carablokir user yang suka download file. Blokir akses download file-file besar seperti iso, mp4, rar, dll. Sangat mudah dengan menggunakan mikrotik, sama seperti cara blokir trafik pada umumnya blokir file berdasarkan extension atau format-format file tertentu dapat menggunakan service atau layanan dari salah satu fitur mikrotik yaitu Firewall. CaraSetting Modem First Media Cisco. Tombol reset ada disisi belakang lihat gambar dengan bantuan bulpen atau pencil tekan 6-8 detik hingga lampu indikator berkedip berwarna hijau. How To Prove An Outage Is Not Caused By The Firewall Indeni Network Performance Computer Network F5 Networks Source: pinterest.com. ASK Cara setting Firstmedia Untukmelakukan konfigurasi trunk pada switch cisco berikut ini adalah sintaksnya : Masuk pada mode konfigurasi interface yang akan dijadikan sebagai jalur trunk. Switch (config)# int fx/x. Kemudian ganti mode switchport mode menjadi trunk. Switch (config-if)# switchport mode trunk Switch (config-if)# exit. Langkahlangkahnya sebagai berikut : capturenya saya pakai Windows 7. • Klik Start - Control Panel - Network And Sharing Center - Change Adapter Setting. • Kemudian klik Local Area Connection. • kemudian klik kanan lalu pilih Properties. Klik Internet Protocol Version 4 (TCP/IPv4) • kemudian pilih Properties. Pilih Use the Setupa static IP address on either your computer or device that you want to forward a port to. Login to your Cisco Linksys E4200 router. Navigate to the port forwarding section. Click the Applications & Gaming link. Click the Port Range Forwarding or the Single Port Forwarding button to forward ports. Create a port forward entry. 3Set up the gateway. 4.Set up DNS. 5.Set up NTP. 6.Set the time zone and hostname. 7.Configuration backup. The configuration backup is backed up to via tftp. The backup name is configuration20200101.cfg. We will have other articles about commands of Fortinet firewalls in the near future, so stay tuned. . KONFIGURASI FIREWALL DI CISCO PACKET TRECER STUDI KASUS Ø Terdapat 5 buah gedung dengan ip address yang berbeda Ø Terdapat 2router, dimana router tersebut terhubung ke internetcloud Ø Semua gedung mempunyai 1server,1 switch Ø 2gedungkiri masing-masing 20pc,1 access point, 2 printer,1tv ditambah beberapa pengguna wifi Ø 3 gedungkananmasing-masing 30pc,2acces point,3printer,1tv, ditambah beberapa pengguna wifi Catatan üSemua perangkat harus terkoneksi dengan baik ü Komputer STM harus bisa nge-print di printer SMEA atau gedung manapun ü Wifi di setiap gedung harus di beri pengaman berupa password supaya tidak semua masyarakat dapat menikmati fasilitas wifi ü Tv di setiap gedung harus bisa menyala semua Cara Kerja 1. Buka aplikasi Cisco Packet Tracer yang anda punya. saya versi 2. Device yang dibutuhkan 1 cloud 2 router 4 buah server 4 buah switch 4 access point 5 printer 130 pc 3. buat design Jaringan seperti di bawah ini ! 1. SETTING SEMUA SERVER DENGAN MENGGUNAKAN DHCP lingkaran merah adalah nama server kotak warna merah adalah IP server IP server STM DAN Default Gaeteway nya IP server SMEA DAN Default Gaeteway nya IP server Kampus DAN Default Gaeteway nya IP server STM DAN Default Gaeteway nya 2. SETTING SEMUA ACCES POINT untuk mengamankan dan memberi password ü untuk acces point STM ü klik acces pointàklik configàKLIK PORT1àport status ONàMasukan SSIDnama wireless stmàklik WPA2-PSK 9untuk memberi passwordàmasukan password “SMKDINAMIKA1”àuntuk encription type nya pilih yang AESàOK ü Untuk Wireless SMEA lakukan Hal yang sama sperti langkah di wireless STM ü untuk password, masukan password “SMKDINAMIKA2” ü Karena sesuai kebutuhan,, untuk kampus dikasih 2 access point dengan jarak yang berjauhan ü access point pertama bernama “access kampus1” dengan password “rahasiakampus” ü access point pertama yang kedua “access kampus2” dengan password “rahasiakampusdua” ü yang terakhir adalah accespoint “yalwash9” dan beri password “WIFI_IniSangatRahasia PRINTER SEMUA GEDUNG ü untuk yang tidak terkoneksi dengan wireless langsung saja klik printeràconfigàfastEthernet0àlalu klik yang dhcp ü untuk printer yang menggunakan wireless, Matikan printeràlalu ganti dengan port untuk wireless ü Setelah diganti portnya,, klik configàmasukan SSIDNama wireless yang di koneksikanàKLIK WPA2-PSKàmasukan passwordàlalu klik DHCP LAPTOP CLIENT UMTUK MENDAPATKAN ALAMAT IP SERTA AGAR DAPAT MENIKMATI AKSES INTERNET Matikan laptop dan ganti dengan port wireless klik laptopàklik dekstopàklik pc wirelessàklik connectàpilih wifi mana