Cisco - Cvoice: Voice Over IP v6.0 (CVOICE)

Cisco - Cvoice: Voice Over IP v6.0 (CVOICE)

Cisco Voice over IP (CVOICE) v6.0 provides an understanding of converged voice and data networks and also the challenges faced by the various network technologies. The course also provides network administrators and network engineers with the knowledge and skills required to integrate gateways and gatekeepers into an enterprise VoIP network. This course is one of several courses in the Cisco CCVP™ track that addresses design, planning, and deployment practices and provides comprehensive hands-on experience in configuration and deployment of VoIP networks.Prerequisites

To fully benefit from this course, it is recommended that you have the following prerequisite skills and knowledge:
Working knowledge of fundamental terms and concepts of computer networking to include LANs, WANs, and IP switching and routing
Basic internetworking skills taught in Interconnecting Cisco Network Devices (ICND), or equivalent knowledge
Ability to configure and operate Cisco routers and switches and to enable VLANs and DHCP
Knowledge of traditional public switched telephone network (PSTN) operations and technologies Associated Certifications
Cisco Certified Voice Professional Who Should Attend
This course is intended for the following audience:
Students completing the CCVP certification track
Network engineers, architects, and support staff with the following responsibilities.
Maintain and configure voice and data network devices
Are considering various methodologies to implement VoIP
Require a fundamental understanding of the issues and solutions related to implementation
Require a fundamental understanding of packet telephony technologies that are common for both enterprise and service provider applications Number of Days
5 Days instructor-led classroom training. (Approx. 7 hours each day.)Course Objectives
After completing this course, the student will be able to:
Describe VoIP, voice gateways, special requirements for VoIP calls, codecs and codec complexity, and how DSPs are used as media resources on a voice gateway
Configure gateway interconnections to support VoIP and PSTN calls and to integrate with a PSTN and PBX
Describe the basic signaling protocols that are used on voice gateways and configure a gateway to support calls using the various signaling protocols
Define a dial plan, describe the purpose of each dial plan component, and implement a dial plan on a voice gateway
Implement gatekeepers and directory gatekeepers, and identify redundancy options for gatekeepers
Implement a Cisco UBE gateway to connect to an Internet telephony service provider Course OutlineModule 1: Introduction to VoIP
Describe VoIP, voice gateways, special requirements for VoIP calls, codecs and codec complexity, and how DSPs are used as media resources on a voice gateway.
Lesson 1: Introducing VoIP This lesson describes the different types of voice gateways, including their functions, protocols, and uses. Upon completing this lesson, the learner will be able to meet these objectives:
Lesson 2: Introducing Voice Gateways This lesson describes various types of voice gateways and when to use each type. Upon completing this lesson, the learner will be able to meet these objectives:
Lesson 3: Specifying Requirements for VoIP Calls This lesson describes special requirements for VoIP calls, including the need for quality of service (QoS) and fax relay, modem relay, and dual tone multifrequency (DTMF) support. Upon completing this lesson, the learner will be able to meet these objectives:
Lesson 4: Understanding Codecs, Codec Complexity, and DSP Functionality This lesson describes various codecs, how to configure codec complexity, and how DSPs are used as media resources. Upon completing this lesson, the learner will be able to meet these objectives: Module 2: Voice Port Configuration
Configure gateway interconnections to support VoIP and PSTN calls and to integrate with a PSTN and PBX.
Lesson 1: Understanding Call Types This lesson defines the various call types in a VoIP network. Upon completing this lesson, the learner will be able to meet these objectives:
Lesson 2: Configuring Analog Voice Ports This lesson defines how to activate required Cisco Unified Communications Manager services and settings to enable features and remove Domain Name System (DNS) reliance.
Lab 2-1: Configuring Analog Voice Ports
Lesson 3: Understanding Dial Peers This lesson describes the purpose and use of dial peers in VoIP. The lesson includes these activities:
Lab 2-2 Configuring POTS Dial Peers
Lab 2-3 Configuring VoIP Dial Peers
Lesson 4: Configuring Digital Voice Ports This lesson describes the various digital interfaces and how to configure them. The lesson includes these activities:
Lab 2-4 Configuring Digital Voice Interfaces
Lesson 5: Understanding QSIG This lesson describes the key technologies that are used to implement ISDN QSIG trunks. Module 3: VoIP Gateway Implementation
Describe the basic signaling protocols that are used on voice gateways and configure a gateway to support calls using the various signaling protocols.
Lesson 1: Implementing H.323 Gateways This lesson defines the H.323 protocol stack and how to implement H.323 on gateways. The lesson includes these activities:
Lab 3-1: Implementing H.323 Gateways
Lesson 2: Implementing MGCP Gateways This lesson describes the MGCP stack and how to implement MGCP on gateways.
Lesson 3: Implementing SIP GatewaysThis lesson describes how to use SIP within Cisco Unified Communications systems and integrate Cisco IOS gateways into SIP-based voice environments.
Lab 3-2: Implementing SIP Gateways/li> Module 4: Dial Plan Implementation on Voice Gateways
Define a dial plan, describing the purpose of each dial plan component, and implement a dial plan on a voice gateway.
Lesson 1: Understanding Dial Plans This lesson describes the components of a dial plan and how they are used on Cisco IOS gateways.
Lesson 2: Implementing Numbering Plans This lesson describes how to implement a numbering plan using Cisco IOS gateways. The lesson includes these activities:
Lab 4-1: Implementing Numbering Plans
Lesson 3: Configuring Digit Manipulation This lesson describes how to implement digit manipulation using Cisco IOS gateways. The lesson includes these activities:
Lab 4-2: Implementing PSTN Dial Plans on Cisco IOS Gateways
Lesson 4: Configuring Path Selection This lesson describes path selection and how to manipulate it using Cisco IOS gateways. The lesson includes these activities:
Lab 4-3: Configuring Path Selection
Lesson 5: Implementing Calling Privileges on Cisco IOS GatewaysThis lesson defines how to implement calling privileges on Cisco IOS gateways using COR. The lesson includes these activities:
Lab 4-4: Implementing Calling Privileges on Cisco IOS Gateways Module 5: H.323 Gatekeepers
Implement gatekeepers and directory gatekeepers, and identify redundancy options for gatekeepers.
Lesson 1: Introducing Gatekeepers This lesson describes Cisco gatekeeper functionality.
Lesson 2: Configuring Basic Gatekeeper Functionality This lesson defines how to configure gatekeepers for device registration, address resolution, and call routing. The lesson includes this activity:
Lab 5-1 Configuring Basic Gatekeeper Functionality
Lesson 3: Implementing Gatekeeper-Based CAC This lesson defines how to implement gatekeeper-based CAC using zone bandwidth. The lesson includes this activity:
Lab 5-2: Implementing Gatekeeper-Based CAC Module 6: ITSP Connectivity
Describe and configure a Cisco Unified Border Element (UBE) within a Cisco Unified Communications network.
Lesson 1: Understanding Special Requirements for External VoIP Connections This lesson describes how Cisco UBEs are used in enterprise environments.
Lesson 2: Implementing a Cisco UBE This lesson defines how to implement Cisco UBEs to provide security and interworking. The lesson includes these activities:
Lab 6-1: Configure a Cisco UBE to connect to an ITSP
download links:
http://rapidshare.com/files/233583687/cvoice.part3.rar
http://rapidshare.com/files/233583607/cvoice.part2.rar
http://rapidshare.com/files/233583261/cvoice.part1.rar
http://rapidshare.com/files/233581931/cvoice.part4.rar

CBT Nuggets MCDST Certification Package

CBT Nuggets MCDST Certification Package

The Microsoft Certified Desktop Support Technician (MCDST) is one of the newest certification offerings from Microsoft. Designed to teach you the basics of supporting end-users on the Windows XP operating system and desktop applications, this training covers the topics and concepts that map to exams 70-271 and 70-272.

