– Device A10 Thunder Convergent Firewall (CFW) Concentrating on beneficial technologies and features. This article will guide the basic configuration of the device Thunder CFW Deployed as a bridge between the enterprise network system and the Internet. With firewall configurations on the A10 device, security will be increased for internal connections to the Internet.
I/ Model:
II/ Configuration:
– Brief introduction to the components in this lab:
- Internal Corporate Network – internal network area of the business/company.
- A10 Thunder CFW – Thunder CFW devices only use firewall features to protect datacenters.
- ISP Point-to-Point Subnet – has a basic configuration that simulates an ISP service provider with a public IP of network layer 4.10.10.0/31. This link is only used to route traffic between A10 Thunder CFW and the ISP.
- Public IP address: A network range of Public IP addresses. This network range allows direct connection to the area Internet not through NAT.
– Minimum configuration for the network system inside the device Thunder CFW as follows:
- Install Firewall status for A10 Thunder CFW and features.
- Features for NAT: A10 Carrier Grade NAT
- IP Routing
– Configure IP, default route, NAT:
– Below are the configuration commands to connect via Command line for A10 Thunder CFW:
class-list inside
172.20.0.0/16 lsn-lid 1
!
ethernet interface 1
nameExternal
enable.enable
ip address 4.10.10.110 255.255.255.252
ip nat outside
!
ethernet interface 3
name CorporateNet
enable.enable
IP address 172.16.0.1 255.255.0.0
ip nat inside
!
ip route 0.0.0.0 /0 4.10.10.109
!
cgnv6 lsn inside source class-list inside
!
cgnv6 nat pool public 4.50.50.2 netmask /32
!
cgnv6 lsn-lid 1
source-nat-pool public
!
rule-set firewall
rule 30
action permit cgnv6
source ipv4-address any
source zone any
dest ipv4-address any
dest zone any
service any
!
fw active-rule-set firewall
!
end
Click to expand…
– CGNAT configuration:
– Below is the command to configure Carrier Grade NAT (CGNAT) to NAT IP addresses from inside to outside the Public IP. In this lab, all traffic will be sent out via IP 4.50.50.2.
!Note: Ethernet ports 1 and 3 correspond to IP NAT outside and IP NAT inside, respectively.
class-list inside
172.20.0.0/16 lsn-lid 1
cgnv6 lsn inside source class-list inside
cgnv6 nat pool public 4.50.50.2 netmask /32
cgnv6 lsn-lid 1
source-nat-pool publicClick to expand…
– Firewall configuration:
– The Command commands below only create one individual rule, this rule allows outbound traffic and activates the NAT feature using CGNAT.
rule-set firewall
rule 30
action permit cgnv6
source ipv4-address any
source zone any
dest ipv4-address any
dest zone any
service any
fw active-rule-set firewall
Click to expand…
– IP Routing:
– IP traffic is routed through the gateway Ethernet 1 Connect directly to the ISP Router.
ip route 0.0.0.0 /0 4.10.10.109
– Summary: This article provides instructions on basic Firewall configuration. The purpose is to provide a quick guide on how to set up a basic configuration. There are hundreds of features inside an A10 Thunder CFW device. From the basic point that we have given this guide, customers can change depending on the system, adding some features to suit their requirements. From this basic configuration, the customer can then customize the system, adding features one at a time.
-Thank you for following and supporting this article-
Xem tiếp...