Network security

How to configure a network firewall: Walkthrough

Bianca Gonzalez
March 13, 2023 by
Bianca Gonzalez

A good network firewall is essential. Learn the basics of configuring a network firewall, including stateful vs. stateless firewalls and access control lists in this episode of Cyber Work Applied.

What is a network firewall?

Learn the basics of setting up a network firewall in this episode featuring Infosec Skills author Mike Myers.

Cyber Work listeners get free cybersecurity training resources. Click below to get your free courses and other materials.

Free Cybersecurity Training

How to setup a network firewall

Below is the edited transcript of Mike’s network firewall configuration walkthrough.

Configuring a network firewall

(0:00- 1:29) When it comes to IT security, a good network firewall isn't a good idea. It's a necessity.

In this episode, I want to cover network firewalls. To do that, I've got myself a NETGEAR cable modem firewall. It's considered a SOHO, but it's actually a very high-end router with a built-in firewall. And I'm not even going to plug it into the internet. We'll go ahead and set up the firewall on this. So it's graphical, but don't let the pretty graphics fool you. This is a powerful little system.

Learn Network Security Fundamentals

Learn Network Security Fundamentals

Build your skills with seven hands-on courses covering network models and protocols, wireless and mobile security, network security best practices and more.

I've got it plugged in. I've got a cable running into my desktop down here, and here's my monitor and keyboard. We're going to go ahead and configure this guy. Most of these come by default with a fixed IP address. In this particular case, it's 192.168.0.1. They’re even nice enough to document on the bottom with a built-in username and password that I've already changed.

To configure this particular guy, I will open up a web browser to 192.168 0.1. I've already logged in, so let's see what we need to do. It took me a while to find this, but if you take a look, most firewalls' settings are right here under security. We're also going to see a few other settings in a different place, and we're going to talk about those in just a moment.

Stateful vs. stateless firewalls

(1:30-2:16) The number one thing we need to talk about when we talk about firewalls is stateful versus stateless firewalls. A stateless firewall will go ahead and filter and block stuff, no matter what the situation. An example of a stateless firewall is if I set up a firewall to always block port 197, even though I don't know what that is.

So we can set up all kinds of rules. We can block based on IP address. We can block based on words coming in or out of a particular connection. We can block based on the time of day. All of these types of blocks are going to be stateless firewall settings. We store all of this information in a database, a file known as an access control list.

Access control list

(2:17-2:45) Access control lists appear all over the world of IT security, and they certainly appear in every firewall out there. Also, keep in mind that every one of these firewalls has a different screen. So the information is always there, but you're always having to poke around and figure out what to do. We're going to set up some stateless settings here. But then, we're also going to set up stateful settings.

What is a stateful firewall?

(2:46- 4:39) A stateful firewall doesn't have an access control list, per se. A stateful firewall looks at what's going on and then makes a decision on what it's going to do. For example, if we start getting a lot of pings coming into this system, it will say “Hey, there are a lot of pings here. I'm going to start blocking pings.” Or it will sit there and see a bunch of requests for a particular web page, and they're malformed. So the firewall will think, “I'm getting too many malformed packets,” and he'll go ahead and start blocking this stuff. So a stateful firewall is a much more complicated tool than a stateless firewall.

In most of these SOHO routers, they reduce it to little things like saying disabled port scanning or something like that. And in that case, what you're doing is turning on or off the stateful firewall.

Let’s look at a stateful firewall. If you take a look right here, there are some settings on here for a stateful firewall. It says “Disable IPv4 Firewall Protection.” If I check this box, I'm essentially just turning off the stateful firewall for that particular type of IP.

You'll notice that there’s also an option to disable port scan and denial-of-service protection. If I check this, I'm turning off that aspect of the stateful firewall. This one's interesting because it has a very powerful stateful firewall built in, but it doesn't give you much control. It pretty much turns it on and runs. But you'll see that a lot of firewalls give you the option to block ICMP. They don't want anybody to be able to ping you or things like that. So these are all good examples of stateful firewalls.

What is a stateless firewall?

(4:40- 9:39) For the most part, on almost all firewalls including some of the higher-end ones, you either turn it on or off. Now stateless is a different animal altogether. A stateless firewall is going to be based on what your needs are for that particular network. So let's head over here and see what we can do.

On this particular guy, you'll see it says access control. So I'm going to turn on access control. And you'll see it gives us the option to allow all new devices to connect or block all new devices from connecting. If I were to block all new devices from connecting, nobody would get out. But what we're doing is what's known as an implicit deny. Now we talked about implicit deny in other episodes, but in a very different way. In this particular case, we're talking about a firewall. In essence, nobody can do anything unless I let them through.

Learn Network Security Fundamentals

Learn Network Security Fundamentals

Build your skills with seven hands-on courses covering network models and protocols, wireless and mobile security, network security best practices and more.

