I am kind of new to networking and security but hear is my problem.
My company every Wednesday night does firewall changes but before they do the changes, they have another department (operations) manually validate the firewalls before the changes to see if the change afterward caused any problems. Operations is using a laptop directly connected to its ISP via a DSL connection to act as a customer would coming in to our network hitting different applications and so forth. Hence this validates the outside firewall.
The problem comes in now because upper management now wants a monitoring script to do what the operators would be doing. My company is using UniCenter/ClientVantage as their monitoring tools right now. They were thinking of putting the script on the DSL laptop but security didn?t like that for two reason;
1. Because it has no security, (directly connected to the outside world,
2. In order to run these monitoring scripts, the script accesses an internal server. This isn?t safe if it?s on that outside firewall.
My question is if there is some way we can have this script run on an inside the network dedicated machine, but act as if it was coming from the outside? Meaning that this inside machine would grab the script from whatever monitoring server it needed (as stated above) and then let it act (network/firewall) wise as if it was that DSL laptop mentioned above, so that we can safely test the outside firewall as if we were an outside customer even thought we are starting from the inside, not outside?
I know this was long and confusing, but any help from anyone would be great. Thanks all.
Configure static translation of inside source addresses when you want to allow one-to-one mapping between your inside local address and an inside global address. Static translation is useful when a host on the inside must be accessible by a fixed address from the outside.
My question is if there is some way we can have this script run on an inside the network dedicated machine, but act as if it was coming from the outside?
Sorry mate, this isn't possible, you need to be coming from the outside, how about... installing another nic into the pix on a private address range, just hanging the test laptop off this - you could configure this new nic as a outside interface with the exact same config as the current outside interafce (except ip address).
You could then test this without the risk of any external hackers breaking getting access to the laptop.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :