Sie sind auf Seite 1von 9

Lab 6: Evaluating Firewall Policies to Manage Network Traffic

Objective
This lab teaches the fundamentals of implementing firewall policies and
understanding its effect on application performance and link utilizations.

Overview
Standard Chartered Bank’s headquarters network connects to the Internet
through a CISCO PIX Firewall. Users use various online applications
including e-mail, web browsing, and credit card authorization. In addition,
some users are doing illegal file transfers for pirated music and videos. First
we’ll evaluate the application performance with no firewall policies. Thus, no
illicit traffic is blocked.

Standard Chartered Bank’s most critical application is credit card


authorization. It is required to have a response time of less than 2 seconds.

Lab Instructions
Step 1: Open Lab 1

1. Start IT Guru.

2. Select File Open…

3. Scroll down to the project named Firewall_Implementation, select it and


click OK.

OPNET IT Guru Lab 6, Page 1


Simulate the network for a busy hour of the day to evaluate the performance
of the critical application.

Step 2: Configure and Run the Simulation

Evaluate the network performance for a busy hour of the day.

1. Click on the configure/run simulation toolbar button.

2. Make sure the Simulation Duration is set to 1 hour.

3. Click Run. Monitor the progress bar as the simulation proceeds.

OPNET IT Guru Lab 6, Page 2


4. When the simulation completes, Click Close.

Step 3: View Results

View the credit card authorization response time for all the users and also the
WAN link utilization. As mentioned earlier, the critical credit card authorization
application’s response time is required to be less than 2 seconds.

1. Right-click in the workspace and select View Results.

2. Choose Global Statistics DB Query Response Time (sec).

3. Select Show. Now add the average curve to this window.

4. Change the filter from As Is to average and click Add.

OPNET IT Guru Lab 6, Page 3


5. Click on the graph window having the discrete data points for this statistic
to add this curve on that panel.

6. Click Close in the View Results window.

7. Right-click on the WAN link and select View Results to view its utilization.

OPNET IT Guru Lab 6, Page 4


8. Choose point-to-point utilization and click Show.

Note: To toggle the graphs on and off, use the hide or show all graphs
button.

9. Close the View Results window.

OPNET IT Guru Lab 6, Page 5


Your results should be similar to the graph above.
• The results show that the Credit Card Authorization Response Time is
above the required limit of 2 seconds.
• Also the WAN link utilization is high which might contribute to
unacceptable application response times.

The company decided to configure the firewall to block peer-to-peer file


transfers to see its effect on the application performance.

Step 4: Duplicate Scenario

1. Select Scenarios Duplicate Scenario…

2. Give the name as Firewall Implemented.

Step 5: Configure the CISCO PIX Firewall

Configure the firewall to block video traffic.

1. Right-click on the CISCO PIX Firewall and select Edit Attributes.

2. Click in the Value column for Proxy Server Information.

OPNET IT Guru Lab 6, Page 6


3. Scroll down to Voice and change the value for Proxy Server Deployed
from Yes to No and then click OK twice.

Step 6: Configure and Run the Simulation

Rerun the simulation for a busy hour of the day to see if implementing the
firewall improves application performance.

• Refer to previous steps for setting the duration and running the simulation.

OPNET IT Guru Lab 6, Page 7


Step 7: Compare Results

Compare the Credit Card Authorization Application Response Time and also
the WAN link utilization.

1. Right-click in the workspace and select Compare Results.

2. Choose Global Statistics DB Query Response Time (sec).

3. Click Show and then click Close in the View Results window.

4. Right-click on the WAN link and select Compare Results.

5. Choose point-to-point utilization .

6. Click Show and then close the View Results window.

OPNET IT Guru Lab 6, Page 8


Conclusion

• As expected, the results show that implementing the firewall had a


significant improvement in the credit card authorization application
performance.

• The utilization graph shows significant reduction in the WAN link utilization
due to the firewall policy, thereby improving the application performance.

• By mandating the firewall policy to stop illicit peer-to-peer file transfers, the
company is able to achieve the required performance for the critical credit
card authorization.

Advanced Scenario

• Advanced Scenario 1. Duplicate the scenario


Without_Firewall_Implementation and then, instead of implementing the
firewall, upgrade the WAN link and see its effect on the critical application
response time.

OPNET IT Guru Lab 6, Page 9