Goal of Lab The goal of this extra credit exercise is to give you more practice troubleshooting a firewall ruleset. Objectives After completing this exercise, you will be able to: Identify potential mistakes in rulesets; and Troubleshoot rulesets. Activity 1. Download the Module 8: Sample Ruleset (.XLS) file located in WebCT/Bb/Web Links/Extra Credit 2. Open this file in Excel (or a spreadsheet application of your choice). 3. Assume these rules are running on a packet-filtering device. 4. Identify any mistakes in the ruleset, including duplicate rules, rules applied to incorrect interfaces, no returning rules for various packets, etc. 5. Correct any mistakes directly in the Excel file (use Red to show the corrected entry(ies). If you need to add additional rules, use a Red font color for them too. I Font Alignment Clipboard L24 fo Any B D F A E G H 1 Rule Description Prot SRC IP SRC Port DSTIP DST Port Action Int 2 1 HTTP Outbound TCP 192.168.1.0/24 Any> 1023 Any 80 Allow INT 3 2 HTTPS Outbound TCP 192.168.1.0/24 Any> 1023 Any 443 Allow INT 4 3 HTTP Inbound TCP Any Any> 1023 207.177.178.34 80 Allow EXT 5 4 DNS Outbound TCP 207.177.178.31 53 23.45.67.78 53 Allow DMZ 6 5 DNS Outbound UDP 207.177 178.31 53 53 Allow DMZ 7 6 DNS Outbound UDP 192.168.1.2 53 207.177.178.31 53 Allow INT 8 7 DNS Inbound TCP 23.45.67 78 53 207.177.178.31 53 Allow EXT 9 8 DNS Inbound UDP 207.177.178.31 53 192.168.1.2 53 Allow INT 10 9 DNS Inbound UDP Any 53 207.177.178.31 53 Allow EXT 11 10 SMTP Outbound TCP 192.168.1.5 25 207.177.178.35 25 Allow INT 12 11 SMTP Outbound TCP 207.177.178.35 25 Any 25 Allow DMZ 13 12 POP3/S Outbound TCP 192.168.1.5 995 207.177.178.32 995 Allow INT 14 13 POP3/S Outbound TCP 192.168.1.0/24 Any> 1023 Any 995 Allow INT 15 14 POP3 Outbound TCP 192.168.1.0/24 Any> 1023 Any 110 Allow INT 16 15 POP3 Inbound TCP Any 110 192.168.1.0/24 Any> 1023 Allow EXT 17 16 POP3/S Inbound TCP Any 995 207.177.178.32 995 Allow EXT 18 17 SMTP Inbound TCP Any 25 207.177.178.35 25 Allow EXT 19 18 SMTP Inbound TCP 207.177.178.35 25 192.168.1.5 25 Allow DMZ 20 19 FTP/C Inbound TCP Any Any 1023 207.177.178.33 21 Allow EXT 21 20 FTP/C Outbound TCP 207.177.178.33 21 Any Any> 1023 Allow DMZ 22 21 AFTP/D Outbound TCP 207.177.178.33 20 Any Any> 1024 Allow DMZ 23 22 AFTP/D Inbound TCP Any Any> 1024 207.177.178.33 20 Allow EXT 24 23 PFTP/D Outbound TCP 207.177.178.33 Any > 1024 Any Any> 1024 Allow DMZ 25 24 PFTP/D Inbound TCP Any Any> 1024 207.177.178.33 Any> 1023 Allow EXT 26 25 SSH Inbound TCP Any Any> 1023 207.177.178.31 22 Allow EXT 27 26 RDP Inbound TCP Any Any> 1023 207.177.178.32 3389 Allow EXT 28 27 SSH Inbound TCP Any Any> 1023 207.177.178.33 22 Allow EXT 29 28 SSH Inbound TCP Any Any> 1023 207.177.178.34 22 Allow EXT 30 29 RDP Inbound TCP Any Any> 1023 207.177.178.35 3389 Allow EXT 31 30 SSH Outbound TCP 192.168.1.0/24 Any> 1023 Any 22 Allow INT 31 RDP Outbound TCP 192.168.1.0/24 Any> 1023 Any 3389 Allow INT 33 Rule Protocol Prot SRC IP ICMP Type DST IP Action 34 32 ICMP Request ICMP 192.168.1.0/24 8 192.168.1.1 Allow INT 35 33 ICMP Request ICMP 207.177.178.0/24 8 207.177.178.1 Allow DMZ 36 34 ICMP Request ICMP 176.18.0.0/16 8 176.18.12.1 Allow 37 EXT 35 ICMP Reply ICMP 192.168.1.1 0 192.168.1.0/24 Allow INT 38 36 ICMP Reply ICMP 207.177.178.1 0 207.177.178.0/24 Allow DMZ 39 37 ICMP Reply ICMP 176.18.12.1 0 176.18.0.0/16 Allow EXT 40 38 External Cleanup Any Any Any Any 41 Any Deny EXT 39 DMZ Cleanup Any Any Any 42 Any Deny DMZ 40 Internal Cleanup Any Any Any 43 Any Any Deny INT 32 Sample Ruleset Goal of Lab The goal of this extra credit exercise is to give you more practice troubleshooting a firewall ruleset. Objectives After completing this exercise, you will be able to: Identify potential mistakes in rulesets; and Troubleshoot rulesets. Activity 1. Download the Module 8: Sample Ruleset (.XLS) file located in WebCT/Bb/Web Links/Extra Credit 2. Open this file in Excel (or a spreadsheet application of your choice). 