yang akan digunakan Lalu masukan password HP CLIENT Ø KLIK device yang akan di setting Ø klik config Ø klik wireless 0 Ø masukan SSID wifi yang akan di hubungkan Ø Masukan password Ø klik DHCP IP ROUTER 1 Ø klik router1 Ø Masukan untuk port rj45 Ø untuk fa6/0 terhubung dengan switch stm, Masukan Gateway STM pada fa6/0 subnetmask Ø untuk port fa8/0 sama dengan part fa6/0, masukan Gateway SMEA subnetmask Ø untuk port 7/0 menghubungkan ke cloudinternet masukan ip nya dan subnetmasknya Ø dan untuk port 5/0 berfungsi untuk menghubungkan ke router yang satunya dengan IP Router subnetmassk 7. SETTING IP ROUTER 2 Ø klik router 2 Ø Masukan port rj45 Ø klik config Ø klik fa9/0 untuk menghubungkan dengan switch universitas. Ø Masukan gateway universitas netmask Ø klik fa6/0 untuk menghubungkan dengan switch Yayasan/TU Ø Masukan gateway Yayasan subnet mask Ø klik fa8/0 untuk menghubungkan dengan router 1 Ø IP Route subnetmask 8. Setting RIP PADA KEDUA ROUTER Ø klik router 1 Ø klik config Ø klik rip Ø masukan semua gateway dan ip route yang telah dimasukan Ø lalu klik add Ø lalu klik add Ø lalu klik add Ø lalu klik add Ø lalu klik add Ø Lakukan hal yang sama pada router kedua 9. SETTING CLOUD Ø klik cloud Ø klik config Ø klik tv setting Ø klik browse Ø masukan gambar lalu klik tanda + 10. SETTING TV klik tv klik on tv stm tv SMEA TV YAYASAN KET semua tv terhubung dengan baik Tahap Pengecekan Jika sudah selesai semua dilakukan, mari kita test apakah settingan yang anda lakukan berhasil atau test ping printer dari client PC SMEA ke TU3. test ping laptop yang menggunakan wireless ke printer wireless kampus4. test penggunaan cloud 1. test ping dari server STM ke yayasan jika semua berhasil, kalian telah sukses mengikuti semua instruksi/tutorial dengan baik JKETERANGAN1 Setiap gedung tidak harus memiki 20PC, karena sesuai penggunaanya. Mengapa di TU hanya sedikit? karena orang TU/Yayasan tidak membutuhkan banyak pc. 2. Setiap gedung juga tidak harus memiliki 2accespoint. Mengapa di Kampus ada dua acces point? karena sesuai penggunaannya, mahasiswa di kampus lebih membutuhkan accespoint dikarenakan halaman kampus yang luas dan untuk memudahkan pada mahasiswa untuk belajar di halaman kampus dengan menggunakan wifi kampus3. Printer di gedung STM,SMEA dan kampus memiliki 2 printer, berfungsi agar suatu saat salah satu printer di gedung stm rusak, bisa ngeprint di gedung smea atau di yayasan/TU membutuhkan banyak printer? karena yayasan butuh data/laporan dari setiap gedung, sehingga memudahkan suatu pekerjaan agar orang TU tidak perlu berjalan ke setiap gedung untuk membutuhkan data, TAPI tinggal ping ke suatu tujuan dan meminta data untuk di print di TU. Membutuhkan banyak karena sesuai penggunaannya, TU menggunakan banyak printer untuk keperluan percetakan di setiap gedung yang tv di gedung STM,SMEA digunakan untuk para guru yang sedang ber istirahat dan untuk di YAYASAN pun sama seperti itu. KECUALI di kampus tidak membutuhkan tv, karena dinilai kurang efektif/efisien bagi para mahasiswa5. Mengapa membutuhkan 2 router? agar pembaca di tutorial yang saya buat ini mengerti bagaimana cara men setting 2 router dengan masing-masing router memiliki beberapa jaringan. PENUTUP Penulis berterimakasih kepada yang telah memberi rahmat dan kehadirat-Nya sehingga dapat menyelesaikan tugas “membuat tutorial pada cisco packet tracer” penulis juga berterimakasih kepada guru yang telah memberi tugas ini sehingga penulis dapat mengetahui dan mendalami bagaimana cara menggunakan aplikasi cisco packet tracer ini. penulis meminta maaf bila ada kesalahan atau tutorial yang kurang dimengerti. Penulis juga meminta maaf karena sedikit telat dalam pengumpulan tugas tutorial ini. Semoga tutorial ini bermanfaat bagi para pembaca atau para pemula yang ingin belajar aplikasi Cisco Packet Tracer. Contents Table of Contents Troubleshooting Bookmarks Quick Links Cisco ASA 5500 Series Configuration Guide using ASDM Software Version for use with Cisco ASA 5500 Version Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA Tel 408 526-4000 800 553-NETS 6387 Fax 408 527-0883 Customer Order Number N/A, Online only Text Part Number OL-20339-01 Chapters Related Manuals for Cisco ASA 5505 Summary of Contents for Cisco ASA 5505 You’ve graduated from setting up that new wireless router and are ready for your next adventure setting up a firewall. Gulp. We know, seems really intimidating. But breathe easy, because we’ve broken it down to 6 simple steps that should help you on