1
00:00:00,510 --> 00:00:07,070
Hello and welcome to this lecture in this lecture we start the configuration of the HQ 48 firewall.

2
00:00:07,140 --> 00:00:12,140
So now that we have that apology up we should start the device right.

3
00:00:12,210 --> 00:00:18,960
So you have these this button here start using all notes you should click on it and then all the devices

4
00:00:18,960 --> 00:00:19,610
start.

5
00:00:19,770 --> 00:00:26,070
Indeed the Windows 10 machine you can see it running now but I will minimize it for the moment and concentrate

6
00:00:26,070 --> 00:00:27,170
on the firewall.

7
00:00:27,290 --> 00:00:30,910
So I will say right click and go to the console.

8
00:00:31,170 --> 00:00:35,580
So the putty that put you window starts right now.

9
00:00:35,580 --> 00:00:40,960
I will change the settings and change the periods to appearance too.

10
00:00:40,980 --> 00:00:47,260
Let's say 16 they should increase the font and indeed it is.

11
00:00:47,270 --> 00:00:53,510
And now we are ready to start the configuration so default username and password it is the admin and

12
00:00:53,510 --> 00:00:54,620
nothing for the password.

13
00:00:55,520 --> 00:00:59,640
And we are now ready to start the configuration.

14
00:00:59,820 --> 00:01:01,020
Perfect.

15
00:01:01,080 --> 00:01:09,520
So let's go on and configure for example port number one for these you have to say config sys interface.

16
00:01:09,960 --> 00:01:21,600
I will say edit port one question mark so we can go on and say first of all set and a lot of a lot of

17
00:01:21,660 --> 00:01:24,990
options here but the idea is we have to say said

18
00:01:27,780 --> 00:01:33,800
IP and I will say now 80 that 80 that 80 80 one.

19
00:01:33,810 --> 00:01:38,080
This is a slash 30.

20
00:01:38,110 --> 00:01:39,830
We cannot change dynamic IP.

21
00:01:39,880 --> 00:01:46,900
So for now for this reason we have to change the the mode on port one which by default is dynamic into

22
00:01:46,900 --> 00:01:47,320
steady.

23
00:01:47,710 --> 00:01:50,050
So we will say that mode.

24
00:01:50,050 --> 00:01:50,770
Question mark.

25
00:01:50,890 --> 00:01:54,660
You can see you have the option static the ACP or PPO.

26
00:01:55,000 --> 00:01:57,560
So I will say set mode to static.

27
00:01:57,760 --> 00:02:03,370
Then I will try again to reapply the IP address and we are done now.

28
00:02:03,370 --> 00:02:13,690
I will just say next and I can say now edit port number two for port number two we have set IP 1 and

29
00:02:13,690 --> 00:02:17,750
2 that once say that one that one this is a slash 24.

30
00:02:18,850 --> 00:02:27,460
And again I will say next and edit port number three this is going to be use for management and configure

31
00:02:27,460 --> 00:02:37,420
the IP address that IP 172 that sixteen now sixteen that one again slash 24 because we want to test

32
00:02:37,420 --> 00:02:44,890
the connectivity between the VPC yes the server or the DSP to the Great Firewall we would need to enable

33
00:02:45,490 --> 00:02:48,940
ICMP or ping access on port number two.

34
00:02:48,940 --> 00:02:55,090
So this one here and on port number three because we will access the HQ for the Great Firewall through

35
00:02:55,090 --> 00:03:05,050
HD DP to to to see the good the graphical user interface with also we also enable here as access for

36
00:03:05,200 --> 00:03:12,620
HD DPA G.P.S. and ping so that we can test connectivity between the windows machine and the 40 firewall.

37
00:03:13,360 --> 00:03:31,120
So in port three we will say said allow access ping HDP H2 G.P.S. and next edit for number two for port

38
00:03:31,120 --> 00:03:37,840
number two we are going to say that allow access being for port number one.

39
00:03:37,840 --> 00:03:46,450
We will see in a moment what the what is configured already so show system interface port number one

40
00:03:47,710 --> 00:03:57,910
and we see that we already have being a G.P.S. SSA GDP and uh f g f m so we only need ping because we

41
00:03:57,910 --> 00:04:05,140
want to test connectivity from from the Windows 10 machine but through Internet cloud and we have that

42
00:04:05,140 --> 00:04:05,900
already there.

