Quelle anzeigen

Description:

If an already configured Unified Firewall is to be connected to and managed by the LANCOM Management Cloud (LMC), certain parts of the existing configuration in the Unified Firewall must be deleted, otherwise conflicts will arise when the configuration is rolled out to the LMC.

This article describes how the configuration of a Unified Firewall configured by web interface can be transferred to the LMC.

Requirements:

LANCOM R&S® Unified Firewall with LCOS FX as of version 10.9
LMC access (subject to charge) with an existing LMC project and a license for the Unified Firewall
A configured and functional Internet connection on the Unified Firewall
Web browser for configuring the Unified Firewall and LMC.

The following browsers are supported:
- Google Chrome
- Chromium
- Mozilla Firefox
LMC access (fee required) with existing LMC project and a licence for the Unified Firewall

Scenario:

On a Unified Firewall, the port eth1 is configured with the network INTRANET with the IP address range 192.168.1.0/24. The Unified Firewall has the IP address 192.168.1.254.
Internet access on the Unified Firewall is permitted for HTTP and HTTPS.
The Unified Firewall is now to be managed by the LMC.

Procedure:

1) Pairing the Unified Firewall with the LMC:

Connect the Unified Firewall to the LMC (see step 2.2.2 in the following Knowledge Base article).

Pairing a LANCOM device with the LMC

2) Configuring the network parameters and firewall rules in the LMC:

2.1) In the LMC, go to the Networks menu and click Add Network → Network.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 1.png

2.2) Modify the following parameters and then click Save:

Name: Enter a descriptive name for the network (in this example INTRANET).
Global IP range (CIDR): Enter the IP address range for the network (in this example 192.168.1.0/24).
Indices of subnet gateways: Adjust the index of the subnet gateway if necessary (in this example, the Unified Firewall has the index 254).

If LANCOM switches are also managed via the LMC, the network defaults have to be adjusted to allow communication through the switch ports (see step 1.2 in the following Knowledge Base article).

VLAN configuration via the LANCOM Management Cloud

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 2.png

2.3) In the Security menu, go to the Packet Filter tab and click Create new rule.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 3.png

2.4) Adjust the following parameters to allow the protocol HTTPS outbound and then click Save:

Action: From the drop-down menu, select the option Accept.
Traffic Direction: From the drop-down menu, select the option Bidirectional.
Destination: Select the option Internet.
Protocol: From the drop-down menu, select the option TCP.
Port: Enter port 443.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 4.png

2.5) Create an additional packet filter rule. Adjust the following parameters to allow the protocol HTTP outbound and then click Save:

Action: From the drop-down menu, select the option Accept.
Traffic Direction: From the drop-down menu, select the option Bidirectional.
Destination: Select the option Internet.
Protocol: From the drop-down menu, select the option TCP.
Port: Enter port 80.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 5.png

2.6) Go to the Profiles tab and click the network created in step 2.2 (in this example INTRANET).

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 6.png

2.7) Click Packet filter (LANCOM R&S®Unified Firewall).

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 7.png

2.8) Activate the two rules created in steps 2.4 and 2.5 using the sliders and click Save.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 8.png

3) Adding a site in the LMC:

3.1) Change to the Sites menu and click Add site.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 9.png

3.2) Enter a descriptive name for the site (in this example Firewall-Headquarters) and click Add.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 10.png

3.3) Click the site to access the advanced settings.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 11.png

3.4) Go to the Networks tab and click Assign networks.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 12.png

3.5) Select the network created in step 2.2 (in this example INTRANET) and click Assign.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 13.png

3.6) Go to the Devices tab and click Assign devices.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 14.png

3.7) Select the United Firewall that was connected to the LMC in step 1 and click Assign.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 15.png

4) Deleting the existing network parameters from the Unified Firewall:

Open the web interface of the Unified Firewall to clean up the existing configuration components. There are two ways to do this:

By directly accessing the Unified Firewall
Via WEBconfig tunnel from the LMC
- Go to the Devices menu and click the Name of the Unified Firewall to access the advanced settings.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 16.png

- In the top right-hand corner, click Device actions → Open WEBconfig.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 17.png

4.1) Delete the network object on the desktop:

4.1.1) Select the network object on the desktop (in this example INTRANET) and click the “Trash can” icon.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 18.png

4.1.2) Confirm the prompt by clicking Delete.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 19.png

4.2) Delete the DHCP interface (if applicable):

4.2.1) Go to the menu Network → DHCP Interfaces and click on the “Trash can” icon for the interface.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 20.png

4.2.2) Confirm the prompt by clicking Delete.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 21.png

4.3) Delete the VLAN interface (if applicable):

4.3.1) Switch to the menu Network → Interfaces → VLAN Interfaces and click on the “Trash can” icon for the interface.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 22.png

4.3.2) Confirm the prompt by clicking Delete.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 23.png

4.4) Delete the network connection:

4.4.1) Go to the menu Network → Connections → Network Connections and, for the relevant network (in this example the network INTRANET), click the “Trash can” icon.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 24.png

4.4.2) Confirm the prompt by clicking Delete.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 25.png

4.5) Activate the configuration changes:

Implement the configuration changes by clicking Activate.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 26.png

5) Rolling out the configuration via the LMC:

5.1) In the LMC, go to the menu Devices.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 27.PNG

5.2) Select the Unified Firewall and click on the “dots” icon in the upper right-hand corner.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 28.PNG

5.3) Click on Configuration roll out.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 29.png

5.4) Confirm the prompt by clicking on Roll out.

LANCOM Support Knowledge Base > Transferring the configuration of a LANCOM R&S®Unified Firewall configured via web interface to the LMC > 30.png