tailieunhanh - PIX/ASA Checklist
As with configuring any firewall, administrators should develop a checklist that they can use during the installation and implementation of the PIX/ASA firewall in the network | PIX ASA Checklist As with configuring any firewall administrators should develop a checklist that they can use during the installation and implementation of the PIX ASA firewall in the network. There are really two components to this checklist. First you want to define the implementation requirements and determine how the firewall should be configured and what options will be enabled. In essence design and plan your firewall implementation before you configure and implement the firewall. To help with the planning of your PIX ASA firewall implementation consider the following items although not an exhaustive list it is a good basic checklist for many environments Determine how many interfaces will be required. Determine how the interfaces will need to be configured for example interface speed and duplex . Determine the IP addresses that will be assigned to the firewall interfaces and how the addresses will be assigned for example static IP addresses or DHCP configuration . Determine what type of routing will be used dynamic or static and define any static and default routes. Determine how NAT will be used for example static dynamic no NAT at all or any combination of the three . Define which internal hosts will need to be accessed from the outside and whether that access will be handled by static NAT or without NAT. Define which ACLs both inbound and outbound will be required. Define how authentication and command authorization on the PIX will be handled for example will a AAA server be required . Define the firewall administrator roles and the corresponding access levels that will be required. Will remote-access or LAN-to-LAN VPNs be configured on the PIX ASA If so define the VPN configuration settings. Define the passwords that will be used on the firewall. Define how the PIX will be managed for example using Telnet SSH ASDM and from what networks or hosts remote access will be permitted. Define how logging will be handled for example will the PIX ASA log to a .
đang nạp các trang xem trước