MEENAKSHI SUNDARARAJAN ENGINEERING COLLEGE

#363, Arcot Road, Kodambakkam, Chennai – 600024, Tamil Nadu, India

Department: Computer Science & Engineering Register No.:311521104035

EX. NO : 10 STUDY TO CONFIGURE FIREWALL, VPN

AIM:
To study the role of firewalls and virtual private networks (VPNs) in providing security to shared public networks
such as the Internet.

FIREWALL:
A network security device that observes and filters incoming and outgoing network traffic, adhering
to the security policies defined by an organization. Essentially, it acts as a protective wall between a
private internal network and the public Internet.
Firewalls are network security systems that prevent unauthorized access to a network. It can be a
hardware or software unit that filters the incoming and outgoing traffic within a private network,
according to a set of rules to spot and prevent cyberattacks.
A firewall router is a specially programmed router that sits between a site and the rest of the network. It is
a router in the sense that it is connected to two or more physical networks, and it forwards packets from
one network to another, but it also filters the packets that flow through it.

TYPES OF FIREWALLS:
There are multiple types of firewalls based on their traffic filtering methods, structure, and
functionality. A few of the types of firewalls are:
 Software Firewall
 Hardware Firewall
 Packet Filters
 Stateful Inspection Firewall
 Application Layer Firewall
 Next-generation Firewall
 Circuit-level gateways
 Cloud Firewall

Functions of Firewall:
The most important function of a firewall is that it creates a border between an external network and the
guarded network where the firewall inspects all packets (pieces of data for internet transfer) entering and
leaving the guarded network.
Once the inspection is completed, a firewall can differentiate between benign and malicious packets with
the help of a set of pre-configured rules.

Page No.:
 MEENAKSHI SUNDARARAJAN ENGINEERING COLLEGE

#363, Arcot Road, Kodambakkam, Chennai – 600024, Tamil Nadu, India

Department: Computer Science & Engineering Register No.:311521104035

VPN:
A virtual private network (VPN) adds security and anonymity to users when they connect to web-based services
and sites, it hides the user’s actual public IP address and “tunnels” traffic between the user’s device and the
remote server.
This makes it more difficult for third parties to track the activities online and steal data.
The encryption takes place in real time.

Working of VPN:
A VPN hides your IP address by letting the network redirect it through a specially configured
remote server run by a VPN host.
This means that if you surf online with a VPN, the VPN server becomes the source of your data. This
means your Internet Service Provider (ISP) and other third parties cannot see which websites you visit
or what data you send and receive online.
VPNs utilize a concept called an IP tunnel, a virtual point-to-point link between a pair of nodes that are
actually separated by an arbitrary number of networks.
The virtual link is created within the router at the entrance of the tunnel by providing it with the IP address
of the router at the far end of the tunnel.
Whenever the router at the entrance of the tunnel wants to send a packet over this virtual link, it
encapsulates the packet inside an IP datagram. The destination address in the IP header is the address of the
router at the far end of the tunnel, whereas the source address is that of the encapsulating router.

Procedure:
1) Create a New Project:
• Start OPNET IT → File → New → Select Project → Name the project <name >_VPN, then
NoFirewall.
• Click Quit on the Startup Wizard.
2) Create and Configure the Network:
Initialize the network:
 Open the Object Palette dialog box. Make sure that the internet_toolbox item
is selected from the pull-down menu on the object palette.
 Add the following objects from the palette to the project workspace.
Application Config, Profile Config, an ip32_cloud, one ppp_ server, three
thernet4_slip8_gtwy routers, and two ppp_wkstn hosts.
 Rename the objects you added and connect them using PPP_DS1 links.
Configure the nodes:
1. Right-click on the Applications node → Edit Attributes → Assign Default to
Application Definitions attribute.
2. Right-click on the Profiles node → Assign Sample Profiles to Profile Configuration
attribute.

Page No.:
 MEENAKSHI SUNDARARAJAN ENGINEERING COLLEGE

#363, Arcot Road, Kodambakkam, Chennai – 600024, Tamil Nadu, India

Department: Computer Science & Engineering Register No.:311521104035

3. Right-click on the Server node → Assign All to the Application: Supported Services
attribute.
4. Right-click on the Sales A node → Select Similar Nodes.
a. Right-click on the Sales A node →Check the Apply Changes to Selected Objects
check-box.
b. Expand the Application: Supported Profiles attribute → Set rows to 1
→ Expand the row 0 hierarchy → Profile Name = Sales Person .

