7
My Virtual Firewall by Brian Drew Last time I shared my home vSphere environment that I use to test and train on. I got a lot of positive feedback and wanted to follow up with my virtual firewall configuration. Prior to implementation I had a Comcast cable modem and Windows firewall on each PC. That was the extent of it and I knew better. I needed something stronger.

My virtual firewall

Embed Size (px)

DESCRIPTION

using the previously described vsphere lab, I created a dedicated ipcop firewall as a virtual machine to secure my home networks.

Citation preview

Page 1: My virtual firewall

My Virtual Firewall

by Brian Drew

Last time I shared my home vSphere environment that I use to test and train on. I got a lot of positive feedback and wanted to follow up with my virtual firewall configuration.

Prior to implementation I had a Comcast cable modem and Windows firewall on each PC. That was the extent of it and I knew better. I needed something stronger.

Page 2: My virtual firewall

• Overview

• Before and After

• Physical and Logical Components

• Next Steps

AGENDA

As always the information contained within is not meant to be an exhaustive how-to manual but rather represent what I used to build a secure network using my virtual lab.

I used IPCOP, an Open Source solution, on a virtual machine. The only “stickler” is the network config but that is easy too. The end-result is a decent, dedicated firewall and a little extra learning to boot.

Page 3: My virtual firewall

• I feel good about the IPCOP solution. I might give Microsoft Forefront Threat Management Gateway a try when I get some free time but for now I’m satisfied.

• I thought it worth showing before and after pics to get the overall jist of things.

• This is the BEFORE…..

OVERVIEW

Page 4: My virtual firewall

AFTER -

PHYSICAL

• By using that 3rd NIC in each HP ProliantMicroServer I was able to create the required environment.

• Caveat – notice the un-used on-board NIC on the other ESXi host.

Page 5: My virtual firewall

• In vSphere the networking looks like this on both hosts. I did not use vDS this first time around.

• Notice the ipcop VM is on 2 virtual switches

• The corresponding physical connections are then madeAFTER -

LOGICAL

Page 6: My virtual firewall

• The ipcop server is set as the default gateway now for all devices on that LAN segment.

• All packets must go through the firewall inbound and outbound.

• Security is now up to the configuration of ipcop.

• To me that is a LOT better than having individual firewalls on each and virtual machine.

• Make sure to turn them all off if you go this route.

• You still need anti-virus.

IT’S

BEAUTIFUL

Page 7: My virtual firewall

• Go through icop documents and button things up if desired

• Other services that can be enabled include DHCP, NTP and Intrusion Detection – all are already “in the box” waiting to be enabled.

• I use all the services now – point ESXi servers at it for NTP. The Intrusion Detection is particularly interesting.

• Back to that unused network port. Regretfully, since I don’t have sophisticated equipment at home, when a ESXi host failure occurs, I need to move the cross-over cable to the other, live ESXi host. Everything else will take care of itself.

• THE END

NEXT STEPS


Sophos XG Firewall Virtual Appliance - KVM · Getting Started Guide: Sophos XG Firewall Virtual Appliance Version: 05012018AHM Page 4 of 19 Preface The Getting Started Guide describes

Sophos XG Firewall Virtual Appliance - KVM · Getting Started Guide: Sophos XG Firewall Virtual Appliance Version: 05012018AHM Page 4 of 19 Preface The Getting Started Guide describes

Documents
McAfee Virtual - Home | Department of Computer Sciencebylander/cs1023/mcafee_na_virtual... · CASE STUDY: Operation Firewall In an investigation codenamed Operation Firewall, U.S

McAfee Virtual - Home | Department of Computer Sciencebylander/cs1023/mcafee_na_virtual... · CASE STUDY: Operation Firewall In an investigation codenamed Operation Firewall, U.S

Documents
My Virtual Home

My Virtual Home

Documents
Skybox Firewall Assurancedownloads.skyboxsecurity.com/files/Installers/...Firewall Assurance covers the most comprehensive list of firewall vendors, complex rulesets and virtual- and

Skybox Firewall Assurancedownloads.skyboxsecurity.com/files/Installers/...Firewall Assurance covers the most comprehensive list of firewall vendors, complex rulesets and virtual- and

Documents
McAfee, Inc. McAfee Firewall Enterprise Virtual Appliance ... · The McAfee Firewall Enterprise Virtual Appliance for Crossbeam is designed to leverage Crossbeam’s X-Series Operating

McAfee, Inc. McAfee Firewall Enterprise Virtual Appliance ... · The McAfee Firewall Enterprise Virtual Appliance for Crossbeam is designed to leverage Crossbeam’s X-Series Operating

Documents
Thunder CFW High-Performance Versatile Firewall · The data center firewall and virtual private network ... Thunder CFW Gi/SGi firewall enables mobile carriers to ... MOBILE SERVICE

