Layer2 transparent proxy
Páginas: 93 (23079 palabras)
Publicado: 1 de febrero de 2011
Interested in learning more about security?
SANS Institute InfoSec Reading Room
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.
Transparent (Layer 2) Firewalls: A look at 2 Vendor Offerings: Juniper and Cisco
Copyright SANS Institute Author Retains Full Rights
AD
Key fingerprint = AF19 FA27 2F94 998D FDB5DE3D F8B5 06E4 A169 4E46
GIAC GCFW Gold Certification Author: Matt Austin, net2004eng@yahoo.com
Ins titu
NS
©
Matt Austin
SA
te
20
Adviser: Rick Wanner
Accepted: 2008-12-11
08 ,
Transparent (Layer 2) Firewalls: A look at 2 Vendor Offerings: Juniper and Cisco
Au
tho
rr
eta
ins
ful l
1
© SANS Institute 2008, Author retains full rights.
rights
Transparent (Layer 2) Firewalls: A look at 2 Vendor Offerings: Juniper and Cisco
.
Contents
1. Abstract ......................................................................................................................5 2. Introduction.................................................................................................................5 3. NetworkDesign..........................................................................................................7 3.1. Network Design.......................................................................................................8 3.2. Hosts/Networks/Servers..........................................................................................9 3.3. Rules to govern user access.................................................................................10
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
4. Juniper SSG.............................................................................................................10 4.1. Introduction to the Juniper SSG5 ..........................................................................10 4.2.Configuration Parameters necessary for Transparent/Bridge Mode (CLI) ............11 4.3. Troubleshooting techniques (Debug, Show and Snoop) .......................................25 4.4. Final Notes on the Juniper SSG5..........................................................................33
©
Matt Austin
SA
5. Cisco ASA 5505.......................................................................................................34 5.1. Introduction to Cisco ASA 5505...........................................................................34 2
© SANS Institute 2008,
NS
Ins titu
te
20
08 ,
Au
tho
rr
eta
ins
ful l
rig
hts
Transparent (Layer 2) Firewalls: A look at 2 Vendor Offerings: Juniper and Cisco
Author retains full rights.
. 8. References...............................................................................................................60 Appendix A1: Juniper Final Configuration ....................................................................65 Appendix A2: Layer-2 Juniper Configuration Explained ...............................................77
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3DF8B5 06E4 A169 4E46
Appendix B2: Layer-2 Cisco Configuration Explained..................................................91 Appendix B3: Cisco Security Manager.........................................................................96 Additional Juniper Links: ............................................................................................100
©
Matt Austin
SAAdditional Cisco Links: ...............................................................................................100
NS
Ins titu
te
Appendix B1: Cisco Final Configuration.......................................................................85
20
Appendix A3: Juniper NSM ..........................................................................................80
08 ,...
SANS Institute InfoSec Reading Room
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.
Transparent (Layer 2) Firewalls: A look at 2 Vendor Offerings: Juniper and Cisco
Copyright SANS Institute Author Retains Full Rights
AD
Key fingerprint = AF19 FA27 2F94 998D FDB5DE3D F8B5 06E4 A169 4E46
GIAC GCFW Gold Certification Author: Matt Austin, net2004eng@yahoo.com
Ins titu
NS
©
Matt Austin
SA
te
20
Adviser: Rick Wanner
Accepted: 2008-12-11
08 ,
Transparent (Layer 2) Firewalls: A look at 2 Vendor Offerings: Juniper and Cisco
Au
tho
rr
eta
ins
ful l
1
© SANS Institute 2008, Author retains full rights.
rights
Transparent (Layer 2) Firewalls: A look at 2 Vendor Offerings: Juniper and Cisco
.
Contents
1. Abstract ......................................................................................................................5 2. Introduction.................................................................................................................5 3. NetworkDesign..........................................................................................................7 3.1. Network Design.......................................................................................................8 3.2. Hosts/Networks/Servers..........................................................................................9 3.3. Rules to govern user access.................................................................................10
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
4. Juniper SSG.............................................................................................................10 4.1. Introduction to the Juniper SSG5 ..........................................................................10 4.2.Configuration Parameters necessary for Transparent/Bridge Mode (CLI) ............11 4.3. Troubleshooting techniques (Debug, Show and Snoop) .......................................25 4.4. Final Notes on the Juniper SSG5..........................................................................33
©
Matt Austin
SA
5. Cisco ASA 5505.......................................................................................................34 5.1. Introduction to Cisco ASA 5505...........................................................................34 2
© SANS Institute 2008,
NS
Ins titu
te
20
08 ,
Au
tho
rr
eta
ins
ful l
rig
hts
Transparent (Layer 2) Firewalls: A look at 2 Vendor Offerings: Juniper and Cisco
Author retains full rights.
. 8. References...............................................................................................................60 Appendix A1: Juniper Final Configuration ....................................................................65 Appendix A2: Layer-2 Juniper Configuration Explained ...............................................77
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3DF8B5 06E4 A169 4E46
Appendix B2: Layer-2 Cisco Configuration Explained..................................................91 Appendix B3: Cisco Security Manager.........................................................................96 Additional Juniper Links: ............................................................................................100
©
Matt Austin
SAAdditional Cisco Links: ...............................................................................................100
NS
Ins titu
te
Appendix B1: Cisco Final Configuration.......................................................................85
20
Appendix A3: Juniper NSM ..........................................................................................80
08 ,...
Leer documento completo
Regístrate para leer el documento completo.