Beruflich Dokumente
Kultur Dokumente
Unit IV-1
Authentication
Page 233 s266
Authentication: Objectives
Authentication Types
User
• Authenticates users for specific services (FTP,
HTTP, HTTPS, TELNET and RLOGIN)
Client
• Authenticates users of any service; user required
to telnet to port 259 on the firewall or with a web
browser to HTTP port 900 to authenticate the user
for a service
Session
• Like client authentication, however with the
authentication agent, user does not have to telnet
to the firewall
Page 234 s268
User Authentication
Client Authentication
Client initiates a TELNET or HTTP connection
to the firewall. Client authentication requires
users to TELNET to port 259 or connect to the
firewall with a Web browser on HTTP port 900
to be authenticated for a service. The firewall
asks for the ID and password and verifies the
user is authentic.
FireWall-1 recognizes client’s IP address and
allows access to the destination server.
Connection to the destination server is closed by
time-out, logout or number of sessions.
Page 237 s270
Session Authentication
Authentication Schemes
Authentication Setup
User Properties
Select the Authentication tab
of User Properties
Select the
Authentication scheme
Authentication
Screens vary
depending on the
scheme selected
Page 242 s274
Select
OS Password
and specify the
user properties
Page 242 s276
Select
FireWall-1 Password
and specify the
user properties
Page 243 s277
Unit IV-2
Network Address
Translation
Page 257 s285
Legal IP Addresses
204.32.38.111
204.32.38.112
Illegal/Reserved IP Addresses
192.168.1.1
192.168.1.2
Page 258
Availability of IP Addresses
3 main classes of IP addresses: A, B and C:
• A class address:
127 networks, ~16M hosts/network
• B class address:
16,000 networks, 65,532 hosts/network
• C class address:
~2M networks, 254 hosts/network
Class First Byte Decimal Binary Format
Range Format
A 1-127 10.1.1.13 00001010.00000001.00000001.00001101
RFC 1918
NAT Modes
EXTERNAL INTERNAL
Static
Network
Legal IP Address Illegal/Reserved
Source IP Address
204.32.38.1 192.168.1.1
Mode
Page 261 s292
EXTERNAL INTERNAL
Static
Static
Network
Legal IP Address Illegal/Reserved
IP Address
204.32.38.1 Destination
Destination 192.168.1.1
Mode
Mode
Page 263 s293
Hide Mode
EXTERNAL INTERNAL
Hide
Network
1 Legal IP Address Multiple Illegal/
204.32.38.1 Mode Reserved IP
Addresses:
198.132.176.0
Page 264 s294
Automatically generated
Page 283 s298
Final
Scenario
Page 284 s299