MikroTikRouterOS⢠adalah sistem operasi linux yang dapat digunakan untuk menjadikan komputer menjadi router network yang handal, mencakup berbagai fitur yang dibuat untuk ip network dan jaringan wireless, cocok digunakan oleh ISP dan provider hostspot. Ada pun fitur2 nya sbb: * Firewall and NAT - stateful packet filtering; Peer-to-Peer protocol filtering; source and destination NAT
KemudianKlik pada Quiqk Setup ikuti pentunjuk seperti diatas gambar TP Link WA 5210G 1.2. TP Link WA 5210G 1.3. Jika Ingin menjadi Akses Point atau Pemancar langsung Klik / Centang Button AP, seperti petunjuk Gambar TP Link WA 5210G 1.3 kemudian Klik Next , TP Link WA 5210G 1.4. nanti anda akan dihadapkan dengan menu sesuai petunjuk Gambar TP
CaraSetting VoIP pada Cisco Packet Tracer 1. Buka software cisco packet tracker. 2. Siapkan sebuah router , sebuah switch , dan tiga buah ip phone. 3. Sambungkan ip phone ke switch, dan dari switch ke router menggunakan kabel jenis straigh-trough. 4. Colokkan power adaptor pada masing-masing ip phone.
Preparefor your Cisco certification with a Cisco Study Bundle at a discounted price. Upcoming Webinars. View the full list of upcoming events. Featured learning. CCNA Certification Training Videos. Time 41 hrs 55 mins. Cisco Certified CyberOps Associate Training Videos. Time 1 hr 2 mins.
sampaitahap ini konfigurasi asa ke internet sudah selesai untuk pengujian dapat di lakukan dengan cara ping ke dari cisco asa. // Tes Ping dari ASA ke 8.8.8.8. // Setting DNS untuk int outside agar bisa melakukan ping via domain. // Tes Ping dari ASA ke Google. Sampai tahap ini ASA sudah dapat melakukan ping ke google.com. selanjutnya
4 Setting IP Address di Client (PC dan Laptop nya). Jika sudah, silakan coba ping ke router dan antar client. Jika settingan benar, maka ping akan berhasil. Jika setingan sudah benar tapi ping masih RTO, pastikan firewall windows nya sudah di disable.
K2tO. Contents Table of Contents Troubleshooting Bookmarks Quick Links Cisco ASA 5500 Series Configuration Guide using ASDM Software Version for use with Cisco ASA 5500 Version Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA Tel 408 526-4000 800 553-NETS 6387 Fax 408 527-0883 Customer Order Number N/A, Online only Text Part Number OL-20339-01 Chapters Related Manuals for Cisco ASA 5505 Summary of Contents for Cisco ASA 5505
Youâve graduated from setting up that new wireless router and are ready for your next adventure setting up a firewall. Gulp. We know, seems really intimidating. But breathe easy, because weâve broken it down to 6 simple steps that should help you on your way to network-security nirvana. And off we go⌠Step 2 Architect firewall zones and IP addresses No heavy lifting required. To best protect your networkâs assets, you should first identify them. Plan out a structure where assets are grouped based on business and application need similar sensitivity level and function, and combined into networks or zones. Donât take the easy way out and make it all one flat network. Easy for you is easy for attackers! All your servers that provide web-based services email, VPN should be organized into a dedicated zone that limits inbound traffic from the internetâoften called a demilitarized zone, or DMZ. Alternatively, servers that are not accessed directly from the internet should be placed in internal server zones. These zones usually include database servers, workstations, and any point of sale POS or voice over internet protocol VoIP devices. If you are using IP version 4, internal IP addresses should be used for all your internal networks. Network address translation NAT must be configured to allow internal devices to communicate on the internet when necessary. After you have designed your network zone structure and established the corresponding IP address scheme, you are ready to create your firewall zones and assign them to your firewall interfaces or sub-interfaces. As you build out your network infrastructure, switches that support virtual LANs VLANs should be used to maintain level-2 separation between the networks. Step 3 Configure access control