Instructor Todd Logan takes time to cover all the information you’ll need, not only to pass the exam, but to be able to do the job. Todd is our XP expert and you’ll appreciate his use of diagrams, examples and real-world analogies along with his upbeat and fun delivery of the material.

These videos were developed for the help desk person who is relatively new to Windows XP Professional and needs to be able to support end-users regarding issues with the XP operating system, MS Office, Internet Explorer and Outlook Express as well as troubleshoot desktop configuration problems. You’ll also learn about Microsoft’s new Service Pack 2 offering; from installation and compatibility to new features and changes.

There are 34 videos, providing more than 17 hours of instruction. A basic understanding of computers and networking, such as the A+/Network+ Combo Pack is recommended before viewing this training.

download links:
http://rapidshare.com/files/233689806/C.N.M.C.P.part10.rar
http://rapidshare.com/files/233692585/C.N.M.C.P.part07.rar
http://rapidshare.com/files/233693677/C.N.M.C.P.part02.rar
http://rapidshare.com/files/233693855/C.N.M.C.P.part09.rar
http://rapidshare.com/files/233693986/C.N.M.C.P.part05.rar
http://rapidshare.com/files/233695042/C.N.M.C.P.part01.rar
http://rapidshare.com/files/233695140/C.N.M.C.P.part08.rar
http://rapidshare.com/files/233695201/C.N.M.C.P.part03.rar
http://rapidshare.com/files/233696800/C.N.M.C.P.part04.rar
http://rapidshare.com/files/233697127/C.N.M.C.P.part06.rar

Networking Ebooks 2008

Networking Ebooks 2008

A computer network is a collection of computers and devices connected to each other. The network allows computers to communicate with each other and share resources and information. The Advanced Research Projects Agency (ARPA) designed “Advanced Research Projects Agency Network” (ARPANET) for the United States Department of Defense. It was the first computer network in the world in late 1960s and early 1970s.[1]

Computer networks can also be classified according to the hardware and software technology that is used to interconnect the individual devices in the network, such as Optical fiber, Ethernet, Wireless LAN, HomePNA, Power line communication or G.hn.

Ethernet uses physical wiring to connect devices. Frequently deployed devices include hubs, switches, bridges and/or routers.

Wireless LAN technology is designed to connect devices without wiring. These devices use radio waves or infrared signals as a transmission medium.

ITU-T G.hn technology uses existing home wiring (coaxial cable, phone lines and power lines) to create a high-speed (up to 1 Gigabit/s) local area network.

Networks are often classified as Local Area Network (LAN), Wide Area Network (WAN), Metropolitan Area Network (MAN), Personal Area Network (PAN), Virtual Private Network (VPN), Campus Area Network (CAN), Storage Area Network (SAN), etc. depending on their scale, scope and purpose. Usage, trust levels and access rights often differ between these types of network - for example, LANs tend to be designed for internal use by an organization’s internal systems and employees in individual physical locations (such as a building), while WANs may connect physically separate parts of an organization to each other and may include connections to third parties.

Download Link Here:

http://www.uploading.com/files/AWTMZR99/ebook_Administering_Windows_Server_2008_…rar.html
http://www.uploading.com/files/NGVXFONI/ebook_Administering_Windows_Vista_Securi…rar.html
http://www.uploading.com/files/5H7840NR/ebook_Alfresco_Enterprise_Content_Manage…rar.html
http://www.uploading.com/files/C956C57R/ebook_Building_Websites_with_VB_NET_and_…rar.html
http://www.uploading.com/files/AEHV5C5T/ebook_Building_websites_with_Xoops.rar.html
http://www.uploading.com/files/8JMX77CQ/ebook_CCNA-Day2.rar.html
http://www.uploading.com/files/Q2BZMZ8K/ebook_CCNA-Day3.rar.html
http://www.uploading.com/files/0SHTD5IZ/ebook_CCNA-Day1.rar.html
http://www.uploading.com/files/VSH6TP0M/ebook_Apache_JMeter.rar.html
http://www.uploading.com/files/841PZ2DY/ebook_Building_and_Maintaining_Linux_Clu…rar.html
http://www.uploading.com/files/RLA70Z7U/ebook_CCNA-Day4.rar.html
http://www.uploading.com/files/AFNUPLZ3/ebook_Essential_Windows_Communication_Fo…rar.html
http://www.uploading.com/files/975RXM87/ebook_Dangerous_Google_-_Searching_For_S…rar.html
http://www.uploading.com/files/HXKCIMYO/ebook_Data_and_Databases_-_Concepts_in_P…pdf.html
http://www.uploading.com/files/74U122BF/ebook_Hacking_Vim.rar.html
http://www.uploading.com/files/GKS2TC4L/ebook_Introducing_Windows_Server_2008.rar.html
http://www.uploading.com/files/X9TMJOOJ/ebook_IP_Network_Design_Guide.rar.html
http://www.uploading.com/files/W8LQLC1J/ebook_Learning.the.Yahoo.User.Interface….rar.html
http://www.uploading.com/files/3VA7BQUT/ebook_Distributed_Applications_-_Integra…rar.html
http://www.uploading.com/files/O77GEO8D/ebook_Mastering_OpenLDAP_-_Configuring__…rar.html
http://www.uploading.com/files/0PBXBFMK/ebook_MediaWiki_Administrators_s_Tutoria…rar.html
http://www.uploading.com/files/IS0PR8TO/ebook_Microsoft_Windows_Server_2008_Admi…rar.html
http://www.uploading.com/files/DYOU5YOH/ebook_Object_Oriented_JavaScript_Jul_2008.rar.html
http://www.uploading.com/files/7QJUTUK9/ebook_Mobile_Web_Development.rar.html
http://www.uploading.com/files/4QKE5XOB/ebook_OSWorkflow_A_Guide_for_Java_Develo…rar.html
http://www.uploading.com/files/I3PFDAB3/ebook_Professional_CSS_Cascading_Style_S…rar.html
http://www.uploading.com/files/KBSXADXQ/ebook_Web_Content_Management_With_Docume…rar.html
http://www.uploading.com/files/05CUUUEL/ebook_Web_Host_Manager_Administration_Gu…rar.html
http://www.uploading.com/files/1SDKO460/ebook_Windows_Server_2008_Active_Directo…rar.html
http://www.uploading.com/files/DHP1O8TR/ebook_Windows_Server_2008_For_Dummies.rar.html
http://www.uploading.com/files/V8XC2KZ7/ebook_Windows_Server_2008_Networking_and…rar.html
http://www.uploading.com/files/3TR1T7IM/ebook_Windows_Server_2008_TCP_IP_Protoco…rar.html
http://uploading.com/files/4QKE5XOB/ebook_OSWorkflow_A_Guide_for_Java_Developers_and_Architects.rar.html

