Basic Firewall Configuration in Cisco Packet Tracer Prerequisite: Firewall A firewall is a hardware or software network security device that monitors all incoming and outgoing traffic based on a defined set of security rules, it accepts, rejects, or drops that specific traffic. Accept: Allow traffic. Reject: Block traffic but respond with “reachable error”. Drop: Block unanswered traffic firewall establishes a barrier between secure internal networks and untrusted external networks, such as the Internet. Steps to Configure and Verify Firewall in Cisco Packet Tracer: Step 1: First, open the Cisco packet tracer desktop and select the devices given below: S.NO Device Model Name Quantity 1. PC PC 3 2. server PT-Server 1 3. switch PT-Switch 1 IP Addressing Table: S.NO Device IPv4 Address Subnet Mask 1. Server 1.0.0.1 255.0.0.0 2. PC0 1.0.0.2 255.0.0.0 3. PC1 1.0.0.3 255.0.0.0 4. PC2 1.0.0.4 255.0.0.0 Then, create a network topology as shown below the image. Use an Automatic connecting cable to connect the devices with others. Step 2: Configure the PCs (hosts) and server with IPv4 address and Subnet Mask according to the IP addressing table given above. To assign an IP address in PC0, click on PC0. Then, go to desktop and then IP configuration and there you will IPv4 configuration. Fill IPv4 address and subnet mask. Repeat the same procedure with the server Assigning an IP address using the ipconfig command, or we can also assign an IP address with the help of a command. Go to the command terminal of the PC. Then, type iPConfig <IPv4 address><subnet mask><default gateway>(if needed) Example: ipconfig 1.0.0.2 255.0.0.0 Repeat the same procedure with other PCs to configure them thoroughly. Step 3: Configuring the firewall in a server and blocking packets and allowing web browser. Click on server0 then go to the desktop. Then click on firewall IPv4. Turn on the services. First, Deny the ICMP protocol and set remote IP to 0.0.0.0 and Remote wildcard mask to 255.255.255.255. Then, allow the IP protocol and set remote IP to 0.0.0.0 and Remote wildcard mask to 255.255.255.255. And add them. Step 4: Verifying the network by pinging the IP address of any PC. We will use the ping command to do so. First, click on PC2 then Go to the command prompt. Then type ping <IP address of targeted node>. We will ping the IP address of the server0. As we can see in the below image we are getting no replies which means the packets are blocked. Check the web browser by entering the IP address in the URL. Click on PC2 and go to desktop then web browser. Packet Tracer – Configure Firewall Settings Topology: Objectives Configure MAC Filtering on a wireless router. Configure DMZ on a wireless router. Configure Single Port Forwarding on a wireless router. Introduction In this activity, you will configure a wireless router to: Rely on MAC filtering to increase security Allow access to a server in the DMZ Disable the DMZ and configure support for Single Port Forwarding Instructions Step 1: Connect to the wireless router. a. Connect to the wireless router configuration web page at 192.168.0.1 from PC0. b. Use admin for both the user name and password. c. Navigate to wireless settings to determine the SSID and passphrase for connection to WRS1. Record the SSID and passphrase below. Questions: SSID: aCompany Passphrase: aCompWiFi Step 2: Configure laptop as wireless client. a. Connect Laptop0 to the WRS1 wireless network using the security settings configured on the wireless router. Click Desktop > PC Wireless. Select Connect tab. Press Refresh. Select the desired SSID and click Connect. Provide the passphrase and select Connect. b. Close the PC Wireless window and click Command Prompt. c. At the prompt, enter ipconfig /all and record the IP and MAC addresses of Laptop0 below. Questions: Laptop0 IP Address: Laptop0 IP address range: 192.168.0.100 – 149 MAC address: MAC address: 00:01:97:94:EB:38 d. Repeat the above steps to connect Laptop1 to WRS1. Step 3: Configure WRS1 to support MAC filtering. a. On PC0, go to the wireless router’s configuration page at 192.168.0.1. b. Navigate to Wireless > Wireless MAC Filter. c. Select Enabled and Permit PCs listed below to access wireless network. d. Type in the MAC address for Laptop0 in the MAC 01: field. Notice the MAC address must be in the XX:XX:XX:XX:XX:XX format. Click Save Settings. e. To verify connectivity, open a command prompt. Issue the ping command to the default gateway to 192.168.0.1 from Laptop0 and Laptop1. C:\> ping 192.168.0.1 Question: Were both laptop able to connect to the WRS1 network? Why are you unable to associate with the access point? Because Laptop0’s MAC address is the only one specified, Laptop0 is the only wireless device currently capable of associating to WRS1. Step 4: Test connectivity through the Telco Cloud. a. Open a Command Prompt on Laptop0. b. In Laptop0, test connectivity to Remote PC by issuing the ping 209.165.201.29 command. The first few pings may fail while the network converges. Issue the command again if you did not get successful replies. c. Open Remote PC and then browse to the address of the internal web page hosted at Server0, which is www.acompany.com. A Request Timeout message should display. A webpage requests from Remote PC to Server0 is not successful because WRS1 does not know which internal device should receive it. Port forwarding must be configured on WRS1. Step 5: Configure DMZ. A demilitarized zone (DMZ) is where a portion of the company network is exposed to an untrusted external network, such as the internet. a. On PC0, reconnect to the wireless router’s configuration page. b. Navigate to Application & Gaming > DMZ. c. Click Enabled. d. In the Destination: field, enter 20 for the IP address 192.168.0.20. e. Scroll to the bottom and save the settings. f. Browse to www.acompany.com from Remote PC. You should now see the web page hosted by Server0. g. After you have verified that you were able to reach the webpage, disable DMZ and save the settings. Step 6: Configure WRS1 to forward a single port to Server0. Depending on the router model, the open ports of a server in the DMZ can be exposed to an untrusted external network. To limit the number of exposed ports, single port forwarding can be configured on the router. a. On PC0, reconnect to the wireless router’s configuration page. Navigate to Application & Gaming > Single Port Forwarding. b. On the left-hand menu, choose HTTP from the first drop-down box. Change the To IP Address to match Server0’s IP address, 192.168.0.20. Also, check the Enabled checkbox at the end of the row. c. Scroll to the bottom of the window and click Save Settings. d. You should now be able to reach the webpage hosted on Server0. Browse to www.acompany.com on Remote PC. You should now see the web page hosted by Server0. Download Packet Tracer (.pka) file: Packet Tracer - Configure Firewall Settings.pka