your way to network-security nirvana. And off we go… Step 2 Architect firewall zones and IP addresses No heavy lifting required. To best protect your network’s assets, you should first identify them. Plan out a structure where assets are grouped based on business and application need similar sensitivity level and function, and combined into networks or zones. Don’t take the easy way out and make it all one flat network. Easy for you is easy for attackers! All your servers that provide web-based services email, VPN should be organized into a dedicated zone that limits inbound traffic from the internet—often called a demilitarized zone, or DMZ. Alternatively, servers that are not accessed directly from the internet should be placed in internal server zones. These zones usually include database servers, workstations, and any point of sale POS or voice over internet protocol VoIP devices. If you are using IP version 4, internal IP addresses should be used for all your internal networks. Network address translation NAT must be configured to allow internal devices to communicate on the internet when necessary. After you have designed your network zone structure and established the corresponding IP address scheme, you are ready to create your firewall zones and assign them to your firewall interfaces or sub-interfaces. As you build out your network infrastructure, switches that support virtual LANs VLANs should be used to maintain level-2 separation between the networks. Step 3 Configure access control lists It’s your party, invite who you want. Once network zones are established and assigned to interfaces, you will start with creating firewall rules called access control lists, or ACLs. ACLs determine which traffic needs permission to flow into and out of each zone. ACLs are the building blocks of who can talk to what and block the rest. Applied to each firewall interface or sub-interface, your ACLs should be made specific as possible to the exact source and/or destination IP addresses and port numbers whenever possible. To filter out unapproved traffic, create a “deny all” rule at the end of every ACL. Next, apply both inbound and outbound ACLs to each interface. If possible, disable your firewall administration interfaces from public access. Remember, be as detailed as possible in this phase; not only test out that your applications are working as intended, but also make sure to test out what should not be allowed. Make sure to look into the firewalls ability to control next generation level flows; can it block traffic based on web categories? Can you turn on advanced scanning of files? Does it contain some level of IPS functionality. You paid for these advanced features, so don’t forget to take those "next steps" Step 4 Configure your other firewall services and logging Your non-vinyl record collection. If desired, enable your firewall to act as a dynamic host configuration protocol DHCP server, network time protocol NTP server, intrusion prevention system IPS, etc. Disable any services you don’t intend to use. To fulfill PCI DSS Payment Card Industry Data Security Standard requirements, configure your firewall to report to your logging server, and make sure that enough detail is included to satisfy requirement through of the PCI DSS. Step 5 Test your firewall configuration Don’t worry, it’s an open-book test. First, verify that your firewall is blocking traffic that should be blocked according to your ACL configurations. This should include both vulnerability scanning and penetration testing. Be sure to keep a secure backup of your firewall configuration in case of any failures. If everything checks out, your firewall is ready for production. TEST TEST TEST the process of reverting back to a configuration. Before making any changes, document and test your recovering procedure. Step 6 Firewall management All fires need stoking. Once your firewall is configured and running, you will need to maintain it so it functions optimally. Be sure to update firmware, monitor logs, perform vulnerability scans, and review your configuration rules every six months. I cannot edit the devices, configs are locked. Try to put the firewall in between the routers and use the config below. Make sure to configure the corresponding router interfaces with the next hop IP addresses that the firewall uses for the static routes. On the router, configure static default routes pointing to the firewall's corresponding interface. In Packet Tracer, use