http://hotfile.com/dl/2399181/9761fc1/ebook_Administering_Windows_Server_2008_Server_Core.rar.html
http://hotfile.com/dl/2399182/86aae43/ebook_Administering_Windows_Vista_Security_The_Big_Surprises.rar.html
http://hotfile.com/dl/2399184/0ad74e9/ebook_Alfresco_Enterprise_Content_Management_Implementation.rar.html
http://hotfile.com/dl/2399185/d9e37ec/ebook_Apache_JMeter.rar.html
http://hotfile.com/dl/2399186/7d54e45/ebook_Building_and_Maintaining_Linux_Clusters.rar.html
http://hotfile.com/dl/2399190/96dbd15/ebook_Building_Websites_with_VB_NET_and_DotNetNuke.rar.html
http://hotfile.com/dl/2399191/72dbda8/ebook_Building_websites_with_Xoops.rar.html
http://hotfile.com/dl/2399192/f3bfa6f/ebook_CCNA-Day1.rar.html
http://hotfile.com/dl/2399195/7261473/ebook_CCNA-Day2.rar.html
http://hotfile.com/dl/2399197/90e5b92/ebook_CCNA-Day3.rar.html
http://hotfile.com/dl/2399199/a342a03/ebook_CCNA-Day4.rar.html
http://hotfile.com/dl/2399201/1965535/ebook_CCNA-Day5.rar.html
http://hotfile.com/dl/2399203/48ca70a/ebook_Dangerous_Google_-_Searching_For_Secrets.rar.html
http://hotfile.com/dl/2399204/2a7b130/ebook_Data_and_Databases_-_Concepts_in_Practice.pdf.html
http://hotfile.com/dl/2399206/ad424e4/ebook_Distributed_Applications_-_Integrating_Xml_Web_Services_And_Net_Remoting.rar.html
http://hotfile.com/dl/2399207/2a5f8a5/ebook_Essential_Windows_Communication_Foundation_For_.NET_Framework_3.5.rar.html
http://hotfile.com/dl/2399208/75ecb4a/ebook_Hacking_Vim.rar.html
http://hotfile.com/dl/2399213/86f3d5d/ebook_Introducing_Windows_Server_2008.rar.html
http://hotfile.com/dl/2399214/2485bd1/ebook_IP_Network_Design_Guide.rar.html
http://hotfile.com/dl/2399216/e8fe411/ebook_Learning.the.Yahoo.User.Interface.library.rar.html
http://hotfile.com/dl/2399217/0e91e80/ebook_Mastering_OpenLDAP_-_Configuring__Securing_and_Integrating_Directory_Services.rar.html
http://hotfile.com/dl/2399223/48bad71/ebook_MediaWiki_Administrators_s_Tutorial_Guide.rar.html
http://hotfile.com/dl/2399225/9fb7ec4/ebook_Microsoft_Windows_Server_2008_Administration.rar.html
http://hotfile.com/dl/2399228/6141652/ebook_Mobile_Web_Development.rar.html
http://hotfile.com/dl/2399229/1ed727c/ebook_Object_Oriented_JavaScript_Jul_2008.rar.html
http://hotfile.com/dl/2399231/58d9618/ebook_OSWorkflow_A_Guide_for_Java_Developers_and_Architects.rar.html
http://hotfile.com/dl/2399234/1d771da/ebook_Professional_CSS_Cascading_Style_Sheets_for_Web_Design_2008.rar.html
http://hotfile.com/dl/2399235/9613ae1/ebook_Ruby_On_Rails_For_Dummies.rar.html
http://hotfile.com/dl/2399236/9e2338c/ebook_Web_Content_Management_With_Documentum.rar.html
http://hotfile.com/dl/2399237/c6eed94/ebook_Web_Host_Manager_Administration_Guide.rar.html
http://hotfile.com/dl/2399240/e95a44a/ebook_Windows_Server_2008_Active_Directory_Resource_Kit.rar.html
http://hotfile.com/dl/2399242/2c33b2c/ebook_Windows_Server_2008_For_Dummies.rar.html
http://hotfile.com/dl/2399244/3dfd216/ebook_Windows_Server_2008_Networking_and_Network_Access_Protection_NAP_-_Microsoft_Press.rar.html
http://hotfile.com/dl/2399246/7cae848/ebook_Windows_Server_2008_TCP_IP_Protocols_and_Services_-_Microsoft_Press.rar.html

http://www.enterupload.com/uedym02wl725/ebook_Administering_Windows_Server_2008_Server_Core.rar.html
http://www.enterupload.com/3rrf934lqx1h/ebook_Administering_Windows_Vista_Security_The_Big_Surprises.rar.html
http://www.enterupload.com/q21akjavicu4/ebook_Alfresco_Enterprise_Content_Management_Implementation.rar.html
http://www.enterupload.com/k5if0viv6a5m/ebook_Apache_JMeter.rar.html
http://www.enterupload.com/tdsb4m4kgkg5/ebook_Building_and_Maintaining_Linux_Clusters.rar.html
http://www.enterupload.com/bhgr33jigqmz/ebook_Building_Websites_with_VB_NET_and_DotNetNuke.rar.html
http://www.enterupload.com/xscu1e2svw7v/ebook_Building_websites_with_Xoops.rar.html
http://www.enterupload.com/x2ch0w0460yo/ebook_CCNA-Day1.rar.html
http://www.enterupload.com/3yy8dm755fko/ebook_CCNA-Day2.rar.html
http://www.enterupload.com/g1vldn6svlbv/ebook_CCNA-Day3.rar.html
http://www.enterupload.com/ekg203uv9skg/ebook_CCNA-Day4.rar.html
http://www.enterupload.com/bq6r0de2koew/ebook_CCNA-Day5.rar.html
http://www.enterupload.com/8×1o0mzp7td1/ebook_Dangerous_Google_-_Searching_For_Secrets.rar.html
http://www.enterupload.com/4iecpe8p96p8/ebook_Data_and_Databases_-_Concepts_in_Practice.pdf.html
http://www.enterupload.com/8f0kgy2is1hq/ebook_Distributed_Applications_-_Integrating_Xml_Web_Services_And_Net_Remoting.rar.html
http://www.enterupload.com/xqqmqoer5n8c/ebook_Essential_Windows_Communication_Foundation_For_.NET_Framework_3.5.rar.html
http://www.enterupload.com/lx9ol483sug9/ebook_Hacking_Vim.rar.html
http://www.enterupload.com/bbuekt5txqet/ebook_Introducing_Windows_Server_2008.rar.html
http://www.enterupload.com/7j3lql08sv06/ebook_IP_Network_Design_Guide.rar.html
http://www.enterupload.com/h9pg1cbi83ws/ebook_Learning.the.Yahoo.User.Interface.library.rar.html
http://www.enterupload.com/9ef60w37r814/ebook_Mastering_OpenLDAP_-_Configuring__Securing_and_Integrating_Directory_Services.rar.html
http://www.enterupload.com/ebs1g8mlz3wz/ebook_MediaWiki_Administrators_s_Tutorial_Guide.rar.html
http://www.enterupload.com/7wao4q8fy4sn/ebook_Microsoft_Windows_Server_2008_Administration.rar.html
http://www.enterupload.com/1a9xor8b65ob/ebook_Mobile_Web_Development.rar.html
http://www.enterupload.com/fg9od1xcdldt/ebook_Object_Oriented_JavaScript_Jul_2008.rar.html
http://www.enterupload.com/dyf4o518gamh/ebook_OSWorkflow_A_Guide_for_Java_Developers_and_Architects.rar.html
http://www.enterupload.com/tv0pba2ds8nx/ebook_Professional_CSS_Cascading_Style_Sheets_for_Web_Design_2008.rar.html
http://www.enterupload.com/s0kg3qnh1i8d/ebook_Ruby_On_Rails_For_Dummies.rar.html
http://www.enterupload.com/h3nm6o1bk1vi/ebook_Web_Content_Management_With_Documentum.rar.html
http://www.enterupload.com/hmvvviih6jx3/ebook_Web_Host_Manager_Administration_Guide.rar.html
http://www.enterupload.com/d4tkzsqv7brn/ebook_Windows_Server_2008_For_Dummies.rar.html
http://www.enterupload.com/eccadutwr2yc/ebook_Windows_Server_2008_Networking_and_Network_Access_Protection_NAP_-_Microsoft_Press.rar.html
http://www.enterupload.com/52ovmq1p8dd6/ebook_Windows_Server_2008_TCP_IP_Protocols_and_Services_-_Microsoft_Press.rar.html
http://www.enterupload.com/cdlpo2yjwsca/ebook_Point.Serve.rar.html