3. Assume these rules are running on a packet-filtering device. 4. Identify any mistakes in the ruleset, including duplicate rules, rules applied to incorrect interfaces, no returning rules for various packets, etc. 5. Correct any mistakes directly in the Excel file (use Red to show the corrected entry(ies). If you need to add additional rules, use a Red font color for them too. I Font Alignment Clipboard L24 fo Any B D F A E G H 1 Rule Description Prot SRC IP SRC Port DSTIP DST Port Action Int 2 1 HTTP Outbound TCP 192.168.1.0/24 Any> 1023 Any 80 Allow INT 3 2 HTTPS Outbound TCP 192.168.1.0/24 Any> 1023 Any 443 Allow INT 4 3 HTTP Inbound TCP Any Any> 1023 207.177.178.34 80 Allow EXT 5 4 DNS Outbound TCP 207.177.178.31 53 23.45.67.78 53 Allow DMZ 6 5 DNS Outbound UDP 207.177 178.31 53 53 Allow DMZ 7 6 DNS Outbound UDP 192.168.1.2 53 207.177.178.31 53 Allow INT 8 7 DNS Inbound TCP 23.45.67 78 53 207.177.178.31 53 Allow EXT 9 8 DNS Inbound UDP 207.177.178.31 53 192.168.1.2 53 Allow INT 10 9 DNS Inbound UDP Any 53 207.177.178.31 53 Allow EXT 11 10 SMTP Outbound TCP 192.168.1.5 25 207.177.178.35 25 Allow INT 12 11 SMTP Outbound TCP 207.177.178.35 25 Any 25 Allow DMZ 13 12 POP3/S Outbound TCP 192.168.1.5 995 207.177.178.32 995 Allow INT 14 13 POP3/S Outbound TCP 192.168.1.0/24 Any> 1023 Any 995 Allow INT 15 14 POP3 Outbound TCP 192.168.1.0/24 Any> 1023 Any 110 Allow INT 16 15 POP3 Inbound TCP Any 110 192.168.1.0/24 Any> 1023 Allow EXT 17 16 POP3/S Inbound TCP Any 995 207.177.178.32 995 Allow EXT 18 17 SMTP Inbound TCP Any 25 207.177.178.35 25 Allow EXT 19 18 SMTP Inbound TCP 207.177.178.35 25 192.168.1.5 25 Allow DMZ 20 19 FTP/C Inbound TCP Any Any 1023 207.177.178.33 21 Allow EXT 21 20 FTP/C Outbound TCP 207.177.178.33 21 Any Any> 1023 Allow DMZ 22 21 AFTP/D Outbound TCP 207.177.178.33 20 Any Any> 1024 Allow DMZ 23 22 AFTP/D Inbound TCP Any Any> 1024 207.177.178.33 20 Allow EXT 24 23 PFTP/D Outbound TCP 207.177.178.33 Any > 1024 Any Any> 1024 Allow DMZ 25 24 PFTP/D Inbound TCP Any Any> 1024 207.177.178.33 Any> 1023 Allow EXT 26 25 SSH Inbound TCP Any Any> 1023 207.177.178.31 22 Allow EXT 27 26 RDP Inbound TCP Any Any> 1023 207.177.178.32 3389 Allow EXT 28 27 SSH Inbound TCP Any Any> 1023 207.177.178.33 22 Allow EXT 29 28 SSH Inbound TCP Any Any> 1023 207.177.178.34 22 Allow EXT 30 29 RDP Inbound TCP Any Any> 1023 207.177.178.35 3389 Allow EXT 31 30 SSH Outbound TCP 192.168.1.0/24 Any> 1023 Any 22 Allow INT 31 RDP Outbound TCP 192.168.1.0/24 Any> 1023 Any 3389 Allow INT 33 Rule Protocol Prot SRC IP ICMP Type DST IP Action 34 32 ICMP Request ICMP 192.168.1.0/24 8 192.168.1.1 Allow INT 35 33 ICMP Request ICMP 207.177.178.0/24 8 207.177.178.1 Allow DMZ 36 34 ICMP Request ICMP 176.18.0.0/16 8 176.18.12.1 Allow 37 EXT 35 ICMP Reply ICMP 192.168.1.1 0 192.168.1.0/24 Allow INT 38 36 ICMP Reply ICMP 207.177.178.1 0 207.177.178.0/24 Allow DMZ 39 37 ICMP Reply ICMP 176.18.12.1 0 176.18.0.0/16 Allow EXT 40 38 External Cleanup Any Any Any Any 41 Any Deny EXT 39 DMZ Cleanup Any Any Any 42 Any Deny DMZ 40 Internal Cleanup Any Any Any 43 Any Any Deny INT 32 Sample Ruleset