the ASA5506-X, not the 5505. ASA Version ciscoasanames!interface GigabitEthernet1/1 description Link to AKCBranchRouternameif insidesecurity-level 100ip address GigabitEthernet1/2 description Link to AKCHQRouternameif outsidesecurity-level 0ip address outside route inside ICMP_HTTP_SMTP_POP3 extended permit icmp any any echo-replyaccess-list ICMP_HTTP_SMTP_POP3 extended permit tcp any any eq wwwaccess-list ICMP_HTTP_SMTP_POP3 extended permit tcp any any eq pop3access-list ICMP_HTTP_SMTP_POP3 extended permit tcp any any eq smtpaccess-list ICMP_HTTP_SMTP_POP3 extended permit icmp any any echo!access-group ICMP_HTTP_SMTP_POP3 in interface outside!class-map inspection_defaultmatch default-inspection-traffic!policy-map global_policyclass inspection_defaultinspect dnsinspect httpinspect icmppolicy-map type inspect dns preset_dns_mapparametersmessage-length maximum 512!service-policy global_policy global!telnet timeout 5ssh timeout 5 Before you get started Check your Internet connection If you don't have a good internet connection, the router setup experience will be frustrating. The simplest method is to connect a computer to the modem or gateway device supplied by your Internet service provider ISP. If your computer detects an Internet connection, you're ready to set up the router. Gather documentation Here's another "seems obvious" step—but one that will save you aggravation when you're in the middle of setup. Keep an eye out for stickers or slips of paper that might include important setup information, like the router's default username and password. Check for an app Many router manufacturers provide mobile apps or web dashboard that can be used for both setup and management. With a smartphone app, you may not have to connect the router to a computer to configure it. Check the documentation that came with your router to see if an app is available. Install and extend antennas If the router has antennas and they're separate from the router box, you'll need to install them. In addition, you should extend the antennas before beginning the setup process. Videos Router setup steps Step 1 Decide where to place the router The best place for a wireless business router is in an open area of the workplace, as you'll benefit from even coverage. However, sometimes it's not easy to find a space out in the open because you must connect the router to a broadband gateway from your ISP Internet service provider, which is usually attached to a cable near an outside wall. Step 2 Connect to the Internet Attach the router to a cable - or choose a mesh router To solve the "long-distance" problem when connecting a router, you can use a CAT5e or CAT6 cable to connect the router to the ISP gateway's Ethernet port. Another option is to run Ethernet cables through the walls of your office to the chosen central location for the router. Yet another option is to install a mesh network with a router. A mesh network allows you to place multiple Wi-Fi transmitters across your home or office, all on one network. Unlike extenders, which can be used with any wireless router, mesh networks require a router with this capability built-in. No matter which option you choose, you'll use a basic Ethernet cable, plugged into the router's wide-area network WAN or Internet port. The Internet port is typically set apart from other ports by a different color. Check the router's LED lights Your router's LED lights tell you if you've successfully made an active Internet connection. If you don't see lights confirming such a connection, make sure you've plugged the cable into the correct port. Test the connection with a device Confirm that your router has a working connection by plugging a laptop computer into one of the device ports on the back of the router. If all goes well, you should be able to begin a wired connection, just as you did when confirming an active Internet connection. Step 3 Configure the wireless router gateway In some cases, ISPs offer customers gateways with built-in routers. In most cases, these combined devices are not built for business environments, nor do they have extra ports, security, and other options that allow you to add services and expand networks as the business grows. If you have a gateway with an integrated router, you'll have to configure the gateway to disable the router and pass the WAN IP address—the unique Internet protocol address that the Internet provider assigns to your account—and all network traffic through to your