A basic lesson on establishing rules and creating VPNs.

Tod Ferran, CISSP, QSA
By: Tod Ferran
Let’s discuss some basic firewall configurations. I have chosen to use a Cisco ASA 5505 as an example. It is a business-class firewall that can be purchased for less than $400. Before you purchase a firewall, be sure to consult a HIPAA security expert or PCI security expert to discuss which one will work best for your business.


SEE ALSO: How Does a Firewall Protect a Business?


Due to the technical nature of firewalls, a detailed step-by-step guide is beyond the scope of this blog post. However, I will provide some direction and screenshots to help illustrate the process.

Understanding interfaces

The Cisco ASA 5505 firewall has 8 ports, also known as ‘switch ports’ or ‘interfaces’. Instead of starting with number 1, they start with number 0, so the ports are numbered 0 through 7. Sometimes IT geeks make things really confusing.

We will be using two ports today, Switch Port 0 and Switch Port 1. In Switch Port 0 we will connect the cable from our Internet provider and in Switch Port 1 we will connect our office network. That way, the firewall is between our office computers and the big bad Internet.

SEE ALSO: Configuring and Maintaining Your Firewall with SecurityMetrics Managed Firewall

Step 1: Add Switch Ports

First we need to go into the ‘Interfaces’ screen and ‘Add’ both Switch Port 0/0 and 0/1.



Step 2: Name Switch Ports

Let’s give each one a name in the ‘Advanced’ tab. Use the ‘VLAN ID’ field. Name Ethernet 0/0 ‘Outside’ and Ethernet 0/1 ‘Inside’. The names are strictly for your use so you can easily identify what should be connected to which Switch Port. Remember to check the box ‘Enable Switch Port’.

Note: if you were segmenting your network, you would enable additional Switch Ports and name them after each segment attached to each Switch Port.


Step 3: Set Security

Next we need to set the security levels on each Switch Port. Set the ‘Inside’ level to 100 and ‘Outside’ level to 0. We also need to configure the IP addresses here for each Switch Port.

Note: If you were segmenting your network, security levels would be different.


Step 4: Set up ACLs

Now we need to set up our rules, or Access Control Lists (ACLs). The ACLs will help the firewall decide what it permits and what it denies.

Since we need to add rules for each computer, grouping similar computers and choosing a group name makes this a lot easier. Be sure to name each rule with a description that makes sense to you. For HIPAA or PCI compliance, document each rule and the business need for the rule. Keep this documentation with your other HIPAA or PCI security documents.

SEE ALSO: Understanding the HIPAA Application of Firewalls




Step 5: Set up VPNs

Let’s set up virtual private networks (VPNs) for those who need remote access. Remember, a VPN is a protected tunnel or pipe between an office computer and another computer connecting in through the Internet and should require a username, password and secret code unique to the remote computer.

In our firewall example, the “Pre-shared Key” is our secret password. Use an X.509 certificate for a unique secret password. Here is a quick look at the launch screen for the VPN wizard, which walks you through setting up remote access.


Now remember, this isn’t meant to be a certified way to configure a firewall. This is just a tutorial to help you understand important aspects of configuration. When using tutorials, or even if you decide to configure your own firewall, be sure to have a security expert review your configuration to make sure it is set up to keep you and your data as safe as possible.



Tod Ferran (CISSP, QSA) is a Mensa aficionado, Cancun expert, and Security Analyst for SecurityMetrics with over 25 years of IT security experience. In addition to his many speaking engagements and webinars, he provides security consulting, risk analysis assistance, risk management plan support, and performs security, HIPAA, and PCI compliance audits. Connect with him for recommendations on excellent places to stay, activities, and restaurants in Cancun, or check out his other blog posts here.