1
00:00:00,540 --> 00:00:05,090
In this section we're going to talk about that rock more transparent.

2
00:00:05,600 --> 00:00:12,320
Specifically we're going to understand what are the differences between the two and why we why should

3
00:00:12,320 --> 00:00:18,170
we even care about whereas if necessary to implement this kind of configuration.

4
00:00:18,290 --> 00:00:20,000
And of course how we do it.

5
00:00:20,420 --> 00:00:26,210
So the whole thing is far more exposed between the internal network and existing robo Farmall.

6
00:00:26,300 --> 00:00:33,340
This would be the transplantable if we refer to our previous diagrams.

7
00:00:33,730 --> 00:00:35,560
Let's take a look at this one.

8
00:00:35,980 --> 00:00:42,960
So in this case we said that the form gets things between the internal network and the Internet Internet

9
00:00:42,970 --> 00:00:44,640
boundary on the right.

10
00:00:44,890 --> 00:00:49,040
Well let's say that at this point this is no longer Watergate.

11
00:00:49,480 --> 00:00:58,780
It's not a good Pharo Let's say I don't know if it's a Cisco or or GENEVER

12
00:01:01,080 --> 00:01:05,510
checkpointing or I don't know what all

13
00:01:08,180 --> 00:01:17,190
of the networks let's suppose that we're not sure or we are unsure about whether the connection the

14
00:01:17,220 --> 00:01:22,450
connectivity is secure and we want to add an extra layer of security.

15
00:01:22,650 --> 00:01:26,250
Well this is the place where we will install the We get fire.

16
00:01:26,490 --> 00:01:34,050
So it will be transferable meaning it will not modify any IP address and details in our network but

17
00:01:34,050 --> 00:01:42,210
we will just put it like in the middle and connected to our existing Raro firewall and connecting it

18
00:01:42,390 --> 00:01:44,060
to our last second.

19
00:01:44,490 --> 00:01:52,080
Let's switch now our talk sleights.

20
00:01:52,100 --> 00:01:57,610
So as I said no changes like addressing scheme on applies security standing.

21
00:01:57,650 --> 00:02:05,090
Which is basically the reason that transfer mode or that promote exists and the battle changes require

22
00:02:05,340 --> 00:02:10,610
its just needed to provide the management of Gilbreth so that it's accessible to any configuration when

23
00:02:10,610 --> 00:02:11,540
you manage it.

24
00:02:11,570 --> 00:02:18,860
And when you analyze the security and the security and when you analyze the security events that may

25
00:02:18,860 --> 00:02:26,340
or may not have have taken place.

26
00:02:26,530 --> 00:02:31,400
So the first thing is to change for the new operator.

27
00:02:31,570 --> 00:02:38,290
We have a couple of comments systems that think self-appraisal Motor Transport said manager or the management

28
00:02:38,290 --> 00:02:40,730
might be a gateway.

29
00:02:40,760 --> 00:02:44,660
Where does the traffic lead to.

30
00:02:44,680 --> 00:02:50,890
It will come from the Terminator but it has to you have to specify where it's going next.

31
00:02:51,110 --> 00:02:57,610
Optional you have to go through your DNS servers first that configure policy all traffic from the terminal

32
00:02:57,610 --> 00:03:05,060
and for each member that this is what we have done when we configure the the source that we have said

33
00:03:05,060 --> 00:03:10,980
that all the back is coming from but inside it will be not to the IP address or the outside interface.

34
00:03:11,140 --> 00:03:13,450
This is similar to what we have done already.

35
00:03:16,030 --> 00:03:21,470
And obviously that's shut down and either fall for the good firewall in the network.

36
00:03:21,820 --> 00:03:27,660
And very important analyze results best dashboard as we have seen in the 40 of you all session and select

37
00:03:27,670 --> 00:03:33,880
the now option in the graphical user interface for another 40.

38
00:03:33,880 --> 00:03:36,820
Now I have deployed a new one.

39
00:03:36,870 --> 00:03:41,240
It's not 1 5 6 Solas logic as is brand new.

40
00:03:41,270 --> 00:03:43,370
You have only user name and password

41
00:03:50,640 --> 00:03:51,530
up to this point.

42
00:03:51,540 --> 00:03:57,660
We have discussed only about the GUI graphical user interface whether you like it or not there will

43
00:03:57,660 --> 00:04:02,270
be bombs where you will have to switch to see a light command line interface.

44
00:04:02,430 --> 00:04:03,540
More advanced.

45
00:04:03,690 --> 00:04:11,490
It's less error prone and if you want to use the software for this like kernel security or your party

46
00:04:11,520 --> 00:04:18,280
or others it's fine but if you want to use the line directly from the GUI This is the place.

