Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
296
Views
0
Helpful
2
Replies

Inside to act as Outside

atags8080
Level 1
Level 1

‎09-18-2007 10:53 AM - edited ‎03-09-2019 06:51 PM

Hello All,

I am kind of new to networking and security but hear is my problem.

My company every Wednesday night does firewall changes but before they do the changes, they have another department (operations) manually validate the firewalls before the changes to see if the change afterward caused any problems. Operations is using a laptop directly connected to its ISP via a DSL connection to act as a customer would coming in to our network hitting different applications and so forth. Hence this validates the outside firewall.

The problem comes in now because upper management now wants a monitoring script to do what the operators would be doing. My company is using UniCenter/ClientVantage as their monitoring tools right now. They were thinking of putting the script on the DSL laptop but security didn?t like that for two reason;

1. Because it has no security, (directly connected to the outside world,

2. In order to run these monitoring scripts, the script accesses an internal server. This isn?t safe if it?s on that outside firewall.

My question is if there is some way we can have this script run on an inside the network dedicated machine, but act as if it was coming from the outside? Meaning that this inside machine would grab the script from whatever monitoring server it needed (as stated above) and then let it act (network/firewall) wise as if it was that DSL laptop mentioned above, so that we can safely test the outside firewall as if we were an outside customer even thought we are starting from the inside, not outside?

I know this was long and confusing, but any help from anyone would be great. Thanks all.

Andrew

Labels:
0 Helpful
2 Replies 2

umedryk
Level 5
Level 5

‎09-25-2007 06:28 AM

Configure static translation of inside source addresses when you want to allow one-to-one mapping between your inside local address and an inside global address. Static translation is useful when a host on the inside must be accessible by a fixed address from the outside.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a008044eddc.html

0 Helpful

grahambartlett
Level 1
Level 1

‎09-27-2007 12:46 AM

My question is if there is some way we can have this script run on an inside the network dedicated machine, but act as if it was coming from the outside?

Sorry mate, this isn't possible, you need to be coming from the outside, how about... installing another nic into the pix on a private address range, just hanging the test laptop off this - you could configure this new nic as a outside interface with the exact same config as the current outside interafce (except ip address).

You could then test this without the risk of any external hackers breaking getting access to the laptop.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents