1
00:00:00,830 --> 00:00:04,190
Welcome to module to get firewall installation

2
00:00:06,820 --> 00:00:14,950
in this section we're going to run the setup with the in terms of session outcome at the end of the

3
00:00:14,950 --> 00:00:15,960
session.

4
00:00:16,110 --> 00:00:25,220
We would like to have the final configure so that the users on the inside LAN have access to Internet.

5
00:00:25,290 --> 00:00:27,730
And here is how everything should look.

6
00:00:27,780 --> 00:00:28,240
By the

7
00:00:31,680 --> 00:00:32,520
first of all

8
00:00:35,610 --> 00:00:36,390
up to this point.

9
00:00:36,390 --> 00:00:39,600
We have talked about the firewall.

10
00:00:39,810 --> 00:00:41,390
So let's say

11
00:00:45,430 --> 00:00:47,100
this is the fourth thing it's firewall

12
00:00:52,080 --> 00:00:55,860
and we have configure our port one

13
00:00:59,750 --> 00:01:01,020
let's say Internet

14
00:01:04,880 --> 00:01:08,340
port one.

15
00:01:08,500 --> 00:01:14,780
And if you remember we have said that this is 172 dot 27.

16
00:01:14,980 --> 00:01:20,280
Not to that 1 5 5 left 24.

17
00:01:20,760 --> 00:01:21,880
Good.

18
00:01:22,450 --> 00:01:29,330
Now at this point we would like to provide Internet access to home users to the land.

19
00:01:29,590 --> 00:01:42,220
Let's say that this is our PC so that's PC and this is connecting to the firewall on port to this is

20
00:01:42,450 --> 00:01:48,100
Port to.

21
00:01:48,320 --> 00:01:53,340
Now on this on this side of the connection we are going to set up a basically service.

22
00:01:53,360 --> 00:02:01,730
So the 40 games we provide IP addresses to the terminals and we will have a range let's say 1 9 2 1

23
00:02:01,730 --> 00:02:06,760
6 say Dot 1 0 flesh 24.

24
00:02:07,400 --> 00:02:16,760
And for example the fourth game would be that one and ABC would be up 100 after successfully configuring

25
00:02:16,760 --> 00:02:24,470
the firewall as basically server to serve the the dispute was that will come from the line on the line

26
00:02:24,470 --> 00:02:25,770
segment.

27
00:02:26,080 --> 00:02:28,120
We will just test everything.

28
00:02:28,120 --> 00:02:36,110
So do not just configure a network engineer I pre-professional have to go through two or three phase.

29
00:02:36,110 --> 00:02:41,950
First of all yes we have to configure to configure the network in the way that we need.

30
00:02:41,960 --> 00:02:50,320
Second is to verify and this is also very important we have to verify that our configuration is in place

31
00:02:50,440 --> 00:02:58,060
that all all the configurations that we have gone through have been implemented and last if everything

32
00:02:58,060 --> 00:03:03,170
is not going necessarily And it's a must we have to troubleshoot.

33
00:03:03,610 --> 00:03:12,620
So at the end we all have said Birol already has a connection but I have tested it and we'll just set

34
00:03:12,620 --> 00:03:20,920
up the server to serve the PCs that are left out in the last the last second and we will just be on

35
00:03:20,930 --> 00:03:21,550
the Internet.

36
00:03:21,550 --> 00:03:23,240
Let's say we go through.

37
00:03:23,310 --> 00:03:30,430
We go to the DNS The is like we did for the for for the fourth days of 8 8 8 8.

38
00:03:30,920 --> 00:03:34,790
And why not just try and HGT p.s..

39
00:03:35,150 --> 00:03:39,090
So something like doubled up Dubreuil something we'll see.

40
00:03:39,500 --> 00:03:42,690
So this is what we are going to configure now.

41
00:03:43,010 --> 00:03:44,000
Everything is set up.

42
00:03:44,000 --> 00:03:49,310
Now we have a brief understanding on what I'm going to figure and what the outcome.

43
00:03:49,490 --> 00:03:50,640
So let's get started.

44
00:03:52,880 --> 00:03:56,320
So first we're going to log in the admin interface.

45
00:03:56,610 --> 00:04:04,660
Remember we have admin and no password so here here's how the web interface is going to scratch a user

46
00:04:04,660 --> 00:04:06,090
interface looks like.

47
00:04:06,340 --> 00:04:14,770
And as a first step we are going to run during the run to set up the right top corner we have every

48
00:04:15,190 --> 00:04:17,170
system and set up with

49
00:04:21,550 --> 00:04:24,380
first of all maybe we just want to set up a password.