http://www.easy-share.com/1905148471/ebook_Administering_Windows_Server_2008_Server_Core.rar
http://www.easy-share.com/1905148472/ebook_Administering_Windows_Vista_Security_The_Big_Surprises.rar
http://www.easy-share.com/1905148473/ebook_Alfresco_Enterprise_Content_Management_Implementation.rar
http://www.easy-share.com/1905148474/ebook_Apache_JMeter.rar
http://www.easy-share.com/1905148475/ebook_Building_and_Maintaining_Linux_Clusters.rar
http://www.easy-share.com/1905148476/ebook_Building_Websites_with_VB_NET_and_DotNetNuke.rar
http://www.easy-share.com/1905148477/ebook_Building_websites_with_Xoops.rar
http://www.easy-share.com/1905148479/ebook_CCNA-Day1.rar
http://www.easy-share.com/1905148480/ebook_CCNA-Day2.rar
http://www.easy-share.com/1905148481/ebook_CCNA-Day3.rar
http://www.easy-share.com/1905148482/ebook_CCNA-Day4.rar
http://www.easy-share.com/1905148483/ebook_CCNA-Day5.rar
http://www.easy-share.com/1905148484/ebook_Dangerous_Google_-_Searching_For_Secrets.rar
http://www.easy-share.com/1905148485/ebook_Data_and_Databases_-_Concepts_in_Practice.pdf
http://www.easy-share.com/1905148490/ebook_Distributed_Applications_-_Integrating_Xml_Web_Services_And_Net_Remoting.rar
http://www.easy-share.com/1905148491/ebook_Essential_Windows_Communication_Foundation_For_.NET_Framework_3.5.rar
http://www.easy-share.com/1905148492/ebook_Hacking_Vim.rar
http://www.easy-share.com/1905148493/ebook_Introducing_Windows_Server_2008.rar
http://www.easy-share.com/1905148494/ebook_IP_Network_Design_Guide.rar
http://www.easy-share.com/1905148495/ebook_Learning.the.Yahoo.User.Interface.library.rar
http://www.easy-share.com/1905148497/ebook_Mastering_OpenLDAP_-_Configuring__Securing_and_Integrating_Directory_Services.rar
http://www.easy-share.com/1905148502/ebook_MediaWiki_Administrators_s_Tutorial_Guide.rar
http://www.easy-share.com/1905148503/ebook_Microsoft_Windows_Server_2008_Administration.rar
http://www.easy-share.com/1905148504/ebook_Mobile_Web_Development.rar
http://www.easy-share.com/1905148505/ebook_Object_Oriented_JavaScript_Jul_2008.rar
http://www.easy-share.com/1905148506/ebook_OSWorkflow_A_Guide_for_Java_Developers_and_Architects.rar
http://www.easy-share.com/1905148507/ebook_Professional_CSS_Cascading_Style_Sheets_for_Web_Design_2008.rar
http://www.easy-share.com/1905148508/ebook_Ruby_On_Rails_For_Dummies.rar
http://www.easy-share.com/1905148511/ebook_Web_Content_Management_With_Documentum.rar
http://www.easy-share.com/1905148512/ebook_Web_Host_Manager_Administration_Guide.rar
http://www.easy-share.com/1905148513/ebook_Windows_Server_2008_Active_Directory_Resource_Kit.rar
http://www.easy-share.com/1905148514/ebook_Windows_Server_2008_For_Dummies.rar
http://www.easy-share.com/1905148515/ebook_Windows_Server_2008_Networking_and_Network_Access_Protection_NAP_-_Microsoft_Press.rar
http://www.easy-share.com/1905148516/ebook_Windows_Server_2008_TCP_IP_Protocols_and_Services_-_Microsoft_Press.rar

http://rapidshare.com/files/232013673/ebook_IP_Network_Design_Guide.rar
http://rapidshare.com/files/232013680/ebook_CCNA-Day5.rar
http://rapidshare.com/files/232013684/ebook_Data_and_Databases_-_Concepts_in_Practice.pdf
http://rapidshare.com/files/232013686/ebook_Building_and_Maintaining_Linux_Clusters.rar
http://rapidshare.com/files/232013690/ebook_Learning.the.Yahoo.User.Interface.library.rar
http://rapidshare.com/files/232013693/ebook_OSWorkflow_A_Guide_for_Java_Developers_and_Architects.rar
http://rapidshare.com/files/232013694/ebook_Essential_Windows_Communication_Foundation_For_.NET_Framework_3.5.rar
http://rapidshare.com/files/232013696/ebook_Dangerous_Google_-_Searching_For_Secrets.rar
http://rapidshare.com/files/232013697/ebook_Mastering_OpenLDAP_-_Configuring__Securing_and_Integrating_Directory_Services.rar
http://rapidshare.com/files/232013706/ebook_Apache_JMeter.rar
http://rapidshare.com/files/232013709/ebook_CCNA-Day3.rar
http://rapidshare.com/files/232013710/ebook_Building_websites_with_Xoops.rar
http://rapidshare.com/files/232013713/ebook_Alfresco_Enterprise_Content_Management_Implementation.rar
http://rapidshare.com/files/232013714/ebook_Hacking_Vim.rar
http://rapidshare.com/files/232013716/ebook_CCNA-Day4.rar
http://rapidshare.com/files/232013718/ebook_Object_Oriented_JavaScript_Jul_2008.rar
http://rapidshare.com/files/232013719/ebook_Mobile_Web_Development.rar
http://rapidshare.com/files/232013720/ebook_Building_Websites_with_VB_NET_and_DotNetNuke.rar
http://rapidshare.com/files/232013727/ebook_CCNA-Day1.rar
http://rapidshare.com/files/232013731/ebook_CCNA-Day2.rar
http://rapidshare.com/files/232013735/ebook_Ruby_On_Rails_For_Dummies.rar
http://rapidshare.com/files/232013739/ebook_Distributed_Applications_-_Integrating_Xml_Web_Services_And_Net_Remoting.rar
http://rapidshare.com/files/232013743/ebook_MediaWiki_Administrators_s_Tutorial_Guide.rar
http://rapidshare.com/files/232013744/ebook_Microsoft_Windows_Server_2008_Administration.rar
http://rapidshare.com/files/232013746/ebook_Administering_Windows_Vista_Security_The_Big_Surprises.rar
http://rapidshare.com/files/232013747/ebook_Administering_Windows_Server_2008_Server_Core.rar
http://rapidshare.com/files/232013750/ebook_Professional_CSS_Cascading_Style_Sheets_for_Web_Design_2008.rar
http://rapidshare.com/files/232013764/ebook_Introducing_Windows_Server_2008.rar
http://rapidshare.com/files/232014362/ebook_Windows_Server_2008_For_Dummies.rar
http://rapidshare.com/files/232014388/ebook_Web_Content_Management_With_Documentum.rar
http://rapidshare.com/files/232014399/ebook_Web_Host_Manager_Administration_Guide.rar
http://rapidshare.com/files/232014412/ebook_Windows_Server_2008_TCP_IP_Protocols_and_Services_-_Microsoft_Press.rar
http://rapidshare.com/files/232014413/ebook_Windows_Server_2008_Active_Directory_Resource_Kit.rar
http://rapidshare.com/files/232014441/ebook_Windows_Server_2008_Networking_and_Network_Access_Protection_NAP_-_Microsoft_Press.rar
http://rapidshare.com/files/232045747/Building_powerful_and_robust_websites_with_Drupal_6.rar
http://rapidshare.com/files/232070737/ebook_Point.Serve.rar

Exam-Pack 70-620: Microsoft Windows Vista, Configuring

MCTS Exam 70-620 on Installing, Configuring, and Managing Windows Vista Desktop Computers

Includes 24 Videos
This training allows Vista to become the great OS for you that it can be. Vista has tremendous potential, but unfortunately, the learning curve has been a little too steep for users to pickup on their own. Now you can learn to configure Windows Vista computers for maximum performance — and at the same time prepare for certification as a Technology Specialist on Microsoft Windows Vista.

