+44 (0)1737 821590 A practical, hands-on course covering the core technologies, design principles and operational skills needed to work with firewalls. The course looks at how firewalls protect networks, control traffic, publish services, support VPNs and provide visibility through logging and monitoring. Hands-on exercises are used throughout to reinforce the theory and demonstrate real firewall behaviour. Delegates will configure and test firewall rules, stateful inspection, NAT, port forwarding and common firewall architectures, with the focus on transferable firewall skills rather than any one manufacturer’s implementation.
Technical staff wanting to learn about Filrewalls including:
Technical network staff.
Technical security staff.
IP security foundation for engineers
2 days
Security review, what is a firewall? What do firewalls do?
Firewall benefits and limitations. Basic firewall concepts.
Hands on
Establish the base network, verify connectivity, identify exposed services with nmap.
Packet filtering, SPI, proxy/application gateway, NGFW and host-based firewalls. Software firewalls, hardware appliances, virtual firewalls, cloud firewalls, chassis/module based firewalls, host-based/personal firewalls, selecting an appropriate firewall type. Firewall products.
Hands on Configuring a simple firewall. Compare direct access with access through an explicit web proxy
Things to filter: Source and destination IP addresses, protocols and ports. Rule order and first match. Implicit deny. Allow vs deny rules. Stateless filtering and its limitations. ACL style rules. Objects and service groups. Logging rules.
Hands on Configuring basic firewall rules and testing. Review logs to confirm rules matched.
State tables and connection tracking. How stateful firewalls handle TCP, UDP and ICMP traffic. Session setup, return traffic and session timeout. Inspection of packets in the context of a connection. Handling incomplete sessions, scans and SYN flood behaviour. Special handling for fragments, IP options and unusual traffic. Relationship between stateful inspection, NAT and logging.
Hands on Configure stateful firewall rules, test outbound and inbound sessions, examine the session table, compare permitted return traffic with unsolicited inbound traffic, and review logs.
Source NAT, destination NAT, static NAT, PAT/overload and port forwarding. Publishing services to internal or DMZ servers. NAT rule order, NAT and security policy interaction, NAT and logging.
Hands on Configure outbound NAT and port forwarding to a protected service. Test access using browser/curl and nmap, then review security and NAT logs.
Application awareness, user and identity-based policy, URL filtering, IPS, malware inspection, threat intelligence, TLS/SSL inspection and enhanced logging. Differences between port-based rules and application-aware rules. Benefits, limitations, performance impact, privacy considerations and licensing.
Hands on Review an application/URL/IPS-style policy and compare it with a traditional port-based rule.
Home, small office, enterprise and service provider designs. Trust levels and security zones. DMZs, bastion hosts, multi-DMZ designs, routed and transparent firewalls, virtual firewalls, dual-firewall designs, high availability, load balancing and VRRP.
Hands on Analyse a multi-zone firewall design using internal, external and DMZ networks. .
VPN concepts and use cases. Site-to-site VPNs, remote access VPNs and SSL/TLS VPNs. IPsec as a common site-to-site VPN technology: peers, protected networks, tunnel negotiation, encryption and authentication. Firewall policy for VPN traffic. NAT and VPN interaction, including NAT traversal and NAT exemption/no-NAT. Integration of dedicated VPN devices and firewalls.
Hands on Analyse a simple site-to-site VPN, test protected traffic and review VPN/firewall logs.
Firewall change control and configuration checklists. Testing allowed and blocked traffic. Validating rule order, implicit deny, NAT, port forwarding, VPN traffic and DMZ access. Using logs, rule hit counts, session tables, packet capture, nmap, ping, traceroute, curl/browser tests and syslog. Monitoring, alerting and audit evidence. Common troubleshooting approach: client, route, NAT, rule, state, application and log.
Hands on Test and validate a firewall configuration against a supplied policy requirement, identify misconfigurations, correct them, and produce a simple test record.
"It was a very interesting course but a lot to take in within a couple of days."
"It’s interesting and gives me a better understanding."
This structured course uses Instructor Led Training to provide the best possible learning experience. Small class sizes ensure students benefit from our engaging and interactive style of teaching with delegates encouraged to ask questions throughout the course. Quizzes follow each major section allowing checking of learning. Hands on sessions are used throughout to allow delegates to consolidate their new skills.