47
00:04:18,410 --> 00:04:19,910
It's in the top right corner.

48
00:04:19,920 --> 00:04:23,970
Just click on it and the like cancel it up and run.

49
00:04:26,600 --> 00:04:31,720
So first thing first step one is a change for the good operating mode.

50
00:04:32,030 --> 00:04:40,050
You can see that on the left it says that it's running in the flow base is running in robot mode.

51
00:04:40,130 --> 00:04:41,810
We'll just change that.

52
00:04:41,870 --> 00:04:43,010
So config

53
00:04:45,500 --> 00:04:49,340
config system settings

54
00:04:52,010 --> 00:04:57,380
now set operation load question.

55
00:04:57,440 --> 00:04:59,750
We have to Nat and transfer.

56
00:04:59,750 --> 00:05:02,350
So we'll just go for transparent

57
00:05:05,360 --> 00:05:06,030
of the work

58
00:05:09,100 --> 00:05:20,090
of the lab we have to set the management IP address so set man JP We just pull the same idea as if I

59
00:05:20,090 --> 00:05:24,650
have no.

60
00:05:24,740 --> 00:05:26,620
So I need something to grasp

61
00:05:30,590 --> 00:05:33,350
also the gateway for the packets going to

62
00:05:44,010 --> 00:05:44,740
capitalism.

63
00:05:44,960 --> 00:05:52,170
So again set gateway 1 7 1

64
00:05:55,060 --> 00:05:55,390
and

65
00:06:01,500 --> 00:06:05,430
we have lost connectivity.

66
00:06:05,500 --> 00:06:14,270
Now the phone is reconfiguring itself and will wait until it's finished and get back.

67
00:06:14,290 --> 00:06:18,670
All right so we are back now 48 has voted.

68
00:06:18,760 --> 00:06:19,870
And look at this.

69
00:06:19,870 --> 00:06:22,290
Now it's almost transparent.

70
00:06:23,130 --> 00:06:33,970
As a post-war first 48 we have configured in round mobile it's not flow base and this one we can see

71
00:06:34,060 --> 00:06:35,390
it's transparent.

72
00:06:35,650 --> 00:06:38,020
So the migration has been unsuccessful.

73
00:06:38,170 --> 00:06:45,100
That's the second step will be to configure DNS servers so go to network DNS and whether to accept the

74
00:06:45,100 --> 00:06:48,060
fully got service by default or you want to specify your role.

75
00:06:48,070 --> 00:06:49,810
It's a wrong decision.

76
00:06:49,850 --> 00:06:51,320
Next it's the configure.

77
00:06:51,340 --> 00:06:56,340
The next step is to configure the policy toward traffic from internal to the interim.

78
00:06:56,500 --> 00:07:03,680
And if I've done this in the previous sections it's on policy and objects been for policy by default.

79
00:07:03,700 --> 00:07:11,740
Yes we have found here implicit deny policy we want to create when you create new configure the new

80
00:07:11,750 --> 00:07:22,640
policies a new policy in common interface Port-Au or one is the one that we have here as the one I mean

81
00:07:22,790 --> 00:07:33,040
towards the existing firewall in the architecture and it's more general just to see how it's done on

82
00:07:33,040 --> 00:07:42,610
the fast side service all except whether to activate the security profiles and DeWyze were filtering

83
00:07:42,610 --> 00:07:47,160
DNS application control and IPs as a best practice.

84
00:07:47,190 --> 00:07:53,140
It's it will not hurt you to to activate the logging longing a lot of traffic.

85
00:07:53,200 --> 00:07:56,030
Why not all sessions see what's happening there.

86
00:07:56,110 --> 00:08:01,470
Generally logs when sessions starts I would say this is also a good recommendation.

87
00:08:01,480 --> 00:08:07,820
Capture packets maybe want to activate or to enable when things are not going right.

88
00:08:07,810 --> 00:08:09,820
So hit OK and we are finished.

89
00:08:09,820 --> 00:08:13,280
Also the fourth Foerster

90
00:08:16,760 --> 00:08:24,740
now is the time for shutdown you'd shut down your you're 48 and sort it into the network and in the

91
00:08:24,740 --> 00:08:31,970
end of everything it's put it up for you to go to work for you and all sessions

92
00:08:34,820 --> 00:08:35,840
now.

93
00:08:36,590 --> 00:08:42,290
And this is the place where all this is done with would populate the table and you could analyze to

94
00:08:42,310 --> 00:08:46,600
see how things are working whether traffic is passing by or not.

95
00:08:46,600 --> 00:08:49,150
And if it's conforming to your configure policy.