Here’s what you’ll learn in each of the Configuring Windows Vista videos:

Video 1 - “Configuring Windows Vista Series Introduction” - This first nugget introduces you to Exam-Pack 70-620: Microsoft Windows Vista, Configuring. You’ll learn about exam requirements, how this series is structured, and what you can hope to get out of the training.

Video 2 - “Installation: Hardware Requirements, Editions” - If you want Windows Vista to run as expected, your hardware has to be up to snuff. First this nugget covers two types of Vista hardware — hardware to work okay and hardware to work blazing fast. Then you’ll learn about all the different Vista editions, including the features you’ll find in each. This includes all the features and functionalities in Windows Vista Starter, Home Basic, Home Premium, Business, Enterprise, and Ultimate.

Video 3 - “Windows Vista Installation and Clean Install” - Here’s how you install Windows Vista on a new computer that’s never had a Windows OS installed on it before. First you’ll learn a few key terms to know during the installation process. Then you’ll learn the different methods you can use to install Windows Vista. After that you’ll learn about Windows Product Activation (WPA) so you can work within your licensing and stay legal. And finally you’ll walk through an actual clean install of Windows Vista, which lays the foundation for the other types of installations you’ll learn about next.

Video 4 - “Windows Vista Upgrade” - Upgrading to Windows Vista has a few differences from a clean install. When you put the Windows Vista installation DVD into computer running an older version of Windows or another edition of Windows Vista, you’ll see the Upgrade Advisor — this is what you’ll use to run through the upgrade. In this video you’ll learn how Upgrade Advisor will help you recognize any hurdles to upgrading and then work them out before problems come up. You’ll also learn what upgrade paths are available to you. Plus you’ll get a first introduction to the Windows Easy Transfer migration tool. Finally, you’ll see a simple demonstration of an upgrade to Windows Vista.

Video 5 - “Windows Vista Migration and Windows Easy Transfer” - In this nugget you dive in deeper into Windows Vista migration using Windows Easy Transfer tool plus another tool called the User State Migration Tool 3.0 (USMT). These tools help you migrate user documents and settings into Vista from previous versions of Windows. USMT doesn’t really show up on the 70-620 exam, but it will be very helpful as you deploy Windows Vista in a corporate or enterprise environment.

Video 6 - “Anytime Upgrade, Troubleshooting Installation” - This nugget explains in detail how Anytime Upgrade makes it easy to move from one edition of Vista to another, without losing any important settings or information. Plus you’ll learn some of the best techniques for troubleshooting Windows Vista installation issues. Finally this nugget covers application compatibility — so you don’t hit a brick wall when you have Windows Vista up and running just fine but you can’t seem to get your favorite application to run.

Video 7 - “Install and Configure Drivers” - Drivers are the key to getting Vista to “speak” with the hardware it is running on. In this nugget you learn how to install and configure drivers in Windows Vista. This includes knowing about Driver Signatures, Windows Hardware Quality Labs (WHQL), Windows Software Engineering (WSE), and Driver Verifier. Plus you’ll learn how to troubleshoot when things go wrong using Roll Back, Uninstall Driver, and Last Known Good.

Video 8 - “Troubleshooting Post-Installation Configuration Issues, Windows Aero” - Okay — Vista is installed. Now what? This nugget takes you through configurations and system settings you’ll want to implement post-installation to get Vista to run well. This includes advanced options and selections in Device Manager. Also, you’ll learn how problem reports help you track down and solve problems coming from the processes and applications running on your system. Finally, you’ll discover how customizing display properties can drastically effect system performance — including using, not using, or limiting the front-end Windows Aero interface.

Video 9 - “Configuring Internet Explorer, Configure and Troubleshoot Parental Controls” - This nugget is all about connecting to the Internet with Windows Vista using Microsoft Internet Explorer. This includes configuring and troubleshooting parental controls to control internet access. Also, you’ll learn how to use Content Advisor to configure what types of websites users of the computer can access. Plus you’ll learn how to use RSS feeds and why they’re useful, using search within Windows and within your browser, and finally about the improved Internet printing experience in Windows Vista.

Video 10 - “Security: Configure and Troubleshoot User Account Control” - This first nugget on security in Windows Vista walks you through how to configure and troubleshoot User Account Control. Understand the core concepts surrounding user accounts including permissions for different types and groups of accounts. Plus learn what to behavior you can expect from User Account Control. Also you’ll walk through how to setup and manage policies including group and local policies. Finally, this nugget covers what the “Secure Desktop” is, how it effects users, and how it can help IT professionals.

Video 11 - “Security: Windows Defender” - Windows Defender is a cool tool integrated with Windows Vista to help you control Adware, Spyware, Malware, and Viruses. This second security nugget goes through how these are defined on the Microsoft exam, plus shows you how you can setup Windows Defender to protect your Vista computer automatically.

Video 12 - “Dynamic Security for IE7″ - Internet Explorer continues to give you more options for locking down security. This nugget details how to use these features, including Protected Mode, the Phishing Filter, the Pop-up blocker, Security Zones that help you control what can be downloaded and run on your computer, Privacy settings including cookie handling, how to identify Secure Websites in IE7, and finally controlling Add-ons that sometimes improve user experience but also pose a security risk.

Video 13 - “Security: Configure Security Settings in Windows Firewall” - This last security-focused nugget walks you through how Windows Firewall has advanced in Vista. It starts by going through essential terms — like TCP/IP, Port, Network Interface, Inbound and Outbound Traffic, IPSec, Bidirectional, Stateful, Home, Work, Public, Private, and Domain — you need to know before you configure the firewall, then dives into the new features, explains Network Location Awareness (NLA) profiles, shows you the different interfaces for configuring Windows Firewall, and concludes by demonstrating a configuration of the firewall.

Video 14 - “Configuring Networking by Using the Network and Sharing Center” - Now that you have security in line it’s time to connect to the network. This nugget starts with understanding IP Addressing and Network Services. Then it moves into common network types you’ll see and how Vista fits within each. Also, you’ll see how easy it has become to connect to networks using the Network and Sharing Center inside Vista, including both wired and wireless networks. Next you’ll learn about Internet Connection Sharing (ICS), and finally about various network connection properties. And along the way DNS Name Resolution, Network Address Translation (NAT), and Troubleshooting Connectivity are covered as well.