50
00:04:24,400 --> 00:04:30,680
So we have a default in Aveeno baffle with this list set up fast for us and all passwords.

51
00:04:30,700 --> 00:04:32,160
Nothing is small.

52
00:04:32,380 --> 00:04:38,960
And for a new password we'll just say admin so he knows the name and admin password.

53
00:04:40,380 --> 00:04:44,230
Next reporting is to select the time.

54
00:04:44,230 --> 00:04:46,180
So now why is that.

55
00:04:46,670 --> 00:04:49,010
Something happens at the moment in time.

56
00:04:49,040 --> 00:04:52,040
Some are some issues of course in the network.

57
00:04:52,160 --> 00:04:57,710
You have to have correct timestamps in the log events so that you can correlate.

58
00:04:57,710 --> 00:05:05,060
You can see if let's say an interface went down on the on the on the fourth grade and maybe going to

59
00:05:05,060 --> 00:05:08,500
correlate with some other event that took place in the network.

60
00:05:08,540 --> 00:05:15,020
If you don't have a proper time zone sets on NTPC server Knittle time portable server that will serve

61
00:05:15,110 --> 00:05:22,670
the firewall with the correct time zone and timestamped you will not be able to correlate the events

62
00:05:22,700 --> 00:05:26,750
and figure out what has really happened is with them.

63
00:05:26,780 --> 00:05:35,910
I'm going to set up now the the the time as I'm based in depressed Romania I would just say GMT plus

64
00:05:35,910 --> 00:05:37,110
2 for us.

65
00:05:37,170 --> 00:05:43,070
So next this is what we have currently configured on our interfaces.

66
00:05:43,260 --> 00:05:52,920
We have one static IP addresses flash 24 port so facing downwards down to the internet to talk to the

67
00:05:52,920 --> 00:05:53,930
internal network.

68
00:05:53,940 --> 00:06:01,200
So these IP address and these will be presented with the full case they fall into an alliance which

69
00:06:01,200 --> 00:06:07,000
is that the first five years with the Packers will traverse combing the Internet wanting to once we

70
00:06:07,020 --> 00:06:09,790
say that one of what the rest of the board.

71
00:06:09,810 --> 00:06:14,790
We don't need them for this for this moment we'll just skip it.

72
00:06:14,850 --> 00:06:21,670
Now very important we have to set up with DHP server has said so that all internal clients are providing

73
00:06:21,750 --> 00:06:23,160
an IP address.

74
00:06:23,400 --> 00:06:26,480
And this is done exactly like this.

75
00:06:26,480 --> 00:06:34,440
You click on the port of Port that is again facing the last segment enabled the service

76
00:06:36,900 --> 00:06:38,350
and scroll.

77
00:06:38,490 --> 00:06:45,210
So let's let's put a thought an IP address as in the diagram depicted just a few moments ago we said

78
00:06:45,210 --> 00:06:48,420
that it's going to be one line or two that won't succeed.

79
00:06:48,470 --> 00:06:49,800
So that's one.

80
00:06:49,890 --> 00:07:01,450
One hundred and let's have a 10 IP address range so one to not want to say that one loved one and not

81
00:07:01,450 --> 00:07:07,360
one 10 and now we just hit next.

82
00:07:07,370 --> 00:07:11,810
So this is just a summary of the configuration as in past it has been modified.

83
00:07:11,810 --> 00:07:14,830
Time Zone has been also set up.

84
00:07:14,870 --> 00:07:22,790
Part one is the same for two it's configured like one loved one and we have also configured to configure

85
00:07:23,220 --> 00:07:25,000
the service on it.

86
00:07:25,340 --> 00:07:27,170
So we just now configure

87
00:07:31,390 --> 00:07:34,860
and we have just been locked out of the session let's see now.

88
00:07:34,870 --> 00:07:37,840
Getting at me and I mean would provide us access

89
00:07:44,340 --> 00:07:47,690
and just now have logged in again for good.

90
00:07:47,760 --> 00:07:52,630
I'm 64 for cambium image and let's see how it looks.

91
00:07:53,130 --> 00:07:54,950
Configuration good

92
00:07:57,880 --> 00:08:02,380
network interfaces and the way you are configuring this one

93
00:08:06,490 --> 00:08:08,310
DCP class one.

94
00:08:08,500 --> 00:08:09,720
So this looks fine.

95
00:08:09,730 --> 00:08:17,680
It means that our our PC or our computer has requested and received the IP address from from this list

96
00:08:17,710 --> 00:08:18,590
firewall.