lists Itâs your party, invite who you want. Once network zones are established and assigned to interfaces, you will start with creating firewall rules called access control lists, or ACLs. ACLs determine which traffic needs permission to flow into and out of each zone. ACLs are the building blocks of who can talk to what and block the rest. Applied to each firewall interface or sub-interface, your ACLs should be made specific as possible to the exact source and/or destination IP addresses and port numbers whenever possible. To filter out unapproved traffic, create a âdeny allâ rule at the end of every ACL. Next, apply both inbound and outbound ACLs to each interface. If possible, disable your firewall administration interfaces from public access. Remember, be as detailed as possible in this phase; not only test out that your applications are working as intended, but also make sure to test out what should not be allowed. Make sure to look into the firewalls ability to control next generation level flows; can it block traffic based on web categories? Can you turn on advanced scanning of files? Does it contain some level of IPS functionality. You paid for these advanced features, so donât forget to take those "next steps" Step 4 Configure your other firewall services and logging Your non-vinyl record collection. If desired, enable your firewall to act as a dynamic host configuration protocol DHCP server, network time protocol NTP server, intrusion prevention system IPS, etc. Disable any services you donât intend to use. To fulfill PCI DSS Payment Card Industry Data Security Standard requirements, configure your firewall to report to your logging server, and make sure that enough detail is included to satisfy requirement through of the PCI DSS. Step 5 Test your firewall configuration Donât worry, itâs an open-book test. First, verify that your firewall is blocking traffic that should be blocked according to your ACL configurations. This should include both vulnerability scanning and penetration testing. Be sure to keep a secure backup of your firewall configuration in case of any failures. If everything checks out, your firewall is ready for production. TEST TEST TEST the process of reverting back to a configuration. Before making any changes, document and test your recovering procedure. Step 6 Firewall management All fires need stoking. Once your firewall is configured and running, you will need to maintain it so it functions optimally. Be sure to update firmware, monitor logs, perform vulnerability scans, and review your configuration rules every six months.
Table Of Contents Configuring a Simple Firewall Configure Access Lists Configure Inspection Rules Apply Access Lists and Inspection Rules to Interfaces Configuration Example Configuring a Simple Firewall The Cisco 850 and Cisco 870 series routers support network traffic filtering by means of access lists. The routers also support packet inspection and dynamic temporary access lists by means of Context-Based Access Control CBAC. Basic traffic filtering is limited to configured access list implementations that examine packets at the network layer or, at most, the transport layer, permitting or denying the passage of each packet through the firewall. However, the use of inspection rules in CBAC allows the creation and use of dynamic temporary access lists. These dynamic lists allow temporary openings in the configured access lists at firewall interfaces. These openings are created when traffic for a specified user session exits the internal network through the firewall. The openings allow returning traffic for the specified session that would normally be blocked back through the firewall. See the Cisco IOS Security Configuration Guide, Release for more detailed information on traffic filtering and firewalls. Figure 8-1 shows a network deployment using PPPoE or PPPoA with NAT and a firewall. Figure 8-1 Router with Firewall Configured 1 Multiple networked devicesâDesktops, laptop PCs, switches 2 Fast Ethernet LAN interface the inside interface for NAT 3 PPPoE or PPPoA client and firewall