Tutorial 5: Session 8: Firewalls LABThis session will contribute to the followingILOs:• C: Professional and Practical Skills: • c2: Configure an end-to-end secure and available systems. • c4: Configure user authentication and authorization services using Firewalls.• D: General and Transferable Skills • d1: Communication and team work. • d2: Systems configurations.
Cisco ASA Firewall• In this lab, we will go through the steps necessary to create a Cisco ASA firewall object in Firewall Builder, and then install rules created in Firewall Builder onto the firewall.• Firewall Builder is a GUI application that can be used to configure and manage firewall rules for multiple types of firewalls such as Linux iptables, Cisco ASA and PIX, Cisco router ACL, and HP ProCurve ACL. For Cisco ASA and Cisco PIX firewalls, after the firewall object rules creation Firewall Builder generates a configuration file containing all the Cisco CLI commands required to implement the defined security policy.
Installing Firewall Builder• To access Ubuntu repository of stable Firewall Builder packages, add the following line to the file /etc/apt/sources.list:• deb http://packages.fwbuilder.org/deb/stable/ natty contrib• Next, retrieve the updated package lists by issuing the following command:• sudo apt-get update• Packages in all repositories are signed with GPG key. To add the key on Ubuntu, use the following commands:• wget http://www.fwbuilder.org/PACKAGE-GPG-KEY- fwbuilder.asc• apt-key add PACKAGE-GPG-KEY-fwbuilder.asc• To install Firewall Builder run the following command:• sudo apt-get install fwbuilder
Configuring Cisco ASA• To configure the Cisco ASA firewall using the Firewall Builder as shown in the diagram below, start the Firewall Builder application and choose New Firewall from the menu that appears:
• In the first page of New Firewall wizard, enter a name for the firewall object:• Next, select interface configuration method:
• In the next pages of the wizard, you can create the network objects and define network zones:• After creating the firewall object and network objects you can configure the firewalls rules:
• After configuring the basic firewall rules, we need to define NAT policy:• To convert the rules from the Firewall Builder GUI syntax to the target device commands, click compile icon. To view the output of the compile, click on the button that says Inspect Generated Files.
Installing Cisco ASA configuration• Firewall Builder can install the generated configuration file for you using SSH and SCP.• By default Firewall Builder uses SCP to copy the generated config file to the firewall.
Summary• In this session we discussed the following: • Firewall installations.