Home LAB SETUP
Laptop/PC - 8 GB RAM is recommended
Requirements :
1) VM Workstation
2) PA Image
Content ID & Global Protect isn't possible in virtual environment.
Without License Traffic Flowing Can't be tested on Home LAB (in Monitor)
But we may use session
1) Show session id
2) show session all
3) show session filter application
Labs can be done
1) Security Policy
2) NAT Policy
3) SSL Decryption Policy
4) App-ID
5) User-ID
6) HA
7) Ipsec site to site VPN
8) Packet Capture
Basic Setup
Step 1 : Configure Zones
Go to Network --> Zones
Configure LAyer3 interface with both inside and outside Zones
Step 2 : Configure Interface
e1/1 : Layer 3 Mode
Security Zone : Inside
Virtual Router : Default
IP Config : 192.168.204.1/24
e1/2 : Layer 3 Mode
Security Zone : DMZ
Virtual Router : Default
IP Config : 192.168.245.1/24
e1/3 : Layer 3 Mode
Security Zone : Outside
Virtual Router : Default
IP Config : 192.168.194.1/24
So we configured all three interfaces and "Commit" changes.
Step 3 : Create Default Static Router
Default Virtual Router
Name : Default-Router
Destination : 0.0.0.0/0
Next Hop : e1/3 , 192.168.194.254 (IP of ISP)
Step 4 : Create Management Profile "PING" so that we could ping firewall's interfaces from VM's when kept in respective zones.
Network --> Network Profiles --> Interface Management Profile
Create new one "PING" to allow ping
Now attach this "PING" profile to all three interfaces & "COMMIT" changes.
Lab Setup
Take two windows XP1 & XP2 system . Put one of them in Inside and other in DMZ.
XP1 = 192.168.204.129
XP2 = 192.168.245.129
Take another Linux System in Outside Zone and configure it as Web Server.
Linux Box = 192.168.194.129
Comments