1PalGov © 2011

أكاديمية الحكومة اإللكترونية الفلسطينية

The Palestinian eGovernment Academy

www.egovacademy.ps

Security Tutorial

Session 8

LAB

2PalGov © 2011

About

This tutorial is part of the PalGov project, funded by the TEMPUS IV program of the

Commission of the European Communities, grant agreement 511159-TEMPUS-1-

2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps

University of Trento, Italy

University of Namur, Belgium

Vrije Universiteit Brussel, Belgium

TrueTrust, UK

Birzeit University, Palestine

(Coordinator )

Palestine Polytechnic University, Palestine

Palestine Technical University, PalestineUniversité de Savoie, France

Ministry of Local Government, Palestine

Ministry of Telecom and IT, Palestine

Ministry of Interior, Palestine

Project Consortium:

Coordinator:

Dr. Mustafa Jarrar

Birzeit University, P.O.Box 14- Birzeit, Palestine

Telfax:+972 2 2982935 mjarrar@birzeit.edu

3PalGov © 2011

© Copyright Notes

Everyone is encouraged to use this material, or part of it, but should properly

cite the project (logo and website), and the author of that part.

No part of this tutorial may be reproduced or modified in any form or by any

means, without prior written permission from the project, who have the full

copyrights on the material.

Attribution-NonCommercial-ShareAlike

CC-BY-NC-SA

This license lets others remix, tweak, and build upon your work non-

commercially, as long as they credit you and license their new creations

under the identical terms.

Tutorial 5:

Information Security

Session 8: Firewalls Lab

Session 8 Outline:•Firewall installations.

Tutorial 5:

Session 8: Firewalls LAB

This session will contribute to the following

ILOs:

• C: Professional and Practical Skills:• c2: Configure an end-to-end secure and available systems.

• c4: Configure user authentication and authorization services using

Firewalls.

• D: General and Transferable Skills• d1: Communication and team work.

• d2: Systems configurations.

Cisco ASA Firewall

• In this lab, we will go through the steps necessary to

create a Cisco ASA firewall object in Firewall

Builder, and then install rules created in Firewall

Builder onto the firewall.

• Firewall Builder is a GUI application that can be

used to configure and manage firewall rules for

multiple types of firewalls such as Linux iptables,

Cisco ASA and PIX, Cisco router ACL, and HP

ProCurve ACL. For Cisco ASA and Cisco PIX

firewalls, after the firewall object rules creation

Firewall Builder generates a configuration file

containing all the Cisco CLI commands required to

implement the defined security policy.

Configuring ASA Firewall with Firewall

Builder

Installing Firewall Builder

• To access Ubuntu repository of stable Firewall Builder packages, add the following line to the file /etc/apt/sources.list:

• deb http://packages.fwbuilder.org/deb/stable/ natty contrib

• Next, retrieve the updated package lists by issuing the following command:

• sudo apt-get update

• Packages in all repositories are signed with GPG key. To add the key on Ubuntu, use the following commands:

• wget http://www.fwbuilder.org/PACKAGE-GPG-KEY-fwbuilder.asc

• apt-key add PACKAGE-GPG-KEY-fwbuilder.asc

• To install Firewall Builder run the following command:• sudo apt-get install fwbuilder

Configuring Cisco ASA

• To configure the Cisco ASA firewall using the Firewall Builder

as shown in the diagram below, start the Firewall Builder

application and choose New Firewall from the menu that

appears:

• In the first page of New Firewall wizard, enter a name for

the firewall object:

• Next, select interface configuration method:

• In the next pages of the wizard, you can create the

network objects and define network zones:

• After creating the firewall object and network objects

you can configure the firewall's rules:

• After configuring the basic firewall rules, we need to

define NAT policy:

• To convert the rules from the Firewall Builder GUI

syntax to the target device commands, click compile

icon. To view the output of the compile, click on the

button that says Inspect Generated Files.

Installing Cisco ASA configuration

• Firewall Builder can install the generated

configuration file for you using SSH and SCP.

• By default Firewall Builder uses SCP to copy the

generated config file to the firewall.

Summary

• In this session we discussed the

following:• Firewall installations.

Thanks

Eng. Ghannam Aljabary