Practical examples |
Top Previous Next |
Hereafter some different, exemplary scenarios are described, in which Gibraltar could be applied as firewall. These are minimum configurations, that should help the network administrator to understand the functionality of Gibraltar. The following instructions can be executed point by point and do not require any knowledge in configuring Gibraltar.
Scenario 1 - ADSL-PPTP Dial-In and DHCP
In this scenario we will configure Gibraltar on a computer which is connected to the Internet by an ADSL-PPTP Internet connection. The public IP address is assigned dynamically. Gibraltar will be configured as gateway of a small local network. The hosts in the internal network will receive their IP addresses from Gibraltar which will assign the addresses via DHCP. The users of the internal network can use all services of the Internet. There should be no possibility to access the internal network from the outside.
Scenario 2 - Internet Gateway with a static public IP address
This scenario shows the configuration of Gibraltar as an Internet gateway with a static public IP address. Gibraltar should protect the internal network and allow all clients to use any Internet services. The internal network must not be accessible from the Internet. This scenario is the base of configuring Gibraltar for the most broadband Internet connections.
Scenario 3 - Internet gateway and usage of a DMZ
In this scenario we will configure Gibraltar to deal with three networks. The internal network will be connected with the Internet through the firewall. The webserver and the mailserver are located in a demilitarized zone (DMZ). The DMZ is a network that is separated from both - internal network and from Internet.
Scenario 4 - Configuring a VPN tunnel between two Gibraltar firewalls
This scenario shows how to connect two Gibraltar firewalls via a IPSec-VPN over the Internet to access the computers at the other side of the tunnel. Additionally it shows the usage of the PPTP VPN service to connect a external worker to the local network. The local Gibraltar LDAP server does the user management.
Scenario 5 - Using Microsoft Active Directory Service and OpenVPN for accessing the network from outside
This scenario shows the connection of Gibraltar to an internal Microsoft Active Directory service. Some of the AD users should be able to use special services with their standard logon username and password. The administrator allows the usage of the special services by defining permissions in the AD security groups. Configuration of OpenVPN for external access of the network.
Scenario 6 - Configuring Gibraltar as application level proxy for http, ftp, and pop3
This scenario shows the usage of Gibraltar as security gateway to protect the internal network from the Internet. Some services are offered as proxy services to avoid direct access of the clients to the Internet. A http proxy to cache the visited sites and optionally filter them for viruses. A ftp proxy to hide the internal network infrastructure from others or to avoid direct access to an internal ftp server from outside. A pop3 proxy that fetches the emails from the external pop3 account and filters them for spam and viruses before they are forwarded to the client.
Scenario 7 - Gibraltar as traffic shaper for Citrix and VoIP bridged
Configuration of Gibraltar as a transparent traffic shaper that can be activated without changing the current network infrastructure. This scenario shows how to ensure the usage of 70 per cent of the bandwidth for the Citrix terminal sessions (protocol ICA). The other services get only 80 per cent of the bandwidth because of latency reasons. To avoid failures and problems it is only allowed to use max. 95 per cent of the bandwidth.
Scenario 8 - Gibraltar as traffic shaper for Citrix and VoIP with VPN
In this scenario we will configure 3 Gibraltars that are connected via IPSEC-VPN. As we are using Citrix Terminalservices we also have to guarantee a minimum of 35 % for the ICA traffic. We also have to guarantee a minimum of 35 % of the traffic for Voice over IP.
Scenario 9 - Gibraltar managing the bandwidth for VoIP
Configuration of Gibraltar as bandwidth manager to ensure a minimal bandwidth for usage with VoIP. The internal telephone system must get a minimum of 1 MBit, if the bandwidth of the Internet connection has 2 MBit up- and download. To avoid failures and problems it is only allowed to use max. 95 per cent of the bandwidth.
Scenario 10 - Gibraltar managing the bandwidth for web traffic
Configuring the Gibraltar Firewall to ensure a minimal bandwidth for web traffic (http, https). Additional a minimal bandwidth for fetching the emails via pop3 is configured. |