implementationâCisco 851/871 or Cisco 857/876/877/878 series access router, respectively 4 Point at which NAT occurs 5 Protected network 6 Unprotected network 7 Fast Ethernet or ATM WAN interface the outside interface for NAT In the configuration example that follows, the firewall is applied to the outside WAN interface FE4 on the Cisco 851 or Cisco 871 and protects the Fast Ethernet LAN on FE0 by filtering and inspecting all traffic entering the router on the Fast Ethernet WAN interface FE4. Note that in this example, the network traffic originating from the corporate network, network address is considered safe traffic and is not filtered. Configuration Tasks Perform the following tasks to configure this network scenario â˘Configure Access Lists â˘Configure Inspection Rules â˘Apply Access Lists and Inspection Rules to Interfaces A configuration example that shows the results of these configuration tasks is provided in the "Configuration Example" section. Note The procedures in this chapter assume that you have already configured basic router features as well as PPPoE or PPPoA with NAT. If you have not performed these configurations tasks, see Chapter 1 "Basic Router Configuration," Chapter 3 "Configuring PPP over Ethernet with NAT," and Chapter 4 "Configuring PPP over ATM with NAT," as appropriate for your router. You may have also configured DHCP, VLANs, and secure tunnels. Configure Access Lists Perform these steps to create access lists for use by the firewall, beginning in global configuration mode Command Purpose Step 1 access-list access-list-number {deny permit} protocol source source-wildcard [operator [port]] destination Example Routerconfig access-list 103 deny ip any any Routerconfig access-list 103 permit host eq isakmp any Routerconfig Creates an access list which prevents Internet- initiated traffic from reaching the local inside network of the router, and which compares source and destination ports. See the Cisco IOS IP Command Reference, Volume 1 of 4 Addressing and Services for details about this command. Configure Inspection Rules Perform these steps to configure firewall inspection rules for all TCP and UDP traffic, as well as specific application protocols as defined by the security policy, beginning in global configuration mode Command or Action Purpose Step 1 ip inspect name inspection-name protocol Example Routerconfig ip inspect name firewall tcp Routerconfig Defines an inspection rule for a particular protocol. Step 2 ip inspect name inspection-name protocol Example Routerconfig ip inspect name firewall rtsp Routerconfig ip inspect name firewall h323 Routerconfig ip inspect name firewall netshow Routerconfig ip inspect name firewall ftp Routerconfig ip inspect name firewall sqlnet Routerconfig Repeat this command for each inspection rule that you wish to use. Apply Access Lists and Inspection Rules to Interfaces Perform these steps to apply the ACLs and inspection rules to the network interfaces, beginning in global configuration mode Command Purpose Step 1 interface type number Example Routerconfig interface vlan 1 Routerconfig-if Enters interface configuration mode for the inside network interface on your router. Step 2 ip inspect inspection-name {in out} Example Routerconfig-if ip inspect firewall in Routerconfig-if Assigns the set of firewall inspection rules to the inside interface on the router. Step 3 exit Example Routerconfig-if exit Routerconfig Returns to global configuration mode. Step 4 interface type number Example Routerconfig interface fastethernet 4 Routerconfig-if Enters interface configuration mode for the outside network interface on your router. Step 5 ip access-group {access-list-number access-list-name}{in out} Example Routerconfig-if ip access-group 103 in Routerconfig-if Assigns the defined ACLs to the outside interface on the router. Step 6 exit Example Routerconfig-if exit Routerconfig Returns to global configuration mode. Configuration Example A telecommuter is granted secure access to a corporate network, using IPSec tunneling. Security to the home network is accomplished through firewall