43
00:04:06,070 --> 00:04:07,840
It's enough.

44
00:04:08,080 --> 00:04:13,150
So now some verification comments show the system interface.

45
00:04:13,150 --> 00:04:19,090
Question Mark and you can see the IP addresses here which is perfect.

46
00:04:19,090 --> 00:04:22,010
And if you want to see the configuration just hit enter.

47
00:04:22,690 --> 00:04:28,260
Now we also need on the fourth to firewall or default route pointing to the default gateway.

48
00:04:28,330 --> 00:04:30,580
I mean to these router to the Internet.

49
00:04:30,580 --> 00:04:39,400
So we will end it right now so that we finish the configuration config rather static.

50
00:04:39,540 --> 00:04:42,320
Now we'll see edit sequence number.

51
00:04:42,340 --> 00:04:45,130
This is number one in the writing table.

52
00:04:45,370 --> 00:04:52,150
And if you now go and say said the question mark you have some options with an asterisks which means

53
00:04:52,150 --> 00:04:54,800
that these are mandatory.

54
00:04:54,940 --> 00:05:04,000
So we will say set destination question mark the slides waiting now an IP so we say 0 0 0 0 which means

55
00:05:04,090 --> 00:05:07,220
anything and the slice 0.

56
00:05:07,240 --> 00:05:12,870
Now set device as you can see here is the gateway out interface or tunnel.

57
00:05:13,450 --> 00:05:19,990
And if I say a question mark I will have to say now which is the interface that will be the default

58
00:05:19,990 --> 00:05:24,640
gate before everything that comes from the line and so on.

59
00:05:24,640 --> 00:05:28,170
And this is port number one.

60
00:05:28,170 --> 00:05:36,070
So the fourth key Pharrell will will will push the packets the package that don't have don't have a

61
00:05:36,070 --> 00:05:39,430
destination in the writing table or an exact match.

62
00:05:39,430 --> 00:05:41,080
So it will use the default route.

63
00:05:41,080 --> 00:05:46,750
We have defined it and the interface is port number one facing outside facing internet.

64
00:05:47,550 --> 00:05:50,390
So let's say set device port 1.

65
00:05:50,710 --> 00:06:04,390
And now I will say and show rather static and enter and we have here uh entry number one with the port

66
00:06:04,420 --> 00:06:13,640
one being as the device the interface that's going to take care of this of these packets also config

67
00:06:13,640 --> 00:06:29,800
system config router steady if I say again Edit 1 and let's say set we also have here gateway so Gateway

68
00:06:29,800 --> 00:06:38,410
IP here is what I'm talking about Gateway IP for this role we can say said Gateway and this is 80 that

69
00:06:38,440 --> 00:06:39,770
80 the 80.

70
00:06:40,280 --> 00:06:43,480
Eighty two and that's it.

71
00:06:44,110 --> 00:06:50,210
So another 40 gauge firewall it's configured ready to ready to for packets from the inside.

72
00:06:50,210 --> 00:06:54,380
Going going through the Internet and and so on.

73
00:06:54,400 --> 00:07:00,330
Yes it's true that we have not configured any net so network address translation on the fourth firewall

74
00:07:00,850 --> 00:07:05,260
but this is not needed in case of the remote access VPN.

75
00:07:05,260 --> 00:07:11,860
So I'm not going to try to access any resource on the Internet from the virtual B.S. from the server

76
00:07:11,890 --> 00:07:14,780
or from the test lan PCI or whatever you call it.

77
00:07:14,920 --> 00:07:21,610
I'm just going to try to access this resource from the Internet from the outside network and it will

78
00:07:21,610 --> 00:07:27,790
be done through remote access VPN meaning that when this is established from the windows 10 machine

79
00:07:28,100 --> 00:07:33,100
I will be able to ping it just like I was I was here in the same LAN.

80
00:07:33,130 --> 00:07:35,380
So this is the scope of the remote access VPN.

81
00:07:36,130 --> 00:07:38,080
So this lecture is done.

82
00:07:38,080 --> 00:07:38,790
Thank you for.

83
00:07:38,800 --> 00:07:39,720
I think for a time.

84
00:07:39,730 --> 00:07:43,750
Join me in the next lecture in order to configure the next device.

85
00:07:43,750 --> 00:07:44,250
Thanks a lot.