OPNET IT Guru Lab 6, Page 1

Lab 6: Evaluating Firewall Policies to Manage Network Traffic Objective

This lab teaches the fundamentals of implementing firewall policies and understanding its effect on application performance and link utilizations.

Overview

Standard Chartered Bank’s headquarters network connects to the Internet through a CISCO PIX Firewall. Users use various online applications including e-mail, web browsing, and credit card authorization. In addition, some users are doing illegal file transfers for pirated music and videos. First we’ll evaluate the application performance with no firewall policies. Thus, no illicit traffic is blocked.

Standard Chartered Bank’s most critical application is credit card authorization. It is required to have a response time of less than 2 seconds.

Lab Instructions Step 1: Open Lab 1

1. Start IT Guru. 2. Select File � Open…

3. Scroll down to the project named Firewall_Implementation, select it and

click OK.

OPNET IT Guru Lab 6, Page 2

Simulate the network for a busy hour of the day to evaluate the performance of the critical application.

Step 2: Configure and Run the Simulation Evaluate the network performance for a busy hour of the day. 1. Click on the configure/run simulation toolbar button.

2. Make sure the Simulation Duration is set to 1 hour.

3. Click Run. Monitor the progress bar as the simulation proceeds.

OPNET IT Guru Lab 6, Page 3

4. When the simulation completes, Click Close.

Step 3: View Results

View the credit card authorization response time for all the users and also the WAN link utilization. As mentioned earlier, the critical credit card authorization application’s response time is required to be less than 2 seconds.

1. Right-click in the workspace and select View Results. 2. Choose Global Statistics � DB Query � Response Time (sec).

3. Select Show. Now add the average curve to this window.

4. Change the filter from As Is to average and click Add.

OPNET IT Guru Lab 6, Page 4

5. Click on the graph window having the discrete data points for this statistic

to add this curve on that panel.

6. Click Close in the View Results window. 7. Right-click on the WAN link and select View Results to view its utilization.

OPNET IT Guru Lab 6, Page 5

8. Choose point-to-point � utilization ���� and click Show.

Note: To toggle the graphs on and off, use the hide or show all graphs button.

9. Close the View Results window.

OPNET IT Guru Lab 6, Page 6

Your results should be similar to the graph above. • The results show that the Credit Card Authorization Response Time is

above the required limit of 2 seconds. • Also the WAN link utilization is high which might contribute to

unacceptable application response times. The company decided to configure the firewall to block peer-to-peer file transfers to see its effect on the application performance.

Step 4: Duplicate Scenario

1. Select Scenarios � Duplicate Scenario… 2. Give the name as Firewall Implemented.

Step 5: Configure the CISCO PIX Firewall

Configure the firewall to block video traffic. 1. Right-click on the CISCO PIX Firewall and select Edit Attributes. 2. Click in the Value column for Proxy Server Information.

OPNET IT Guru Lab 6, Page 7

3. Scroll down to Voice and change the value for Proxy Server Deployed

from Yes to No and then click OK twice.

Step 6: Configure and Run the Simulation

Rerun the simulation for a busy hour of the day to see if implementing the firewall improves application performance.

• Refer to previous steps for setting the duration and running the simulation.

OPNET IT Guru Lab 6, Page 8

Step 7: Compare Results Compare the Credit Card Authorization Application Response Time and also the WAN link utilization. 1. Right-click in the workspace and select Compare Results. 2. Choose Global Statistics � DB Query � Response Time (sec).

3. Click Show and then click Close in the View Results window.

4. Right-click on the WAN link and select Compare Results.

5. Choose point-to-point � utilization ����.

6. Click Show and then close the View Results window.

OPNET IT Guru Lab 6, Page 9

Conclusion

• As expected, the results show that implementing the firewall had a

significant improvement in the credit card authorization application performance.

• The utilization graph shows significant reduction in the WAN link utilization

due to the firewall policy, thereby improving the application performance. • By mandating the firewall policy to stop illicit peer-to-peer file transfers, the

company is able to achieve the required performance for the critical credit card authorization.

Advanced Scenario

• Advanced Scenario 1. Duplicate the scenario Without_Firewall_Implementation and then, instead of implementing the firewall, upgrade the WAN link and see its effect on the critical application response time.