. FIREWALL RECONCILIATION STEPS
In Firewall we apply rules to the network. These rules are applied so as to
increase the security of the network. We have restricted the users from
accessing the network by applying these rules in the firewall.
These rules are applied to the whole network, though only a few IP are being
used in that network. So with this, it gives the other IP to use the service like
http, Telnet etc.
Firewall reconciliation means dividing the rules on the network. By doing
reconciliation we can apply the same rule on the that we want them to use
the service and not the whole network.
Firewall Reconciliation 15
16. FIREWALL RECONCILIATION
RULEBASE AT PRESENT
Firewall Reconciliation 16
SOURCE DESTINATION PORT ACTION
IT Tech IP 80 Accept
Tech IT IP 8080 Accept
Tech Tech DMZ 443 Accept
Tech Internet 8080 Accept
Tech network subnets
group for circle
10.X.X.X Any Accept
Any Any Any Drop
17. FIREWALL RECONCILIATION STEPS
We do firewall reconciliation by taking logs from the firewall, from which we
can come to know about the all the IPs are trying to use the service and who
are using that service. From there we can take the necessary IPs and delete
the unnecessary ones.
With this reconciliation the network security is increased as only the few IPs
are allowed to use that particular service, thus avoiding the other IPs to use
the same service to access the routes switches.
Firewall Reconciliation 17
18. FIREWALL RECONCILIATION
Firewall Reconciliation 18
SOURCE DESTINATION PORT ACTION
IT Tech subnets inside XX Accept
IT Tech subnets DMZ XXX Accept
Tech subnets Tech subnets DMZ /
Tech DMZ Tech subnets XXX Accept
Tech DMZ Tech DMZ XXX Accept
10.X.X.X Tech NW subnets
group for circle
Tech NW subnets group
Any Any Any Drop
19. WHATSUP GOLD
Firewall Reconciliation 19
20. ACTIVITY PERFORMED
Requirement: Installation of two new Cisco 3750 Switches (in stack)
Host name: PUN_AS14_MOH
IP Address: 10.20.6.29
Description: Presently PUN_AS09_MOH (10.20.6.25) & PUN_AS10_MOH
(10.20.6.26) are directly connected to PUN_CS01_MOH (10.20.6.2) &
PUN_CS02_MOH (10.20.6.3) respectively.
Requirement is to connect the new Cisco 3750 switches in stack & connect
the direct cables from Core switches to new switch as per attached PPT.
PUN_AS09_MOH & PUN_AS10_MOH will take the connectivity from this new
Firewall Reconciliation 20
21. DETAILED ANALYSIS OF INDIVIDUAL
Firewall Reconciliation 21
22. DETAILED ANALYSIS OF INDIVIDUAL
Internetworking involves connecting two or more computer networks via
gateways using a common routing technology. The result is called an
internetwork (often shortened to internet).
The original term for an internetwork was catenet. Internetworking started as
a way to connect disparate types of networking technology, but it became
widespread through the developing need to connect two or more local area
networks via some sort of wide area network.
Firewall Reconciliation 22
23. DETAILED ANALYSIS OF INDIVIDUAL
Firewall Reconciliation 23
24. DETAILED ANALYSIS OF INDIVIDUAL
• Host to switch or hub
• Router to switch or hub
• Switch to switch
• Hub to hub
• Host to host
• Hub to switch
• Router direct to host
Firewall Reconciliation 24
25. DETAILED ANALYSIS OF INDIVIDUAL
ETHERNET CABLING Continued …
• For display
Firewall Reconciliation 25
26. IP ADDRESS CLASSES
Class A addresses begin with 0xxx, or 1 to 126 decimal.
Class B addresses begin with 10xx, or 128 to 191 decimal.
Class C addresses begin with 110x, or 192 to 223 decimal.
Class D addresses begin with 1110, or 224 to 239 decimal.
Class E addresses begin with 1111, or 240 to 254 decimal.
Firewall Reconciliation 26
220.127.116.11 255.255.255.224 host address range 1 to 30
18.104.22.168 255.255.255.224 host address range 33 to 62
22.214.171.124 255.255.255.224 host address range 65 to 94
126.96.36.199 255.255.255.224 host address range 97 to 126
188.8.131.52 255.255.255.224 host address range 129 to 158
184.108.40.206 255.255.255.224 host address range 161 to 190
220.127.116.11 255.255.255.224 host address range 193 to 222
18.104.22.168 255.255.255.224 host address range 225 to 254
Firewall Reconciliation 27
• CCNA By Todd Lamle
• Networking for dummies
• CCENT by Matt Walker
Firewall Reconciliation 28