Firewall Rule Video

Posted by in Security+ | 3 comments

If you’re planning to take the CompTIA Security+ exam and want to know about Firewall rule components, this blog post and video is for you.

Several people have asked me how to create a firewall rule. I’ve explained them in the CompTIA Security+ Get Certified Get Ahead Study Guide and in blog articles. I’ve even created some performance-based questions on the premium site to help people see how they might be tested.

Still, some people learn better with a video so here it is.

Example Firewall Rule

As an example, imagine you needed to allow HTTPS traffic from the Marketing server to Web Server 2. You would need to create a firewall rule with the appropriate components.

Firewall Rules Network Diagram

Firewall Rule Components

The components of a firewall rule are:

The permission is almost always allow. The last rule in the firewall will be an implicit deny rule. This blocks all traffic that wasn’t previously allowed.

HTTP traffic uses TCP port 443 so the protocol is TCP and the destination port is 443.

Table 3.1 in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide lists the ports you should know when studying for the Security+ exam.

Pass the Security+ exam the first time!

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Get Certified Get Ahead Security+ SY0-401

At this point, we know the following elements.

  • Permission Allow
  • Protocol TCP
  • Destination port 443

Next, you’ll need to identify the source IP address.

Firewall Rules Network Diagram

CIDR Notation in a Firewall Rule

The marketing computer has an IP address of 10.4.80.10.

You can see that it has a CIDR notation of /23. This indicates a subnet mask of 255.255.254.0, but don’t let that distract you.

That refers to the subnet where the marketing computer is located.

When you create a rule for a single computer, you use /32 as the CIDR notation.

A /32 CIDR notation indicates the subnet mask is 255.255.255.255, but /32 is a lot easier to say.

Get Certified Get Ahead

So, the source IP address for our rule is 10.4.80.10 /32.

  • Permission Allow
  • Protocol TCP
  • Destination port 443
  • Source IP 10.4.80.10 /32
  • Destination IP

Next, we need the destination IP.

The Web server 2 IP address is 10.4.81.5. The CIDR notation is /24, indicating a subnet mask of 255.255.255.0.

However, we want to create a rule for the single computer, not the subnet so we use a CIDR notation of /32, short for 255.255.255.255. At this point, you know all the components of the firewall rule.

  • Permission Allow
  • Protocol TCP
  • Destination port 443
  • Source IP 10.4.80.10 /32
  • Destination IP 10.40.81.5 /32

Looking at the Firewall Rule

Here’s another way of looking at the components of the rule. It matches the words of the rule with the actual components of the rule.

firewallrule

Different firewalls have different interfaces and syntax so there isn’t a standard way of entering this information. However, if you understand the components of the rule, you can plug the data into the interface.

Tesing Your Knowledge of a Firewall Rule

Similarly, if you understand the components of the rule, you can answer Security+ test questions no matter how they are asked. This includes:

  • Basic multiple choice questions such as “What port would you open to allow HTTPS traffic?”
  • Fill in the blank questions that ask you to type in the elements of the rule.
  • Questions with drop-down menus that ask you to select the appropriate elements of the rule.
  • Drag and drop questions similar to questions available on the Get Certified Get Ahead premium site. You can see a demo of drag and drop questions here.

You can also watch this video to see a Firewall Rule question demonstrated here:

3 Comments

  1. Thanks for your prompt response and for clarifying the solution! Again, great site and content.

  2. > For the rule, why would we default to /32 and not simply restrict the
    > rule to the network of the Marketing computer, /23?
    Because the requirement is to “allow HTTPS traffic from the Marketing server” to Web Server 2, not from all computers in the network to the web server.

    If your boss asks you to “Please invite Lisa from the marketing department to join me for lunch,” he would likely be a little disappointed if you invited all employees from the marketing department to join him.

    > Is using /32 for a single computer a standard practice?
    It’s used on some firewalls. While some firewalls only use the IP address and not the subnet mask, if it requires the subnet mask, you need to know the correct one to use.

    A better question might be
    “Should I know that /32 can be used to identify a single computer in a firewall rule if I’m preparing for the Security+ exam?”

    Yes.

  3. For the rule, why would we default to /32 and not simply restrict the rule to the network of the Marketing computer, /23? Is using /32 for a single computer a standard practice?

    Thanks, you have a great site!

Leave a Comment

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.