logo Use CA10RAM to get 10%* Discount.
Order Nowlogo
(5/5)

Create a packet filter definition using the NET standard spreadsheet for a firewall that connects TRSP

INSTRUCTIONS TO CANDIDATES
ANSWER ALL QUESTIONS

Create a packet filter definition using the NET standard spreadsheet for a firewall that connects TRSP.com, a mid-sized enterprise, to the Internet through a regional ISP per the following specifications.

The ISP provides two addresses to the enterprise on the 1.2.3.128/26 network segment. 1.2.3.141 is the address assigned to the firewall and is the target for a route to 2.2.3.196/28. 1.2.3.142 is a second address assigned that will be used for VPN access. The enterprise DMZ has been assigned the 2.2.3.196/28 address space by the ISP and all traffic between the DMZ and the Internet will be routed with no NAT processing.

The firewall’s address on this segment is 2.2.3.197. The enterprise uses an RFC 1918 compliant IP address scheme for their private network. Incoming VPN connections are placed into a virtual 10.1.1.0/24 segment. The remainder of the private network sits in the 10.2.0.0/16 address space which resides behind a router.

All servers reside in the 10.2.1.0/24 subnet within this space. Client machines reside on other /24 subnets. The link between this router and the firewall should be defined as a non-conflicting /30 segment. The enterprise offers several services. A mail server (2.2.3.199) sends and receives e-mail to Internet hosts. Outgoing mail is forwarded to the ISP mail server (1.2.6.7). The mail server also provides HTTPS based web mail access.

A web server (2.2.3.200) provides access to web pages using both the HTTP and HTTPS protocols. A DNS server (2.2.3.201) resolves TSRP.com hostnames and forwards DNS requests for Internet names to the ISP DNS servers (1.2.5.5 and 1.2.5.6). A web proxy server (2.2.3.202) proxies outgoing HTTP for all enterprise hosts. Incoming client access VPN connections are serviced by the firewall on its second address. Clients are given addresses in the 10.1.1.0/24 virtual network segment. Remote firewall clients are treated identically as private clients with the exception of the 10.2.2.0/24 segment being unavailable to VPN clients.

The private network is in the 10.2.0.0/16 range. 10.2.1.0/24 contains all servers. 10.2.2.0/24 contains protected clients that should not be accessed remotely. The remainder of the address space is used for general purpose clients. While not all segments are currently in use there is no differentiation between them in terms of allowed network usage. There are three servers in the private server address space that require special network access.

A local mail server (10.2.1.100) receives and sends mail to/from the DMZ mail server. Two DNS servers (10.2.1.101 and 10.2.1.102) resolve names in the TSRP.lcl domain and provide Internet host name resolution to private clients. These name servers cannot recurse and must forward all non-local queries to the DMZ DNS server. In addition to these three special servers there are several file and print servers in the server address space that offer SMB based file and print services to private and VPN clients. Clients in the private network (including VPN clients) should have appropriate access to the private mail, DNS, and file/print servers. They should also have access to the DMZ web server.

All outgoing HTTP traffic from the private network must be proxied by the DMZ proxy server – no direct HTTP connections should be allowed to the Internet from the private zone. The enterprise does not have their own time server, instead using NTP servers from Internet pools. All clients and servers should be able to connect to any Internet servers running NTP

 

(5/5)
Attachments:

Related Questions

. Introgramming & Unix Fall 2018, CRN 44882, Oakland University Homework Assignment 6 - Using Arrays and Functions in C

DescriptionIn this final assignment, the students will demonstrate their ability to apply two ma

. The standard path finding involves finding the (shortest) path from an origin to a destination, typically on a map. This is an

Path finding involves finding a path from A to B. Typically we want the path to have certain properties,such as being the shortest or to avoid going t

. Develop a program to emulate a purchase transaction at a retail store. This program will have two classes, a LineItem class and a Transaction class. The LineItem class will represent an individual

Develop a program to emulate a purchase transaction at a retail store. Thisprogram will have two classes, a LineItem class and a Transaction class. Th

. SeaPort Project series For this set of projects for the course, we wish to simulate some of the aspects of a number of Sea Ports. Here are the classes and their instance variables we wish to define:

1 Project 1 Introduction - the SeaPort Project series For this set of projects for the course, we wish to simulate some of the aspects of a number of

. Project 2 Introduction - the SeaPort Project series For this set of projects for the course, we wish to simulate some of the aspects of a number of Sea Ports. Here are the classes and their instance variables we wish to define:

1 Project 2 Introduction - the SeaPort Project series For this set of projects for the course, we wish to simulate some of the aspects of a number of

Ask This Question To Be Solved By Our ExpertsGet A+ Grade Solution Guaranteed

expert
Um e HaniScience

588 Answers

Hire Me
expert
Muhammad Ali HaiderFinance

581 Answers

Hire Me
expert
Husnain SaeedComputer science

660 Answers

Hire Me
expert
Atharva PatilComputer science

876 Answers

Hire Me