In this case, I will allow all new devices to connect. That way I can start to make blocks selectively. I can block on IP address, I can block on MAC address, and I can keep adding on to this. If you look at the screen, you'll see it's already got my machine that I’m working on. If I wanted to, I could block myself, making for a very uninteresting episode. Or I could leave it as it is and allow it.

Next are blocked sites. In this particular case, I can type in anything that I don't want you to be able to get to. Let’s type in the domain name for YouTube here. Now no one's going to be able to get to YouTube. So that’s one example of blocking something.

Another example is keyword blocking. Let’s set keyword blocking to "always" and as it sees information coming through, it can block it. Keep in mind, in this particular situation — especially for web pages — it will not be able to see any of that information if it's a secure web page. So it doesn't do a whole lot of good in that situation.

We can also come down here and allow trusted IP addresses. So for example, if there are certain machines that I'm using for maintenance and management, I can type in that IP address. Despite what the blocks are, that one machine or multiple machines will always be able to get through.

Next is blocked services. And when we talk about an access control list, this is usually what people are talking about. So I'm going to turn on services blocking.

Now let's block something. The service type is currently set to user defined, but if there's a particular service that you want to stop, you can find it here. So let's say I don't want anybody using FTP.

You'll see that it presets itself to block ports 20 and 21. That's really all we're doing here. It's a convenient list to allow you to build an access control list without necessarily knowing exactly how that all works, but I like it. So we'll leave it as it is. You'll see I can block anybody on my network. I can block a range, or I can block one particular person.

Let's go ahead and add FTP, and you'll see I've got that added. Now I can add lots more. Access control lists often have lots and lots of these. So we're going to do user define this time a TCP protocol; I want to stop people from using their Steam servers.

What I'm doing is I'm blocking a range of port numbers, and I'm going to put Steam in here. Again, I can set it for everybody. So you'll see  I'm building up an access control list. In a more enterprise-type firewall, access control lists can be very complicated.

Let me show you a picture of an access control list for an enterprise-level Cisco router. Now, this is my idea of a big hairy access control list. While we may not be super familiar with what all this means, you'll notice that it has port numbers in there —and you'll notice that IPs are in there. So it's giving you the same information we're doing right here, but this is more of a robust setup. And there's no pretty graphical front end for this guy. You're typing that stuff in manually.

Scheduling on a firewall

(9:40- 11:49) The second to the last thing I’ll show you is scheduling. What I can do is I can set up different schedules to do different things. If I want to, I can block anybody from playing Steam games from nine to five, but I like playing Steam. So after work, I want me and the folks to get together and let's play some Age of Empires — or whatever it might be. I can use scheduling tools that will allow me to tweak my access control list, so that I can handle exactly when people are doing certain things or not.

Last is email. One of the problems that you have with firewalls is that you're not aware of what a firewall is doing. Now, all firewalls are going to have some kind of log that is going to be keeping track of stuff.

You can set up these logs to do whatever you want. You can see that it logged login failures, people trying to get in, if it's passing out DHCP. If you look at the options at the bottom, you can set up what it will show.

Logs are great and important, but the only way by default I can get to this log is by opening up this web page and going into the router itself. Usually, what I'm going to prefer to do is let the system email me. I like to use these types of tools. They’re popular on these home routers. And you can set up pretty much any firewall system to do things like send you text messages. You can also set levels of importance and tell it to message you only when it’s level one. Otherwise, if it's two through five, send me an email at the end of the day.

These types of tools become very important. This is just one type of firewall that you have out there. Make sure you're comfortable with the idea of a stateful versus a stateless firewall.

Learn Network Security Fundamentals

Learn Network Security Fundamentals

Build your skills with seven hands-on courses covering network models and protocols, wireless and mobile security, network security best practices and more.

Application-based firewall

(11:50- 12:34) Also keep in mind that when we're talking about firewalls, there is another type of firewall that people often confuse with network-based firewalls. And that is an application-based firewall.

An application-based firewall is designed to protect an application. One of the most famous types of applications we firewall is web applications. What I can do is set up a firewall in front of a web server that's protecting just the web server itself because there are so many unique attacks that they only go for that particular type of application.

So a network firewall like this is designed to protect everybody in a network, whereas an application-based firewall is usually in front of a web server or something like that, and it's designed to protect just that application.

More cybersecurity training resources

Want more free resources? Check out the weekly Cyber Work Podcast for in-depth conversations with cybersecurity practitioners and industry thought leaders.

Cyber Work listeners also get other free cybersecurity training resources. Check out the latest free courses and resources to keep learning!

Free Cybersecurity Training

Bianca Gonzalez
Bianca Gonzalez

Bianca Gonzalez is a writer, researcher and queer Latina brain cancer survivor who specializes in inclusive B2B insights and multicultural marketing. She completed over 400 hours of community service as a college student.