Académique Documents
Professionnel Documents
Culture Documents
> Upon completion of this module, you should be familiar with the following:
Key Features of the X505 Device Appearance Key Concepts and Functional Areas of the X505
> Security Zones and Interfaces > Firewall > Content Filtering > VPN > IPS > System Administration
Deployment Modes/Scenario
> Stateful Packet Inspection Firewall > Industry Standards Compliant VPN > Fully Featured IPS > Flexible security zone deployment > User Authorization > Zone Based Rate Limiting > Content Filtering > Manual URL Filtering > Application specific rate limiting > Multicast Routing > RIP
Device Appearance
> No LCD Panel > 2 inches high, slightly taller than 1U (1U=1.75) > DB9 Console Port (115200BPS-8-None-1) > (4) 10/100 Ethernet Ports (NO Auto-MDI) > (1) 10/100 Management Port
Unused in most installations Will go away as of X5/X506 (Management will be in-line) Exists due to sharing of platform (200E)
4
Security Zones
WAN
LAN
x505
DMZ
LAN2
VPN
5
Network Interfaces
> Network Interfaces define how the X505 integrates with the layer 3 network > A Network Interface can represent multiple security zones.
Example: Internal Network Interface could represent LAN1, LAN2, and VPN
> There is one external Network Interface (i.e. WAN Zone assigned by default)
Static DHCP x-Series acts as DHCP Client on by default PPPoE PPTP L2TP
External Interface
LAN
DMZ
WAN
Internal I/F
External Interface
LAN
DMZ
WAN
Internal I/F
Internal I/F
External I/F
LAN
DMZ
WAN
7
Firewall
> Firewall Rules enforce policy between zones (i.e. From the WAN zone to LAN zone) > Rules are evaluated from the top down with an implicit deny at the end > Network and Service Objects define who can access what > Options:
Rate Limiting Schedules Group Authorization Content Filtering
Content Filtering
> Subscription Service (requires DV Gold Package) > Block access to Gambling, Porn, Hate Speech, etc. > Manual URL Filtering > Custom response page
10
> The X505 have Virtual IPS Segments as opposed to physical ports as seen on the TippingPoint IPS series > Virtual IPS Segments must be created before IPS policing takes effect > IPS policy is implemented between zones, not within zones > By default, IPS rules apply to all configured virtual IPS segments > Order of Packet Inspection
Firewall IPS
11
System Administration
> Administration
Local Security Manager (LSM) Web GUI CLI SSH over the network CLI Direct Terminal Configuration
> Updates
TippingPoint OS (TOS) Upgrades Manual and Automatic Digital Vaccine (DV) Updates
> Logs/Events
System/Audit Logs Traffic Event Logs IPS Logs
12
13