This shows you the differences between two versions of the page.
sred:lab3 [2021/11/12 18:07] horia.stoenescu [Setup] |
sred:lab3 [2022/10/28 14:21] (current) horia.stoenescu [Setup] |
||
---|---|---|---|
Line 6: | Line 6: | ||
After a period of time, our company managed to have some income and decided to invest it in security equipment, a license for a Cisco Firepower Threat Defense (known as FTD). In the first day, as expected, there is need to setup the virtual machine and create a simple topology with the server connected in **Outside** zone and client area in **Inside** one. | After a period of time, our company managed to have some income and decided to invest it in security equipment, a license for a Cisco Firepower Threat Defense (known as FTD). In the first day, as expected, there is need to setup the virtual machine and create a simple topology with the server connected in **Outside** zone and client area in **Inside** one. | ||
- | === Lab infra === | + | <note tip> |
+ | [[https://curs.upb.ro/2022/pluginfile.php/364637/mod_resource/content/2/lab3_ftd.pdf|Here]] you can find the presentation for lab3. There is made the transition from CBAC/ZBF to a firewall solution (consisting in basic scenarios like permitting traffic from inside to outside, filtering urls, and applications). | ||
+ | </note> | ||
+ | |||
+ | === Local host prerequisites === | ||
+ | If you have a Windows/MacOS machine, you need to install on it [[https://www.realvnc.com/en/connect/download/viewer/windows/|vnc viewer]] to access the Linux/Firewall machines and [[https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html|putty]] for Cisco routers/switches. | ||
+ | You can also check this client side pack from Eve-ng for [[https://www.eve-ng.net/index.php/download/#DL-WIN|Windows]] and [[https://www.eve-ng.net/index.php/download/#DL-OSX|MacOS]]. | ||
+ | |||
+ | For Linux OS, you can use Remmina or Remote Desktop Viewer (both should be already installed). Check this link also: [[https://remmina.org/how-to-install-remmina/|Remmina install]]. | ||
+ | |||
+ | === Lab infra - deploy full topology === | ||
This new security equipment called **ftd** is a Cisco Firepower Thread Defense version 6.6.1-91. You can find it on your local machine in **$HOME/images/ftd** directory. Your task is to add to qemu directory , use a specific naming format for Firepower and image, solve the permission problems (this is based of this [[https://www.eve-ng.net/index.php/documentation/howtos/howto-add-cisco-firepower-6-x-images-set/|tutorial]]), deploy and configure the machine: | This new security equipment called **ftd** is a Cisco Firepower Thread Defense version 6.6.1-91. You can find it on your local machine in **$HOME/images/ftd** directory. Your task is to add to qemu directory , use a specific naming format for Firepower and image, solve the permission problems (this is based of this [[https://www.eve-ng.net/index.php/documentation/howtos/howto-add-cisco-firepower-6-x-images-set/|tutorial]]), deploy and configure the machine: | ||
Line 134: | Line 144: | ||
t7. save node config and create another 2 nodes and new 1 network: | t7. save node config and create another 2 nodes and new 1 network: | ||
- | - 1 node with Linux image linux-ubuntu-18.04-server_machine (add 2 eth interfaces and keep the rest of default config). Add also a mac address for first eth interface with format **00:50:00:byte_2_eveng_ip:byte3_eveng_ip+id_table:byte4_eveng_ip** (example: for 10.3.0.76 with id table 28, use 00:50:00:03:28:76 - find your id in table [[https://curs.upb.ro/mod/url/view.php?id=84844|here]]). | + | - 1 node with Linux image linux-ubuntu-18.04-server_machine (add 2 eth interfaces and keep the rest of default config). Add also a mac address for first eth interface with format **00:50:00:byte_2_eveng_ip:byte3_eveng_ip+1:byte4_eveng_ip** (example: for 10.3.0.76 use 00:50:00:03:01:76). |
- 1 node with Linux image linux-ubuntu-18.04-client1_machine (keep also the rest of default config - 1 eth interface also) | - 1 node with Linux image linux-ubuntu-18.04-client1_machine (keep also the rest of default config - 1 eth interface also) |