Video 15 - “Sharing Resources and Securing Wireless Access Points” - This nugget goes deeper into two important networking topics — resource sharing and wireless security. First you’ll learn how using the Network and Sharing Center makes it easy than ever to share files, folders, and printers. And then you’ll learn about Wireless Security including changing your SSID and disabling broadcasting, using WEP and WPA wireless security, and filtering by MAC address.

Video 16 - “Remote Access: Remote Assistance and Remote Desktop” - Remote access in Vista is split into two core uses — remote assistance for supporting others, and remote desktop for using all your computer’s files and resources from another location. This nugget covers how to configure remote access in Vista including both remote desktop and remote assistance. This will be a key point of confusion on the 70-620 exam and instructor James Conrad contacted an insider at Microsoft to clarify that the content in this nugget maps exactly to the remote access topics you will see on the exam — this is not the remote access you’re already familiar with!

Video 17 - “Network Troubleshooting” - This is the last nugget that focuses heavily on networking — in it you’ll learn how to troubleshoot network connectivity in Vista. First you’ll learn a series of steps you can go through that will identify and allow you to fix most network connectivity issues. Then you’ll learn about the tools you’ll be using — IPCONFIG, PING, TRACERT, PATHPING, and Automating Private IP Addressing (APIPA).

Video 18 - “Configure Windows Mail” - Windows Mail replaces Outlook Express as the native Email and Newsgroup client in Windows Vista. In this nugget you’ll first review mail protocols including SMTP, POP3, and IMAP4. Then you’ll dive in and configure Windows Mail and work with mail messages you send and receive through Windows Mail. Finally, you’ll also look at how to configure newsgroups and work with newsgroup messages.

Video 19 - “Configure Windows Calendar, Meeting Space” - This nugget covers another set of applications included with Windows Vista — Windows Calendar and Meeting Space. The nugget starts with an explanation of how to go in and edit or add more details to the contacts stored on your computer. Then you’ll learn how to use Windows Calendar to schedule and share events and appointments, and Windows Meeting Space to share your desktop, applications, and more over the internet or an ad-hoc wireless network.

Video 20 - “Configure Windows Sidebar, Media Applications” - This nugget covers a few more applications you’ll see included with Windows Vista — Windows Media Player, Windows Media Center, Windows Fax and Scan, and the Windows Sidebar. You’ll learn how to configure each of these applications, plus you’ll get demos of some cool features you’ll want to play around with to discover in more depth.

Video 21 - “Optimizing Windows Vista” - Vista has tons of cool features — which can be hard on your system resources if not configured to work with what’s available. It also comes with some cool tools that help with this. Learn how to optimize your Vista system, including using the new ReadyBoost technology, managing Startup Programs, enabling or disabling Visual Effects, and Indexing to improve performance. Also, you’ll learn about Power Plans, doing Disk Cleanup, and defragmenting with Diskeeper.

Video 22 - “Reliability Tools” - Making sure your computer runs reliably is a big topic. This nugget doesn’t fall short. You’ll learn about troubleshooting with Problem Reports and Solutions, plus using Problem History to track problem trends. You’ll learn how to cleanup Internet Explorer including deleting browsing history. You’ll learn how hardware can limit performance and how to discover if that is happening on your system. And how the dramatically improved Event Viewer helps make troubleshooting easier. And how the Reliability and Performance Monitor gives you an inside look into current and past performance of your computer. Plus how to diagnose the overall system health. And for the final two topics this nugget covers the Task Manager and where to find comprehensive System Information.

Video 23 - “Data Protection and Windows Update” - This nugget covers two best practices for making sure your data is always safe and your computer stays secure. First you’ll learn about Data Protection, specifically how to back up and restore data using tools in Vista — including taking a snapshot of your System State for easy recognition, finding and using previous versions of files, and how to do complete PC backups easily. Then, you learn about configuring Windows Update to make sure you get all the latest patches and improvements as Microsoft releases them.

Video 24 - “Mobile Computing” - This final nugget covers unique features and functionality of Vista for use with notebooks and other mobile computers. First you’ll learn how to configure external displays. Then you’ll learn how to configure and use Network Projectors, Windows Mobile Device Center (WMDC), Sync Center, Offline Files SideShow, Tablet PCs, and finally the nugget concludes with a discussion of the three Power States available in Windows Vista.

On the job Windows Vista skills plus exam prep for Technology Specialist exam

Exam-Pack 70-620: Microsoft Windows Vista, Configuring gives you the skills you need to configure Microsoft Windows Vista desktop computers to run at peak performance. In addition to the real-world skills you learn, the series also maps to exam objectives for Microsoft Certified Technology Specialist (MCTS) exam 70-620, which certifies that you have the skills to configure Windows Vista Desktop computers in an enterprise environment.

Exam-Pack 70-620: Microsoft Windows Vista, Configuring contains:

- Configuring Windows Vista Series Introduction
- Installation: Hardware Requirements, Editions
- Windows Vista Installation and Clean Install
- Windows Vista Upgrade
- Windows Vista Migration and Windows Easy Transfer
- Anytime Upgrade, Troubleshooting Installation
- Install and Configure Drivers
- Troubleshooting Post-Installation Configuration Issues, Windows Aero
- Configuring Internet Explorer, Configure and Troubleshoot Parental Controls
- Security: Configure and Troubleshoot User Account Control
- Security: Windows Defender
- Dynamic Security for IE7
- Security: Configure Security Settings in Windows Firewall
- Configuring Networking by Using the Network and Sharing Center
- Sharing Resources and Securing Wireless Access Points
- Remote Access: Remote Assistance and Remote Desktop
- Network Troubleshooting
- Configure Windows Mail
- Configure Windows Calendar, Meeting Space
- Configure Windows Sidebar, Media Applications
- Optimizing Windows Vista
- Reliability Tools
- Data Protection and Windows Update
- Mobile Computing
download links:
http://rapidshare.com/files/232675091/70-620.part5.rar
http://rapidshare.com/files/232673562/70-620.part4.rar
http://rapidshare.com/files/232673504/70-620.part6.rar
http://rapidshare.com/files/232673423/70-620.part1.rar
http://rapidshare.com/files/232673383/70-620.part3.rar
http://rapidshare.com/files/232673298/70-620.part2.rar

Latest Pass4sure p4s ccna 8.14 with 514 2009

Latest Pass4sure p4s ccna 8.14 with 514 2009

Latest Pass4sure p4s ccna 8.14 with 514 Q/A update 29 april 2009
The p4s 8.14 include All Q/A in p4s 8.03 + volume H

If you are going to CCNA Exam 640-802 just wait for Study Pass4sure, if you will study then you fell more Confident for giving this exam.

Download Link:
http://rapidshare.com/files/231931045/pass4sure_ccna_8.14.rar

This one is volumme H of 8.14
Here is 8.03

http://rapidshare.com/files/226734527/full-p4s-ccna8.03-503Q_ScreenShot.part1.rar
http://rapidshare.com/files/226734529/full-p4s-ccna8.03-503Q_ScreenShot.part2.rar

Troubleshooting your Cisco router

Troubleshooting your Cisco router

Inevitably, there will be problems. Usually, it will come in the form of a user notifying you that they can not reach a certain destination, or any destinattion at all. You will need to be able to check how the router is attempting to route traffic, and you must be able to track down the point of failure.

You are already familiar with the show commands, both specific commands and how to learn what other show commands are available. Some of the most basic, most useful commands you will use for troubleshooting are:
ExampleName#show interfaces
ExampleName#show ip protocols
ExampleName#show ip route
ExampleName#show ip arp
Testing connectivity

It is very possible that the point of failure is not in your router configuration, or at your router at all. If you examine your router's configuration and operation and everything looks good, the problem might be be farther up the line. In fact, it may be the line itself, or it could be another router, which may or may not be under your administration.