inspection. The protocols that are allowed are all TCP, UDP, RTSP, NetShow, FTP, and SQLNet. There are no servers on the home network; therefore, no traffic is allowed that is initiated from outside. IPSec tunneling secures the connection from the home LAN to the corporate network. Like the Internet Firewall Policy, HTTP need not be specified because Java blocking is not necessary. Specifying TCP inspection allows for single-channel protocols such as Telnet and HTTP. UDP is specified for DNS. The following configuration example shows a portion of the configuration file for the simple firewall scenario described in the preceding sections. ! Firewall inspection is set up for all TCP and UDP traffic as well as ! specific application protocols as defined by the security policy. ip inspect name firewall tcp ip inspect name firewall udp ip inspect name firewall rtsp ip inspect name firewall h323 ip inspect name firewall netshow ip inspect name firewall ftp ip inspect name firewall sqlnet interface vlan 1 ! This is the internal home network. ip inspect firewall in ! Inspection rules for the internal interface. interface fastethernet 4 ! FE4 is the outside or Internet-exposed interface. ! acl 103 permits IPSec traffic from the corp. router ! as well as denies Internet-initiated traffic inbound. ! acl 103 defines traffic allowed from the peer for the IPSec tunnel. access-list 103 permit udp host any eq isakmp access-list 103 permit udp host eq isakmp any access-list 103 permit esp host any ! Allow ICMP for debugging but should be disabled because of security implications. access-list 103 permit icmp any any access-list 103 deny ip any any ! Prevents Internet-initiated traffic inbound. ! acl 105 matches addresses for the ipsec tunnel to or from the corporate network. access-list 105 permit ip
KONFIGURASI FIREWALL DI CISCO PACKET TRECER STUDI KASUS Ă Terdapat 5 buah gedung dengan ip address yang berbeda Ă Terdapat 2router, dimana router tersebut terhubung ke internetcloud Ă Semua gedung mempunyai 1server,1 switch Ă 2gedungkiri masing-masing 20pc,1 access point, 2 printer,1tv ditambah beberapa pengguna wifi Ă 3 gedungkananmasing-masing 30pc,2acces point,3printer,1tv, ditambah beberapa pengguna wifi Catatan ĂźSemua perangkat harus terkoneksi dengan baik Ăź Komputer STM harus bisa nge-print di printer SMEA atau gedung manapun Ăź Wifi di setiap gedung harus di beri pengaman berupa password supaya tidak semua masyarakat dapat menikmati fasilitas wifi Ăź Tv di setiap gedung harus bisa menyala semua Cara Kerja 1. Buka aplikasi Cisco Packet Tracer yang anda punya. saya versi 2. Device yang dibutuhkan 1 cloud 2 router 4 buah server 4 buah switch 4 access point 5 printer 130 pc 3. buat design Jaringan seperti di bawah ini ! 1. SETTING SEMUA SERVER DENGAN MENGGUNAKAN DHCP lingkaran merah adalah nama server kotak warna merah adalah IP server IP server STM DAN Default Gaeteway nya IP server SMEA DAN Default Gaeteway nya IP server Kampus DAN Default Gaeteway nya IP server STM DAN Default Gaeteway nya 2. SETTING SEMUA ACCES POINT untuk mengamankan dan memberi password Ăź untuk acces point STM Ăź klik acces pointĂ klik configĂ KLIK PORT1Ă port status ONĂ Masukan SSIDnama wireless stmĂ klik WPA2-PSK 9untuk memberi passwordĂ masukan password âSMKDINAMIKA1âĂ untuk encription type nya pilih yang AESĂ OK Ăź Untuk Wireless SMEA lakukan Hal yang sama sperti langkah di wireless STM Ăź untuk password, masukan password âSMKDINAMIKA2â Ăź Karena sesuai kebutuhan,, untuk kampus dikasih 2 access point dengan jarak yang berjauhan Ăź access point pertama bernama âaccess kampus1â dengan password ârahasiakampusâ Ăź access point pertama yang kedua âaccess kampus2â dengan password ârahasiakampusduaâ Ăź yang terakhir adalah accespoint âyalwash9â dan beri password âWIFI_IniSangatRahasia PRINTER SEMUA GEDUNG Ăź untuk yang tidak terkoneksi dengan wireless langsung saja klik printerĂ configĂ fastEthernet0Ă lalu klik yang dhcp Ăź untuk printer yang menggunakan wireless, Matikan printerĂ lalu ganti dengan port untuk wireless Ăź Setelah diganti portnya,, klik configĂ masukan SSIDNama wireless yang