Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Data Center Next-Generation Firewall Topology

The lab was configured with a basic data center architecture to emulate the following components:

  • SRX Series Firewall (SRX4600) device in a Layer 2 high availability architecture.
  • Baselined configuration covering:
    • Interface configuration.
    • Zone configuration.
    • Basic building blocks, such as DNS, NTP, System Logging, and so on.
    • Firewall policy enforcement between defined zones.
  • Kali Linux server to emulate an attacker. This system emulates the following attack scenarios:
    • Generation of flooding attacks.
    • Generation of penetration testing attacks on webserver.
    • Generation and hosting of malware. Provides a reverse shell for exfiltration.
    • Assumes the role of C&C and hosts the malware for download.
  • Linux server to host webserver services. This endpoint is protected from various attacks initiated by an attacker.
  • Windows client to generate a web based traffic.
  • Linux client to generate web based traffic and emulate malware download.