Cisco Firewall Rule Case Study1 1. Case Learning Objectives Explain why it is important to configure firewall effectively Create Cisco firewall rules to satisfy organization policies. Update firewall rules when network architecture is changed. Distinguish the different roles of external firewall and internal firewall. 2. Case Description You are the network administrator and it is your duty to configure the firewall rules to protect the companys network. Figure 1 shows the architecture of your company network and the IP addresses of the computers. Table 1 shows the port numbers that are helpful in writing your firewall rules. Refer to the [1] for the formatting of Cisco Firewall Rules. Answer the following discussion questions (the mapping to the Blooms Taxonomy is listed below). Figure 1: IP Addresses of each machine Table 1. Port Numbers Port Service 21 FTP 23 Telnet 25 Simple Mail Transport Protocol 53 Domain Name Servers 69 Trivial FTP 80 HTTP 110 POP3 client email 123 Network Time Protocol 137-139 Microsoft NETBIOS 143 IMAP4 client email 161 Simple Network Maintenance Protocol 443 HTTPS 445 Windows File Sharing 1863 MSN Instant messaging 1214 Kazaa 3389 Windows Remote Desktop Protocol 5190 AOL instant messenger 28800- 29100 MSN Gaming Zone 49876 Firewall Simulation 3. Discussion Questions and Their Mappings to Blooms Taxonomy Table 1: Mapping of Cisco Firewall Rule case discussion questions to Blooms Taxonomy. Cisco Firewall Rule Case Description Questions Cognitive Levels 1. Write the Cisco-like firewall rules to satisfy the following policy: 1) Allow access to the homepage of your company. 2) Allow the DNS to be accessed. 3) Allow anyone to send email to the employees company account. 4) Allow employees to access their company email account via POP. 5) Allow the FTP server to be accessed. 6) Disallow anyone to access your SNMP data. 7) Disallow employees to access www.wasteoftime.com 8) Allow anyone to send an AOL instant message to an employee in the company. 9) Allow anyone to send an MSN instant message to an employee in the company. 10) Prohibit Kazaa on all computers. 11) Allow the CEO of the company to access the private Microsoft file share of the network administrator. 12) Disallow others in the company to access the private Microsoft file share of the network administrator. 13) Allow someone at 222.111.000.44 to do a Microsoft remote desktop connection to Janes computer. 2. Suppose your company decides to create a backup DNS using the FTP server. Update your firewall rules. Level 3: Application 3. What changes would be necessary if the main router did not function as a firewall but the two other routers performed the firewall responsibilities? Level 4: Analysis 4. How would the firewall capabilities change if the firewall was a separate box that came between the routers and the Internet? Level 4: Analysis 5. Suppose the network architecture is changed to be as Figure 2. Reconfigure the firewall rules for both firewalls. Level 3: Application Level 4: Analysis 6. Explain why it is important to configure firewall effectively Level 2: Comprehension.