97
00:08:18,700 --> 00:08:28,240
So let's see if this is true and whether the configuration that we have received said I have to.

98
00:08:28,570 --> 00:08:32,420
To Lance so to nix Network Interface Cards.

99
00:08:32,770 --> 00:08:40,420
This is the order the management is for accessing remotely the PC and this one line interface is the

100
00:08:40,420 --> 00:08:42,260
one that has requested or not.

101
00:08:42,320 --> 00:08:47,560
See in a jiffy if if it has IP connectivity.

102
00:08:47,620 --> 00:08:49,720
So let's hit an IP config.

103
00:08:51,330 --> 00:08:55,500
And yes we have the first idea that was available in the range.

104
00:08:55,570 --> 00:09:00,820
One up to say that one hundred and the default gateway is obviously the good

105
00:09:03,720 --> 00:09:04,960
in connectivity no

106
00:09:09,810 --> 00:09:11,730
OK we have connectivity.

107
00:09:12,190 --> 00:09:16,890
It's also if we have connectivity to the Internet.

108
00:09:17,930 --> 00:09:25,600
And no we don't have any connectivity either IP or with DNS included.

109
00:09:26,330 --> 00:09:28,790
It's obviously that he's not going to work.

110
00:09:29,120 --> 00:09:30,420
So why is this happening.

111
00:09:30,440 --> 00:09:38,030
We have to realize what we have configured up to this point and have a correct understanding of what's

112
00:09:38,030 --> 00:09:46,220
happening and why do we we don't have connectivity connectivity yet that's white board the white board.

113
00:09:46,420 --> 00:09:50,610
Our current situation and see what's what's happening and why it's not.

114
00:09:50,670 --> 00:09:52,250
It's not currently working.

115
00:09:52,570 --> 00:10:00,250
So yes we have the firewall we have the Portuguese firewall we have the PC we have connectivity between

116
00:10:00,250 --> 00:10:02,390
the PC and the firewall.

117
00:10:02,400 --> 00:10:07,590
Now we also see that we have connectivity between firewall and the Internet.

118
00:10:08,230 --> 00:10:11,140
So we have connectivity from this point to this point.

119
00:10:11,200 --> 00:10:15,660
But 23:3 Internet is not is not happening now.

120
00:10:16,000 --> 00:10:20,780
Please take a moment to wonder and question yourself why is this not happening.

121
00:10:21,130 --> 00:10:25,360
How should this happen and what should be else configured on the firewall.

122
00:10:25,390 --> 00:10:30,100
Because this is the problem now actually is not a problem it's not sure what's happening but we have

123
00:10:30,100 --> 00:10:36,730
to figure out step by step basis to understand more and what's happening and what should be done in

124
00:10:36,730 --> 00:10:42,230
a proper way in a natural way so that things happen from the first the first place.

125
00:10:42,310 --> 00:10:48,000
So the packet is is traversing the firewall to get to the Internet.

126
00:10:48,060 --> 00:10:51,130
Start with the source IP of 1 and 2.

127
00:10:51,240 --> 00:10:57,900
Once you say 1 to 100 and destination 8 8 8 8.

128
00:10:58,080 --> 00:10:58,850
OK.

129
00:10:59,840 --> 00:11:05,730
From the PC point of view it has connectivity to say so too.

130
00:11:06,190 --> 00:11:06,560
Why.

131
00:11:06,560 --> 00:11:13,230
Because the firewall is the default gateway so it will send all its packets to the firewall in the area

132
00:11:13,250 --> 00:11:16,680
that the firewall would just know what to do with it.

133
00:11:16,890 --> 00:11:27,530
On the other side the DNS server that we're pinging doesn't have any clue on one on where to send on

134
00:11:27,530 --> 00:11:29,060
where to send the traffic.

135
00:11:29,420 --> 00:11:31,930
And this is the reason it's not happening.

136
00:11:31,940 --> 00:11:41,510
The firewall should not the IP address from the internal one name to the external 170 170 to 27.

137
00:11:41,510 --> 00:11:44,000
Up to that one five.

138
00:11:44,450 --> 00:11:47,450
And this is not that this has not been configured on the fire.

139
00:11:47,710 --> 00:11:55,610
So our next natural step is to configure the firewall the firewall so that it will provide services

140
00:11:55,670 --> 00:12:02,960
network address translation for the whole hour or the whole one to one seek sale.

141
00:12:03,140 --> 00:12:08,270
What does use last 24 to do than that of this summit.