One extremely useful and simple diagnostic tool is the ping command. Ping is an implementation of the IP Message Control Protocol (ICMP). Ping sends an ICMP echo request to a destination IP address. If the destination machine receives the request, it responds with an ICMP echo response. This is a very simple exchange that consists of:

Hello, are you alive?

Yes, I am.
ExampleName#ping xx.xx.xx.xx

If the ping test is successful, you know that the destination you are having difficulty reaching is alive and physically reachable.

If there are routers between your router and the destination you are having difficulty reaching, the problem might be at one of the other routers. Even if you ping a router and it responds, it might have other interfaces that are down, its routing table may be corrupted, or any number of other problems may exist.

To see where packets that leave your router for a particular destination go, and how far, use the trace command.
ExampleName#trace xx.xx.xx.xx

It may take a few minutes for this utility to finish, so give it some time. It will display a list of all the hops it makes on the way to the destination.
debug commands

There are several debug commands provided by the IOS. These commands are not covered here. Refer to the Cisco website for more information.
Hardware and physical connections

Do not overlook the possibility that the point of failure is a hardware or physical connection failure. Any number of things can go wrong, from board failures to cut cables to power failures. This document will not describew troubleshooting these problems, except for these simple things.

Check to see that the router is turned on. Also make sure that no cables are loose or damaged. Finally, make sure cables are plugged into the correct ports. Beyond this simple advice you will need to check other sources.
Out of your control

If the point of failure is farther up the line, the prolem might lie with equipment not under your administration. Your only option might be to contact the equipment's administrator, notify them of your problem, and ask them for help. It is in your interest to be courtious and respectful. The other administrator has their own problems, their own workload and their own priorities. Their agenda might even directly conflict with yours, such as their intention to change dynamic routing protocols, etc. You must work with them, even if the situation is frustrating. Alienating someone with the power to block important routes to your network is not a good idea.

Subnetting Shortcuts – Part Two

Subnetting Shortcuts – Part Two

In Subnetting Shortcuts- Part One, we reviewed the classful addressing scheme, and the purpose of a subnet mask. Now let’s look at an example.

Let’s say that you’ve been given an address space of 192.168.1.0/24, and you’re asked to subnet the network such that you can have four subnets, each supporting at least 50 hosts. In the IP world, anything that requires an IP address is commonly referred to as a “host”, since it can host (provide the hardware on which to execute) computer programs. We’ll assume that each host requires one IP address, which is by far the most common case. We want to know if it is possible to solve the problem, and if so …

• What subnet mask is required?
• What subnets result from using the required mask?
• What are the ranges of legal host addresses on the subnets?

The first thing I do in a problem like this is a “sanity check”. Multiply the number of hosts per subnet (50) by the number of subnets (4) to obtain the total number of host addresses required (200), then verify that the available address space will support at least that many addresses. If the total number of host addresses required exceeds the available address space, the problem cannot be solved using standard subnet masking. Since 200 is less than 254 (the number of host addresses available on a class “C” network), we can proceed to attempt to solve the problem.

The key to solving this type of problem is the following “powers of two” chart:

n =	8	7	6	5	4	3	2	1
2n =	256	128	64	32	16	8	4	2

Per the chart, 2 to the third power (that is, 2 x 2 x 2) is 8. In other words, with three bits available, there are eight possible combinations of 0’s and 1’s (000, 001, 010, 010, 011, 100, 101, 110, and 111). Likewise, 2 to the fifth power is 32 (00000, 00001 … 11111). As you can see from the chart, each additional bit doubles the number of possible combinations.

How do we use the “powers” chart to solve the problem?

First, determine the number of host bits required to support the specified number of hosts per subnet. In the example above, since there are 50 hosts per subnet, the number of host bits is 6 (this actually allows for 62 hosts per subnet, since two addresses per subnet are reserved).

Next, determine the number of subnet bits required. In the example above, since there are four subnets, the number of subnet bits is two. Note that in the case of subnets, you do not have to subtract two from the total (unlike with addresses, no subnets are reserved).

Since in our example we need two subnet bits and six host bits in the last octet (with a class C network, you only have the fourth octet to work with), the subnet mask in that octet is 1100000, which in decimal is 192. Therefore, the mask is 255.255.255.192, or “/26” (since there are twenty-six 1’s in the mask). If we set the host bits to zero and cycle through the four possible patterns of subnet bits, we obtain the four subnets:

• 00 000000 = 0 (192.168.1.0/26)
• 01 000000 = 64 (192.168.1.64/26)
• 10 000000 = 128 (192.168.1.128/26)
• 11 000000 = 192 (192.168.1.192/26)

Remember that all 1’s in the host portion is reserved for the directed broadcast address for a subnet. Cycling through the possibilities with the host bits set to all 1’s gives:

• 00 111111 = 63 (192.168.1.63, directed broadcast for 192.168.1.0/26)
• 01 111111 = 127 (192.168.1.127, directed broadcast for 192.168.1.64/26)
• 10 111111 = 191 (192.168.1.191, directed broadcast for 192.168.1.128/26)
• 11 111111 = 255 (192.168.1.255, directed broadcast for 192.168.1.192/26)

Finally, the range of legal host addresses is all values in between the subnet and directed broadcast addresses:

• 00 000001 - 00 111110 (192.168.1.1 – 192.168.1.62)
• 01 000001 - 01 111110 (192.168.1.65 – 192.168.1.126)
• 10 000001 - 10 111110 (192.168.1.129 – 192.168.1.190)
• 11 000001 - 11 111110 (192.168.1.193 – 192.168.1.254)

Note that each of the four subnets allows 62 legal host addresses, which is exactly what we would expect when using six host bits. Why? Because two to the sixth is 64, and two addresses per subnet (those with all 0’s and all 1’s in the host portion) are reserved. That leaves 62 legal host addresses per subnet.

Whew! That was doing it the long way. Next time, we’ll examine some shortcuts that can make solving problems like this easier and quicker.

Subnetting Shortcuts- Part One

Subnetting Shortcuts- Part One

Many CCNA candidates have trouble with subnet masking (and some CCNP candidates, as well!). Over the next few weeks, we’ll learn some shortcuts that make subnet masking calculations easier. But first, a review …

Recall that the IPv4 address space is subdivided into five regions, referred to as Class A, B, C, D and E:

• Class A: The first octet is in the range of 1 to 126 (networks 0 and 127 are reserved). By default, the first octet is network information, and the last three octets are host information.
• Class B: The first octet is in the range of 128 to 191. By default, the first two octets are network information, and the last two octets are host information.
• Class C: The first octet is in the range of 192 to 223. By default, the first three octets are network information, and the last octet is host information.
• Class D: The first octet is in the range from 224 through 239. These are reserved for Multicast, and never assigned to hosts (and thus have no subnet masks).
• Class E: The first octet is in the range from 240 through 255. These are reserved for Research (effectively unused).

Also recall the rules for subnet masks:

• Like IPv4 addresses, subnet masks for IPv4 are always 32 bits in length.
• A “1” in a bit position of a mask indicates that the corresponding address bit is network-type (network or subnet) information.
• A “0” in a bit position of a mask indicates that the corresponding address bit is host information.
• Subnet masks must be contiguous, meaning that the1’s must form an unbroken string starting from the left, with the zeros to the right.