di koneksikanĂ KLIK WPA2-PSKĂ masukan passwordĂ lalu klik DHCP LAPTOP CLIENT UMTUK MENDAPATKAN ALAMAT IP SERTA AGAR DAPAT MENIKMATI AKSES INTERNET Matikan laptop dan ganti dengan port wireless klik laptopĂ klik dekstopĂ klik pc wirelessĂ klik connectĂ pilih wifi mana yang akan digunakan Lalu masukan password HP CLIENT Ă KLIK device yang akan di setting Ă klik config Ă klik wireless 0 Ă masukan SSID wifi yang akan di hubungkan Ă Masukan password Ă klik DHCP IP ROUTER 1 Ă klik router1 Ă Masukan untuk port rj45 Ă untuk fa6/0 terhubung dengan switch stm, Masukan Gateway STM pada fa6/0 subnetmask Ă untuk port fa8/0 sama dengan part fa6/0, masukan Gateway SMEA subnetmask Ă untuk port 7/0 menghubungkan ke cloudinternet masukan ip nya dan subnetmasknya Ă dan untuk port 5/0 berfungsi untuk menghubungkan ke router yang satunya dengan IP Router subnetmassk 7. SETTING IP ROUTER 2 Ă klik router 2 Ă Masukan port rj45 Ă klik config Ă klik fa9/0 untuk menghubungkan dengan switch universitas. Ă Masukan gateway universitas netmask Ă klik fa6/0 untuk menghubungkan dengan switch Yayasan/TU Ă Masukan gateway Yayasan subnet mask Ă klik fa8/0 untuk menghubungkan dengan router 1 Ă IP Route subnetmask 8. Setting RIP PADA KEDUA ROUTER Ă klik router 1 Ă klik config Ă klik rip Ă masukan semua gateway dan ip route yang telah dimasukan Ă lalu klik add Ă lalu klik add Ă lalu klik add Ă lalu klik add Ă lalu klik add Ă Lakukan hal yang sama pada router kedua 9. SETTING CLOUD Ă klik cloud Ă klik config Ă klik tv setting Ă klik browse Ă masukan gambar lalu klik tanda + 10. SETTING TV klik tv klik on tv stm tv SMEA TV YAYASAN KET semua tv terhubung dengan baik Tahap Pengecekan Jika sudah selesai semua dilakukan, mari kita test apakah settingan yang anda lakukan berhasil atau test ping printer dari client PC SMEA ke TU3. test ping laptop yang menggunakan wireless ke printer wireless kampus4. test penggunaan cloud 1. test ping dari server STM ke yayasan jika semua berhasil, kalian telah sukses mengikuti semua instruksi/tutorial dengan baik JKETERANGAN1 Setiap gedung tidak harus memiki 20PC, karena sesuai penggunaanya. Mengapa di TU hanya sedikit? karena orang TU/Yayasan tidak membutuhkan banyak pc. 2. Setiap gedung juga tidak harus memiliki 2accespoint. Mengapa di Kampus ada dua acces point? karena sesuai penggunaannya, mahasiswa di kampus lebih membutuhkan accespoint dikarenakan halaman kampus yang luas dan untuk memudahkan pada mahasiswa untuk belajar di halaman kampus dengan menggunakan wifi kampus3. Printer di gedung STM,SMEA dan kampus memiliki 2 printer, berfungsi agar suatu saat salah satu printer di gedung stm rusak, bisa ngeprint di gedung smea atau di yayasan/TU membutuhkan banyak printer? karena yayasan butuh data/laporan dari setiap gedung, sehingga memudahkan suatu pekerjaan agar orang TU tidak perlu berjalan ke setiap gedung untuk membutuhkan data, TAPI tinggal ping ke suatu tujuan dan meminta data untuk di print di TU. Membutuhkan banyak karena sesuai penggunaannya, TU menggunakan banyak printer untuk keperluan percetakan di setiap gedung yang tv di gedung STM,SMEA digunakan untuk para guru yang sedang ber istirahat dan untuk di YAYASAN pun sama seperti itu. KECUALI di kampus tidak membutuhkan tv, karena dinilai kurang efektif/efisien bagi para mahasiswa5. Mengapa membutuhkan 2 router? agar pembaca di tutorial yang saya buat ini mengerti bagaimana cara men setting 2 router dengan masing-masing router memiliki beberapa jaringan. PENUTUP Penulis berterimakasih kepada yang telah memberi rahmat dan kehadirat-Nya sehingga dapat menyelesaikan tugas âmembuat tutorial pada cisco packet tracerâ penulis juga berterimakasih kepada guru yang telah memberi tugas ini sehingga penulis dapat mengetahui dan mendalami bagaimana cara menggunakan aplikasi cisco packet tracer ini. penulis meminta maaf bila ada kesalahan atau tutorial yang kurang dimengerti. Penulis juga meminta maaf karena sedikit telat dalam pengumpulan tugas tutorial ini. Semoga tutorial ini bermanfaat bagi para pembaca atau para pemula yang ingin belajar aplikasi Cisco Packet Tracer.
cara setting firewall cisco