new router. If you don’t take this step, you may run into conflicts that prevent devices from working properly. You may need to contact your ISP for help with this step. Step 4 Connect gateway to router First, turn off the gateway. If there is already an Ethernet cable plugged into the gateway's local-area network LAN port, unplug the cable and plug it into your router's WAN port. Turn the gateway back on and wait a few minutes for it to boot up. Plug in the router's power supply and turn it on, again waiting a few minutes. Step 5 Use app or web dashboard The easiest way to continue with router setup is to use a mobile app if the router maker provided one. If there is no app, or you'd rather use the router's web-based dashboard, connect the router to a computer via an Ethernet cable. You might find the router's IP address printed on the back of device itself; if not, type a common router address, into the browser search bar. Step 6 Create a username and password To configure the router, you'll need to log in, using its default admin name and password. You can usually find this information printed on the router itself, or in an accompanying user manual. Next, enter the required credentials. Once you're in, you should immediately create a new username and password. The defaults are usually something like "admin" and "password1234," which are obviously not secure—so make sure to change them at the first opportunity. Step 7 Update the router's firmware Your router may need an update of the "firmware," or software that operates it. Update it as soon as possible, since the new firmware might fix bugs or offer new security protections. Some routers may download new firmware automatically, but many do not. You may need to check for updates through the app or the browser interface. Step 8 Create a Wi-Fi password Just as most routers come with preassigned admin usernames and passwords, most also come with preset Wi-Fi usernames and passwords. You’ll likely be prompted to change the Wi-Fi username and password, but even if you don't see such a prompt, plan to do so quickly. Step 9 Use auto-configuration tools where possible If your router is equipped with auto-install features, rely on them to help complete setup. For example, you should be able to use auto-configuration to manage IP addresses with the Dynamic Host Configuration Protocol DHCP, which automatically assigns IP addresses to devices. You can always change these addresses later. Step 10 Set up security Many router manufactures provide security functionality to safeguard network and user privacy. You can login into the web dashboard and enabling added security features such as firewall, web filtering, and access controls to protect yourself from malicious traffic. You can also set up virtual private networks VPNs for privacy. Shop for routers Tugas Konfigurasi Firewall pada cisco packet tracer. Agar 1 PC atau lebih tidak dapat melakukan ping ke server dan pc lainnya. Perangkat yang dibutuhkan 1 Server 1 Router tipe 1841 1 Switch Tipe 2950-24 PC Client 3 Unit Mula-mula koneksikan semua perangkat dengan kabel Copper Cross-over untuk Server ke Router. Dan Kabel Straight-Throught untuk Switch ke PC, lalu isikan Ip server berbeda untuk Server ke Router, dan Router ke PC. Misalnya untuk Server - Router fa0/0 - Router fa0/1 Lalu untuk PC client isikan sesuai dengan ruas Router fa0/1 seterusnya. Agar semua perangkat dapat terhubung PING, masukan perintah RIP pada router, masukan masing-masing IP. Setelah itu uji coba dengan melakukan perintah PING. Nah selanjutnya, konfigurasi FIREWALL, agar salah satu pc tidak dapat melakukan ping ke perangkat lainnya. Langkah Konfigurasi Firewall Masuk ke Menu cli di router, lalu masukan perintah berikut Routerconf Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. Routerconfigaccess-list 1 deny host Routerconfigaccess-list 1 permit any Routerconfigint fa0/1 Routerconfig-ifip access-group 1 in Routerconfig-if Routerconfig-ifexit Sekarang kita coba untuk melakukan ping. Keterangan CLI diatas access-list 1 deny host perintah untuk router agar melakukan blokir terhadapat PC yang memiliki Ip itu. access-list 1 permit any, perintah ini untuk mengijinkan pc yang memiliki IP seruas dengan pc diblokir tadi. int fa0/1, sambungan dari ethernet yang digunakan. ip access-group 1 in, perintah untuk mengenalkan 1 group perangkat yang seruas. Nah demikianlah hasil dari Proses Konfigurasi Firewall pada Cisco Packet Tracer.

cara setting firewall cisco