1. 4/24/2020 Print content
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 1/60
SEC-321 Network Security Testing
Week 6 - Network Security - Firewalls
Introduction
Configuring NAT Firewall
Configuring Port Forwarding
Summary
Introduction
The Network Security – Firewalls module provides you with the instruction and computer hardware to develop
your hands on skills in the defined topics. This module includes the following exercises:
1) Configuring NAT Firewall
2) Configuring Port Forwarding
Lab Diagram
During your session you will have access to the following lab configuration.
2. 4/24/2020 Print content
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 2/60
Connecting to your lab
In this module you will be working on the following equipment to carry out the steps defined in each exercise.
SERVER (Domain Controller)
CLIENT (Workstation)
GATEWAY (Server)
ROUTER
LAMP (Web Server)
Each exercise will detail which console you are required to work on to carry out the steps.
4. 4/24/2020 Print content
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 4/60
Exercise 1 - Configuring NAT Firewall
In this exercise, you will configure a device so that it performs Network Address Translation for an internal client to an
external destination.
Please refer to your course material or use your preferred search engine to research this topic in more detail.
Task 1: Install and Configure Routing and Remote Access
Step 1
Ensure you have powered on the required devices defined in the introduction. Connect to GATEWAY device.
Right-click on Roles and choose Add Roles.
34. 4/24/2020 Print content
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 34/60
Step 31
Switch back to GATEWAY device. Restore putty window to LAMP.
When you see a record in the netstat output, press Ctrl+C to halt (if necessary, you can scroll up or down using
Shift+PgUp and Shift+PgDown).
Note the foreign address. The IP address is that of GATEWAY Internet interface (10.0.0.2) and the port is
approximately somewhere in the 60K range.
36. 4/24/2020 Print content
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 36/60
This type of NAT is more properly described as "Port Address Translation" or "Network Address Port Translation"
because each local address is mapped to a single public IP address using ephemeral TCP ports. If you had lots of client
machines on your network they could all connect using the one router machine. It is also possible to set up 1:1 NAT or
dynamic NAT using the RRAS tool however.
Minimize Server Manager.
Leave all devices powered on in their current state and proceed to the next exercise.
37. 4/24/2020 Print content
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 37/60
Exercise 2 - Configuring Port Forwarding
In this exercise, you will set up NAT to configure port forwarding.
Please refer to your course material or use your preferred search engine to research this topic in more detail.
Task 1: Setting up Port Forwarding
Step 1
Connect to SERVER device and open Server Manager, select Features, then click the Add Features link.
57. 4/24/2020 Print content
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 57/60
Step 20
Go back to Routing and Remote Access. In the NAT folder, right-click the Internet interface and select Show
Mappings.
Note: You may need to press F5 to refresh the settings.
If the Show mappings display zero value, go back to CLIENT device and refresh the DVWA web page by pressing
F5, then retry this Step 20.