Brocade : Zone‐Based Firewall
Today I am going to talk about the configuration of the Brocade router as Zone-Based Firewall. The first query in your mind will be that what is this zone based firewalls are ?
Well Zone based Firewalls are interfaces that are grouped into security “zones,” where each interface in a zone has the same security level.
In the Zone Based Firewalls, the packet-filtering policies are applied to the traffic flowing between the various zones in the network which is defined by the network administrator . So the concept is simple that the traffic flowing between interfaces that is there in the same zone is not filtered and flows freely because the interfaces share the same security level and the traffic flowing between the different zones will be filtered accordingly as security level can be different for different zones.
I will come up the Zone based Firewalls for Cisco soon in another article where i can share the configurations with the topology. This article is purely of Brocade where it is worked as Zone Based Firewall.
So below is the network where we defined three different zones which is defined by network administrator as per the demand in the network. The Zones are
Well Zone based Firewalls are interfaces that are grouped into security “zones,” where each interface in a zone has the same security level.
In the Zone Based Firewalls, the packet-filtering policies are applied to the traffic flowing between the various zones in the network which is defined by the network administrator . So the concept is simple that the traffic flowing between interfaces that is there in the same zone is not filtered and flows freely because the interfaces share the same security level and the traffic flowing between the different zones will be filtered accordingly as security level can be different for different zones.
I will come up the Zone based Firewalls for Cisco soon in another article where i can share the configurations with the topology. This article is purely of Brocade where it is worked as Zone Based Firewall.
So below is the network where we defined three different zones which is defined by network administrator as per the demand in the network. The Zones are
- Public Zone
- Private Zone
- DMZ Zone
Below is the topology showing the three different zones in the network
 |
| Fig 1.1- Zone Based Firewall |
We define these zone and on the basis of it below are the configurations on the router defines the various zones
Create a zone named private and attach interfaces to it
ttlbits@R1# set security zone‐policy zone private description PRIVATE
ttlbits@R1# set security zone‐policy zone private interface dp0p1p1
ttlbits@R1# set security zone‐policy zone private interface dp0p1p1
ttlbits@R1# set security zone‐policy zone private interface dp0p1p2
Create a zone named dmz and attach an interface to it
ttlbits@R1# set security zone‐policy zone dmz description DMZ
ttlbits@R1# set security zone‐policy zone dmz interface dp0p1p3
Create a zone named public and attach an interface to it
ttlbits@R1# set security zone‐policy zone public description PUBLIC
ttlbits@R1# set security zone‐policy zone public interface dp0p1p4
Create rule sets named to_private, to_dmz, and to_public
ttlbits@R1# set security firewall name to_private rule 1 action accept
ttlbits@R1# set security firewall name to_dmz rule 1 action accept
ttlbits@R1# set security firewall name to_public rule 1 action accept
Attach the rule sets to each zone
ttlbits@R1# set security zone‐policy zone private to dmz firewall to_dmz
ttlbits@R1# set security zone‐policy zone private to public firewall to_public
ttlbits@R1# set security zone‐policy zone private to public firewall to_public
ttlbits@R1# set security zone‐policy zone dmz to private firewall to_private
ttlbits@R1# set security zone‐policy zone dmz to public firewall to_public
ttlbits@R1# set security zone‐policy zone dmz to public firewall to_public
ttlbits@R1# set security zone‐policy zone public to dmz firewall to_dmz
ttlbits@R1# set security zone‐policy zone public to private firewall to_private
ttlbits@R1# set security zone‐policy zone public to private firewall to_private
ttlbits@R1# commit
ttlbits@R1# show security zone‐policy
zone dmz {
description DMZ
interface dp0p1p3
to private {
firewall to_private
}
to public {
firewall to_public
} }
zone private {
description PRIVATE
interface dp0p1p1
interface dp0p1p2
to dmz {
firewall to_dmz
}
to public {
firewall to_public
} }
zone public {
description PUBLIC
interface dp0p1p4
to dmz{
firewall to_dmz
}
to private {
firewall to_private
} }
Filtering Traffic Between the Transit Zones
ttlbits@R1# set security zone‐policy zone dmz description “DMZ ZONE”
ttlbits@R1# set security zone‐policy zone dmz interface dp0p1p3
ttlbits@R1# set security zone‐policy zone private description “PRIVATE ZONE”
ttlbits@R1# set security zone‐policy zone private interface dp0p1p1
ttlbits@R1# set security zone‐policy zone private interface dp0p1p2
ttlbits@R1# set security zone‐policy zone public description “PUBLIC ZONE”
ttlbits@R1# set security zone‐policy zone public interface dp0p1p4
ttlbits@R1# commit