Thunder CFW High-Performance Versatile Firewall · The data center firewall and virtual private network ... Thunder CFW Gi/SGi firewall enables mobile carriers to ... MOBILE SERVICE

Documents
My Virtual Way

My Virtual Way

Documents
Getting Started Guide - Sophosdocs.sophos.com/nsg/sophos-firewall/v16057/PDF/Sophos Firewall... · Getting Started Guide: Sophos XG Firewall Virtual Appliance Version: 21082017AHM

Getting Started Guide - Sophosdocs.sophos.com/nsg/sophos-firewall/v16057/PDF/Sophos Firewall... · Getting Started Guide: Sophos XG Firewall Virtual Appliance Version: 21082017AHM

Documents
My virtual child

My virtual child

Technology
My Virtual Tutor: Reading

My Virtual Tutor: Reading

Education
Cisco Adaptive Security Appliances (ASA) Firewall and Virtual

Cisco Adaptive Security Appliances (ASA) Firewall and Virtual

Documents
Collaborative Enforcement of Firewall Policies in Virtual Private Networks

Collaborative Enforcement of Firewall Policies in Virtual Private Networks

Documents
Firewall linux virtual para windows

Firewall linux virtual para windows

Technology
My Virtual StrongBox

My Virtual StrongBox

Documents
My Virtual Book

My Virtual Book

Documents
FortiGate -VM Next Generation Firewall Internal …...Next Generation Firewall (NGFW) Combines threat prevention security capabilities into single power virtual appliance instance

FortiGate -VM Next Generation Firewall Internal …...Next Generation Firewall (NGFW) Combines threat prevention security capabilities into single power virtual appliance instance

Documents
On the Safety and Efficiency of Virtual Firewall Elasticity

On the Safety and Efficiency of Virtual Firewall Elasticity

Documents
TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers

TippingPoint X505 Training - Firewall – Rules, Services and Virtual Servers

Documents
SKYBOX FIREWALL ASSURANCEsyslog and ACL data analysis • Analyze how network traffic could flow through a firewall • Automate firewall management for traditional, next–gen, virtual

SKYBOX FIREWALL ASSURANCEsyslog and ACL data analysis • Analyze how network traffic could flow through a firewall • Automate firewall management for traditional, next–gen, virtual

Documents
Forcepoint NGFW - Blue Bridge grupė NGFW Security Management Center Perimeter firewall Creating an advanced distributed firewall security inside distributed virtual appliances

Forcepoint NGFW - Blue Bridge grupė NGFW Security Management Center Perimeter firewall Creating an advanced distributed firewall security inside distributed virtual appliances

Documents
AWS, Azure, Google & Co. - saaris.de · vnet peering NSG Web Frontend subnet Spoke 1 virtual network Spoke 2 virtual network vnet peering Firewall subnet Firewall NSG NSG App Backend

AWS, Azure, Google & Co. - saaris.de · vnet peering NSG Web Frontend subnet Spoke 1 virtual network Spoke 2 virtual network vnet peering Firewall subnet Firewall NSG NSG App Backend

Documents
My Virtual Passport

My Virtual Passport

Travel
Networks to Build the Digital Economy · 2016. 5. 23. · Firewall appliance, virtual firewall, firewall “light” Protection in the network Threat Detection Feeds Policy SDSN

Networks to Build the Digital Economy · 2016. 5. 23. · Firewall appliance, virtual firewall, firewall “light” Protection in the network Threat Detection Feeds Policy SDSN

Documents
Beware the Firewall My Son: The Workshop

Beware the Firewall My Son: The Workshop

Technology
Ninth Annual My Promise, My Faith - Virtual

Ninth Annual My Promise, My Faith - Virtual

Documents
My Virtual Identity

My Virtual Identity

Career
My virtual Bio

My virtual Bio

Business
Forcepoint Stonesoft Next Generation Firewall Virtual Contexts · Stonesoft Next Generation Firewall appliances and as software on third-party hardware. These virtual contexts are

Forcepoint Stonesoft Next Generation Firewall Virtual Contexts · Stonesoft Next Generation Firewall appliances and as software on third-party hardware. These virtual contexts are

Documents
Virtual Firewall Enhanced Service

Virtual Firewall Enhanced Service

Documents
Alcatel-Lucent Alcatel-Lucent VPN Firewall Bricks 150, … · The Alcatel-Lucent Virtual Private Network (VPN) Firewall ... 2008 Alcatel-Lucent VPN Firewall ... Virtual Local Area

Alcatel-Lucent Alcatel-Lucent VPN Firewall Bricks 150, … · The Alcatel-Lucent Virtual Private Network (VPN) Firewall ... 2008 Alcatel-Lucent VPN Firewall ... Virtual Local Area

Documents