Differences
This shows you the differences between two versions of the page.
|
sred:laborator_4._application_firewall_wsa [2020/11/06 11:28] horia.stoenescu |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ======== Lab.5 - Application firewall (WSA) ======== | ||
| - | |||
| - | The last Cisco equipment that we are going to use is Web Security Appliance ([[http://example.com|WSA]]) to filter http traffic (both inbound and outbound). | ||
| - | |||
| - | The VM runs in VirtualBox with 1 management interface (assigned to network adapter 1 - host-only adapter) with ip address **192.168.56.102** and default gateway **192.168.56.1** (Windows host machine - in vbox vmnet) - see [[http://www.network-node.com/blog/2016/8/16/wsa-setup|here]] for details. | ||
| - | |||
| - | <note tip> | ||
| - | **Just** in case you need to modify the mgmt interface configuration: | ||
| - | <code> | ||
| - | ironport.example.com> interfaceconfig | ||
| - | |||
| - | |||
| - | Currently configured interfaces: | ||
| - | 1. Management (172.19.7.165/24 on Management: ironport.example.com) | ||
| - | |||
| - | Choose the operation you want to perform: | ||
| - | - NEW - Create a new interface. | ||
| - | - EDIT - Modify an interface. | ||
| - | - DELETE - Remove an interface. | ||
| - | - DETAILS - Show details of an interface. | ||
| - | |||
| - | []> EDIT | ||
| - | Enter the number of the interface you wish to edit. | ||
| - | []> 1 | ||
| - | Would you like to configure an IPv4 address for this interface (y/n)? [Y]> | ||
| - | [...] | ||
| - | </code> | ||
| - | Select there ipv4 only, add an ip address from vbox vmnet subnet and let ftp,http,https ports opened. | ||
| - | |||
| - | Do not forget to add a default gateway: | ||
| - | <code> | ||
| - | ironport.example.com> setgateway | ||
| - | |||
| - | Warning: setting an incorrect default gateway may cause the current connection | ||
| - | to be interrupted when the changes are committed. | ||
| - | Set the default gateway for: | ||
| - | 1. IPv4 | ||
| - | 2. IPv6 | ||
| - | [1]> 1 | ||
| - | Enter new default gateway: | ||
| - | []> 192.168.56.1 | ||
| - | </code> | ||
| - | |||
| - | There is also need to have a ntp server configured - use //pool.ntp.org//: | ||
| - | <code> | ||
| - | ironport.example.com> ntpconfig | ||
| - | [...] | ||
| - | |||
| - | </code> | ||
| - | |||
| - | Then, commit and verify the time: | ||
| - | <code> | ||
| - | ironport.example.com> commit | ||
| - | [...] | ||
| - | ironport.example.com> date | ||
| - | |||
| - | Wed Nov 10 13:43:24 2019 GMT | ||
| - | </code> | ||
| - | </note> | ||
| - | |||
| - | <note> | ||
| - | **Credentials** for WSA (default ones are used): | ||
| - | * user: admin | ||
| - | * passwd: ironport | ||
| - | </note> | ||
| - | |||
| - | The following **ports** are opened: | ||
| - | * 8080: used for accessing the WebUI using HTTP | ||
| - | * 8443: used for accessing the WebUI using HTTPS | ||
| - | * 21: FTP access | ||
| - | * 22: SSH access (you can start PuTTY and add to host name the ip address 192.168.56.102 with the credentials from above) | ||
| - | |||
| - | <note important> | ||
| - | Golden rule on WSA: in order to apply any changes, you must **commit** them. | ||
| - | </note> | ||
| - | |||
| - | There are two different approaches for filtering: **whitelisting** and **blacklisting**. The first one requires to create a list of hosts that are permitted for accessing, while denying anything else and the second one just to define what is not permitted. By default, WSA is configured to run in the second mode (it allows all traffic). Change this behavior by going to WebUI > Web Security Manager > Access Policies and modify URL Filtering tab from Monitor to Block. | ||
| - | |||
| - | For **authenticating** users, we can use: | ||
| - | - static entries (based on IPs) | ||
| - | - LDAP authentication (on Linux machine or service on Active Directory) | ||
| - | |||
| - | |||