Choose the Statistics:

1. Right-click anywhere in the project workspace and select Choose Individual Statistics.
2. In the Choose Results dialog box, check the following statistics:
a. Global Statistics → DB Query → Response Time (sec).
b. Global Statistics→HTTP → Page Response Time (seconds).
3. Right-click on Sales A, B nodes, and select Choose Individual Statistics. In the
Choose Results dialog box, check the following statistics:
a. Client DB → Traffic Received (bytes/sec).
b. Client Http → Traffic Received (bytes/sec).

The Firewall scenario:

In the network we created, the Sales Person profile allows access to apps like db access, email,
web browsing from server.
Select Duplicate scenarios → name it as Firewall → Edit the attributes in Router C.
Assign ethernet_2_slip8_firewall to model attribute.
Expand the hierarchy of proxy server information → Assign No to Deployed.

Page No.:
 MEENAKSHI SUNDARARAJAN ENGINEERING COLLEGE

#363, Arcot Road, Kodambakkam, Chennai – 600024, Tamil Nadu, India

Department: Computer Science & Engineering Register No.:311521104035

Page No.:
 MEENAKSHI SUNDARARAJAN ENGINEERING COLLEGE

#363, Arcot Road, Kodambakkam, Chennai – 600024, Tamil Nadu, India

Department: Computer Science & Engineering Register No.:311521104035

The Firewall scenario:

In the Firewall scenario, we protected the databases in the server from “any” external access
using a firewall router. Assume that we want to allow the people in the Sales A site to have access
to the databases in the server. Since the firewall filters all database-related traffic regardless of the
source of the traffic, we need to consider the VPN solution.
A virtual tunnel can be used by Sales A to send database requests to the server. The firewall will
not filter the traffic created by Sales A because the IP packets in the tunnel will be encapsulated inside
an IP datagram.
1. In the Firewall scenario, select Duplicate Scenario, name it as Firewall_VPN → Click
OK.
2. Remove the link between Router C and the Server.
3. Open the Object Palette dialog box, check the internet_toolbox.
a. Add to the project workspace one ethernet4_slip8_gtwy and one IP
VPN Config.

b. From the Object palette, use two PPP_DS1 links to connect the new router
to the Router C (the firewall) and to the Server.
4. Rename the IP VPN Config object to VPN.

Configure the VPN:

Right-click on the VPN node →Edit Attributes.
i. Expand the VPN Configuration hierarchy →Set rows to 1
→Expand row 0 hierarchy →Edit the value of Tunnel Source Name and write
down Router
A →Edit the value of Tunnel Destination Name and write down Router D.
ii. Expand the Remote Client List hierarchy →Set rows to 1 →Expand row
hierarchy →Edit the value of Client Node Name and write down Sales A.
iii. Click OK and then save your project.

Page No.:
 MEENAKSHI SUNDARARAJAN ENGINEERING COLLEGE

#363, Arcot Road, Kodambakkam, Chennai – 600024, Tamil Nadu, India

Department: Computer Science & Engineering Register No.:311521104035

Run the Simulation:

To run the simulation for the three scenarios simultaneously:
1. Go to the Scenarios menu → Select Manage Scenarios.
2. Change the values under the Results column to <collect> (or <recollect>) for the
three scenarios.

Configured Firewall VPN:

To view and analyze the results:
1. Select Compare Results from the Results menu.
2. Expand the Sales A hierarchy → Expand the Client DB hierarchy → Select the Traffic
Received statistic.
3. Change the drop-down menu in the middle-lower part of the Compare Results
dialog box from As Is to time_average.
4. P ress Show and the resulting graph displays.

Page No.:
 MEENAKSHI SUNDARARAJAN ENGINEERING COLLEGE

#363, Arcot Road, Kodambakkam, Chennai – 600024, Tamil Nadu, India

Department: Computer Science & Engineering Register No.:311521104035

RESULT:

Thus, the role of firewalls and virtual private networks (VPNs) in providing security to shared public networks
such as the Internet have been configured successfully.

Page No.: