• Kiếm tiền với Hostinger

    Kiếm Tiền Cùng Hostinger

    Bạn đang tìm kiếm cách kiếm thêm thu nhập online? Hãy tham gia ngay chương trình Affiliate của Hostinger! Với mỗi khách hàng đăng ký thông qua liên kết của bạn, bạn sẽ nhận được khoản hoa hồng hấp dẫn.

    Hostinger cung cấp các dịch vụ lưu trữ web (hosting) chất lượng cao với mức giá cạnh tranh, giúp bạn dễ dàng giới thiệu và thu hút người dùng.

    Đừng bỏ lỡ cơ hội tuyệt vời này để tăng thêm thu nhập thụ động.

    Tham Gia Ngay

(A10 Network)Basic configuration of Firewall on A10 Thunder CFW device

TigerDao

Administrator
Thành viên BQT
– Device A10 Thunder Convergent Firewall (CFW) Concentrating on beneficial technologies and features. This article will guide the basic configuration of the device Thunder CFW Deployed as a bridge between the enterprise network system and the Internet. With firewall configurations on the A10 device, security will be increased for internal connections to the Internet.

I/ Model:

(IMG)


II/ Configuration:

– Brief introduction to the components in this lab:


  • Internal Corporate Network – internal network area of the business/company.
  • A10 Thunder CFW – Thunder CFW devices only use firewall features to protect datacenters.
  • ISP Point-to-Point Subnet – has a basic configuration that simulates an ISP service provider with a public IP of network layer 4.10.10.0/31. This link is only used to route traffic between A10 Thunder CFW and the ISP.
  • Public IP address: A network range of Public IP addresses. This network range allows direct connection to the area Internet not through NAT.

– Minimum configuration for the network system inside the device Thunder CFW as follows:

  • Install Firewall status for A10 Thunder CFW and features.
  • Features for NAT: A10 Carrier Grade NAT
  • IP Routing

Configure IP, default route, NAT:

– Below are the configuration commands to connect via Command line for A10 Thunder CFW:


class-list inside
172.20.0.0/16 lsn-lid 1
!
ethernet interface 1
nameExternal
enable.enable
ip address 4.10.10.110 255.255.255.252
ip nat outside
!
ethernet interface 3
name CorporateNet
enable.enable
IP address 172.16.0.1 255.255.0.0
ip nat inside
!
ip route 0.0.0.0 /0 4.10.10.109
!
cgnv6 lsn inside source class-list inside
!
cgnv6 nat pool public 4.50.50.2 netmask /32
!
cgnv6 lsn-lid 1
source-nat-pool public
!
rule-set firewall
rule 30
action permit cgnv6
source ipv4-address any
source zone any
dest ipv4-address any
dest zone any
service any
!
fw active-rule-set firewall
!
end

Click to expand…

– CGNAT configuration:

– Below is the command to configure Carrier Grade NAT (CGNAT) to NAT IP addresses from inside to outside the Public IP. In this lab, all traffic will be sent out via IP 4.50.50.2.
!Note: Ethernet ports 1 and 3 correspond to IP NAT outside and IP NAT inside, respectively.


class-list inside

172.20.0.0/16 lsn-lid 1
cgnv6 lsn inside source class-list inside
cgnv6 nat pool public 4.50.50.2 netmask /32
cgnv6 lsn-lid 1

source-nat-pool public
Click to expand…

Firewall configuration:

– The Command commands below only create one individual rule, this rule allows outbound traffic and activates the NAT feature using CGNAT.


rule-set firewall
rule 30
action permit cgnv6
source ipv4-address any
source zone any
dest ipv4-address any
dest zone any
service any
fw active-rule-set firewall

Click to expand…


– IP Routing:

– IP traffic is routed through the gateway Ethernet 1 Connect directly to the ISP Router.

ip route 0.0.0.0 /0 4.10.10.109


– Summary: This article provides instructions on basic Firewall configuration. The purpose is to provide a quick guide on how to set up a basic configuration. There are hundreds of features inside an A10 Thunder CFW device. From the basic point that we have given this guide, customers can change depending on the system, adding some features to suit their requirements. From this basic configuration, the customer can then customize the system, adding features one at a time.
-Thank you for following and supporting this article-

Xem tiếp...
 
Top