Description:

If an already configured Unified Firewall is to be connected to and managed by the LANCOM Management Cloud (LMC), certain parts of the existing configuration in the Unified Firewall must be deleted, otherwise conflicts will arise when the configuration is rolled out to the LMC.

This article describes how the configuration of a Unified Firewall configured by web interface can be transferred to the LMC.


Requirements:

  • LANCOM R&S® Unified Firewall with LCOS FX as of version 10.9
  • LMC access (subject to charge) with an existing LMC project and a license for the Unified Firewall
  • A configured and functional Internet connection on the Unified Firewall
  • Web browser for configuring the Unified Firewall and LMC.

    The following browsers are supported:
    • Google Chrome
    • Chromium
    • Mozilla Firefox
  • LMC access (fee required) with existing LMC project and a licence for the Unified Firewall


Scenario:

  • On a Unified Firewall, the port eth1 is configured with the network INTRANET with the IP address range 192.168.1.0/24. The Unified Firewall has the IP address 192.168.1.254.
  • Internet access on the Unified Firewall is permitted for HTTP and HTTPS.
  • The Unified Firewall is now to be managed by the LMC.



Procedure:

1) Pairing the Unified Firewall with the LMC:

Connect the Unified Firewall to the LMC (see step 2.2.2 in the following Knowledge Base article).

Pairing a LANCOM device with the LMC



2) Configuring the network parameters and firewall rules in the LMC:

2.1) In the LMC, go to the Networks menu and click Add Network → Network.

2.2) Modify the following parameters and then click Save:

  • Name: Enter a descriptive name for the network (in this example INTRANET).
  • Global IP range (CIDR): Enter the IP address range for the network (in this example 192.168.1.0/24).
  • Indices of subnet gateways: Adjust the index of the subnet gateway if necessary (in this example, the Unified Firewall has the index 254).

If LANCOM switches are also managed via the LMC, the network defaults have to be adjusted to allow communication through the switch ports (see step 1.2 in the following Knowledge Base article).

VLAN configuration via the LANCOM Management Cloud

2.3) In the Security menu, go to the Packet Filter tab and click Create new rule.

2.4) Adjust the following parameters to allow the protocol HTTPS outbound and then click Save:

  • Action: From the drop-down menu, select the option Accept.
  • Traffic Direction: From the drop-down menu, select the option Bidirectional.
  • Destination: Select the option Internet.
  • Protocol: From the drop-down menu, select the option TCP.
  • Port: Enter port 443.

2.5) Create an additional packet filter rule. Adjust the following parameters to allow the protocol HTTP outbound and then click Save:

  • Action: From the drop-down menu, select the option Accept.
  • Traffic Direction: From the drop-down menu, select the option Bidirectional.
  • Destination: Select the option Internet.
  • Protocol: From the drop-down menu, select the option TCP.
  • Port: Enter port 80.

2.6) Go to the Profiles tab and click the network created in step 2.2 (in this example INTRANET).

2.7) Click Packet filter (LANCOM R&S®Unified Firewall).

2.8) Activate the two rules created in steps 2.4 and 2.5 using the sliders and click Save.



3) Adding a site in the LMC:

3.1) Change to the Sites menu and click Add site.

3.2) Enter a descriptive name for the site (in this example Firewall-Headquarters) and click Add.

3.3) Click the site to access the advanced settings.

3.4) Go to the Networks tab and click Assign networks.

3.5) Select the network created in step 2.2 (in this example INTRANET) and click Assign.

3.6) Go to the Devices tab and click Assign devices.

3.7) Select the United Firewall that was connected to the LMC in step 1 and click Assign.



4) Deleting the existing network parameters from the Unified Firewall:

Open the web interface of the Unified Firewall to clean up the existing configuration components. There are two ways to do this:

  • By directly accessing the Unified Firewall
  • Via WEBconfig tunnel from the LMC
    • Go to the Devices menu and click the Name of the Unified Firewall to access the advanced settings.

    • In the top right-hand corner, click Device actions → Open WEBconfig.


4.1) Delete the network object on the desktop:

4.1.1) Select the network object on the desktop (in this example INTRANET) and click the “Trash can” icon.

4.1.2) Confirm the prompt by clicking Delete.


4.2) Delete the DHCP interface (if applicable):

4.2.1) Go to the menu Network → DHCP Interfaces and click on the “Trash can” icon for the interface.

4.2.2) Confirm the prompt by clicking Delete.


4.3) Delete the VLAN interface (if applicable):

4.3.1) Switch to the menu Network → Interfaces → VLAN Interfaces and click on the “Trash can” icon for the interface.

4.3.2) Confirm the prompt by clicking Delete.


4.4) Delete the network connection:

4.4.1) Go to the menu Network → Connections → Network Connections and, for the relevant network (in this example the network INTRANET), click the “Trash can” icon.

4.4.2) Confirm the prompt by clicking Delete.


4.5) Activate the configuration changes:

Implement the configuration changes by clicking Activate.



5) Rolling out the configuration via the LMC:

5.1) In the LMC, go to the menu Devices.

5.2) Select the Unified Firewall and click on the “dots” icon in the upper right-hand corner.

5.3) Click on Configuration roll out.

5.4) Confirm the prompt by clicking on Roll out.

All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2019-2024 LANCOM Systems GmbH