142
00:12:08,410 --> 00:12:15,530
Two is external IP address that's already already has connectivity we have seen this happen.

143
00:12:15,610 --> 00:12:18,640
We will login again with admin and I mean this time

144
00:12:22,270 --> 00:12:30,050
and the menu that we have to go its policy and objects we have to create an IP for policy

145
00:12:32,900 --> 00:12:36,490
currently would have one so in place in one thats one.

146
00:12:36,610 --> 00:12:43,970
Its implicit denied for all sources to all these nations always for all services are denied.

147
00:12:44,480 --> 00:12:47,560
But now and we see that a lot is this.

148
00:12:47,600 --> 00:12:59,960
Now we have to add a new one so create new Let's call it Nides all capitals.

149
00:13:00,170 --> 00:13:05,490
That internal letter.

150
00:13:05,530 --> 00:13:07,330
So where is this traffic coming from.

151
00:13:07,430 --> 00:13:10,970
So with in-coming interface it's port too.

152
00:13:11,340 --> 00:13:17,980
We see the IP address when I want to say one that want the outgoing interface will be part one.

153
00:13:18,320 --> 00:13:24,520
It's the WAN interface the wide area network interface for both forces are we going to provide this

154
00:13:24,620 --> 00:13:30,380
net translation we will select all four traffic going to destinations.

155
00:13:30,470 --> 00:13:37,000
So this will be also all so any traffic from any sort of any destination aren't going to allow this

156
00:13:37,000 --> 00:13:39,560
to happen any in any moment every time.

157
00:13:39,560 --> 00:13:40,580
Like always.

158
00:13:40,850 --> 00:13:43,960
Are we going to define a schedule at this moment.

159
00:13:43,970 --> 00:13:50,840
We'll just hit always and the action for this traffic comes from this port going to port from any source

160
00:13:50,840 --> 00:13:53,050
to any destination always.

161
00:13:53,520 --> 00:13:57,340
It's except now referring to this menu.

162
00:13:57,510 --> 00:14:00,630
So this line of figuration are people on Decoration.

163
00:14:00,830 --> 00:14:08,700
We can get the packets not the source IP to the outgoing interface a key address of the of the front

164
00:14:08,720 --> 00:14:09,370
gate.

165
00:14:09,500 --> 00:14:17,270
And this will be one or we can configure a dynamic pool and choose a different a different value different

166
00:14:17,270 --> 00:14:19,200
IP address for this.

167
00:14:19,240 --> 00:14:25,420
It's not necessary we'll use let's say that easier use your progression we are going to face.

168
00:14:25,430 --> 00:14:27,330
We already have available.

169
00:14:27,440 --> 00:14:36,530
It's part one and this at this moment we can write a comment here just that we we can document or configuration

170
00:14:36,530 --> 00:14:37,160
step by step.

171
00:14:37,160 --> 00:14:44,430
So I don't know month month later we can see that at this moment in time this configuration has redone.

172
00:14:44,450 --> 00:15:00,840
So let's say configure that service for LAN segment enable this policy is very important and Wickett.

173
00:15:00,860 --> 00:15:01,540
OK.

174
00:15:04,150 --> 00:15:06,170
We forgot to select service.

175
00:15:06,250 --> 00:15:12,070
So anyway the service will be all we want to do this for any any traffic that will be accessed by my

176
00:15:12,120 --> 00:15:13,860
internal land and now.

177
00:15:13,910 --> 00:15:15,750
OK.

178
00:15:15,750 --> 00:15:25,720
So we have from port to port 1 this is an internal land policy or source or this nation always for any

179
00:15:25,720 --> 00:15:26,320
traffic.

180
00:15:26,320 --> 00:15:29,750
The action is to accept and it's enabling.

181
00:15:29,800 --> 00:15:36,400
At this point we will have to go to to the PC again and connectivity from an ICMP perspective and also

182
00:15:36,400 --> 00:15:37,930
from an application perspective.

183
00:15:37,990 --> 00:15:44,280
And this will be a happy traffic to to any site.

184
00:15:44,470 --> 00:15:49,930
So we are on the PC and our let's say being able 8.

185
00:15:50,110 --> 00:16:04,590
Now it's OK it's functional and let's say being dandy but come yes it's functional Let's hit browser

186
00:16:07,310 --> 00:16:09,530
and then we come

187
00:16:12,670 --> 00:16:13,340
yes.

188
00:16:13,360 --> 00:16:18,230
Now we see that we have full connectivity from the PC perspective as well.