Putting together the A, B and C ranges with the rules for subnet masks:

• Class A: The default subnet mask is 255.0.0.0 (all 1’s in the first octet, zeros thereafter). Since there are eight 1’s in the subnet mask, this mask can also be represented as “/8”.
• Class B: The default subnet mask is 255.255.0.0 (all 1’s in the first two octets, zeros thereafter). Since there are sixteen 1’s in the subnet mask, this mask can also be represented as “/16”.
• Class C: The default subnet mask is 255.255.255.0 (all 1’s in the first three octets, zeros in the fourth octet). Since there are twenty-four 1’s in the subnet mask, this mask can also be represented as “/24”.
• The “slash” notation (such as “/8”) is commonly referred to as “CIDR” (“Classless Inter Domain Routing”) or “bit-count” notation.

Finally, recall that subnet masks allow hosts and routers to calculate the subnets on which particular addresses reside. For example, if a host has an address of 192.168.1.99 and a mask of 255.255.255.0, the host knows that its own subnet is 192.168.1.0/24. How does it know? It does a “bitwise-AND” calculation using the address and mask (multiply the bits in each column):

11000000.10101000.00000001.01100011 (address of 192.168.1.99)
11111111.11111111.11111111.00000000 (mask of 255.255.255.0)
———————————————————
11000000.10101000.00000001.00000000 (subnet is 192.168.1.0)

Likewise, if a router’s FastEthernet 0/0 interface has an address of 172.16.100.200 with a mask of “/24”, the router places a connected (“C”) route for 172.16.100.0/24 into its routing table, associated with that interface.

Next time, we’ll take a look at the calculations in more detail, and begin the shortcuts.

VLSM – Part 1

VLSM – Part 1

Welcome back! In this installment, we’re going to examine VLSM (Variable-Length Subnet Masking, RFC 1878), and how to use the subnetting shortcuts to solve VLSM problems. I’m sure that it won’t surprise you to know that we’ll need the powers of two chart:

n =	8	7	6	5	4	3	2	1
2n =	256	128	64	32	16	8	4	2

So, let’s don our beanie caps and get to work. Suppose that we’re given an address space of 192.168.1.0/24, and asked to subnet it. As we know, this involves finding the mask, subnets, and ranges. We’re also told that we need four subnets, and that the four subnets need the following numbers of hosts:

• 105 hosts
• 50 hosts
• 20 hosts
• 10 hosts

Let’s see if we can do it with standard subnet masking (where the mask is the same for all subnets). We start out the usual way, verifying that the total number of hosts (185) will fit within our “/24” address space (which will support up to 254 hosts). Next, we observe that the number of hosts on the largest subnet is 105, which requires seven host bits (and allows for up to 126 hosts per subnet). Since there are four subnets, we need two subnet bits (which allows up to four subnets).

Oh-oh … big problem! Seven plus two is nine, but we have only eight bits to work with (the first 24 are fixed by the address space). Put another way, 32 minus 9 is 23, which means a “/23” mask. Unfortunately, this is to the left of the “/24” specified by the address space, so we can’t do it. Since standard subnet masking won’t work, let’s try VLSM.

In VLSM, we vary the mask to suit the size of the subnet. In other words, since not all subnets require the same number of hosts, why use the same mask? Put yet another way, if we don’t waste address space on one subnet, we can use that address space on another. Let’s give it a try…

As with standard subnet masking, we verify that the total number of hosts (185) will fit into the available address space (“/24”), which it will. Next, we handle the largest subnet (105 hosts), which requires seven host bits, or a “/25” mask (32 – 7 = 25, which would actually support up to 126 hosts). Thus, the first subnet is 192.168.1.0/25:

• 105 hosts => 192.168.1.0/25

With a “/25 mask (seven host bits), the subnets increment by 128, so the next subnet begins at 192.168.1.128. The next largest subnet contains 50 hosts. Since 50 hosts require six host bits, the mask for this subnet is a “/26” (which would support up to 62 hosts). Thus, the second subnet is 192.168.1.128/26:

• 105 hosts => 192.168.1.0/25
• 50 hosts => 192.168.1.128/26

With a “/26” mask (six host bits), the subnets increment by 64, so the next subnet begins at 192.168.1.192 (128 + 64 = 192). The next largest subnet contains 20 hosts. Since 20 hosts require five host bits, the mask for this subnet is a “/27” (supporting up to 30 hosts). Thus, the third subnet is 192.168.1.192/27:

• 105 hosts => 192.168.1.0/25
• 50 hosts => 192.168.1.128/26
• 20 hosts => 192.168.1.192/27

With a “/27” mask (five host bits), the subnets increment by 32, so the next subnet begins at 192.168.1.224 (192 + 32 = 224). The next largest subnet contains 10 hosts. Since 10 hosts require four host bits, the mask for this subnet is a “/28” (allowing up to 14 hosts). Thus, the fourth subnet is 192.168.1.224/28:

• 105 hosts => 192.168.1.0/25
• 50 hosts => 192.168.1.128/26
• 20 hosts => 192.168.1.192/27
• 10 hosts => 192.168.1.224/28

With a “/28” mask (four host bits), the subnets increment by 16, so the next subnet begins at 192.168.1.240 (224 + 16 = 240), but since we’ve taken care of all four of the required subnets, we don’t need that address space. Using VLSM, not only did we solve the problem, but we even have some address space left over!

Let’s try another problem. We’re given the address space 172.16.55.0/24 (a Class “C” sized piece of a Class “B” network), There are two routers, connected by a pair of point- to-point WAN links (for fault-tolerance). In addition to the P2P links, R1 has four directly-attached LAN subnets, as follows:

• 50 hosts
• 20 hosts
• 10 hosts
• 5 hosts

R2 also has four directly-attached LAN subnets, as follows:

• 40 hosts
• 25 hosts
• 12 hosts
• 4 hosts

Let’s see if we can solve this problem using standard subnet masking. The largest subnet must support 50 hosts (and thus needs six host bits), and there are a total of ten subnets (which requires four subnet bits). Since six plus four is ten, and we only have eight bits to work with, we can’t do it with standard subnet masking. Looking at it another way, since a “/22” (32 minus 10) is to the left of “/24”, it won’t work.

Okay then, let’s try VLSM. As before, we start out with the largest subnet, and work our way down. A subnet with 50 hosts requires a “/26” mask:

• 50 hosts => 172.16.55.0/26

With a “/26” mask (six host bits), the subnets increment by 64, so the next subnet begins at 172.16.55.64. The next largest subnet contains 40 hosts. Since 40 hosts require six host bits, the mask for this subnet is also a “/26”. Thus, the second subnet is 172.16.55.64/26:

• 50 hosts => 172.16.55.0/26
• 40 hosts => 172.16.55.64/26

With a “/26” mask (six host bits), the subnets increment by 64, so the next subnet begins at 172.16.55.128 (64 + 64 = 128). The next largest subnet contains 25 hosts, and therefore requires five host bits, or a “/27”. Thus, the next subnet is 172.16.55.128/27:

• 50 hosts => 172.16.55.0/26
• 40 hosts => 172.16.55.64/26
• 25 hosts => 172.16.55.128/27

With a “/27” mask (five host bits), the subnets increment by 32, so the next subnet begins at 172.16.55.160 (128 + 32 = 160). The next largest subnet contains 20 hosts, and therefore requires five host bits, or another “/27”. Thus, the next subnet is 172.16.55.160/27:

• 50 hosts => 172.16.55.0/26
• 40 hosts => 172.16.55.64/26
• 25 hosts => 172.16.55.128/27
• 20 hosts => 172.16.55.160/27

With a “/27” mask (five host bits), the subnets increment by 32, so the next subnet begins at 172.16.55.192 (160 + 32 = 192). The next largest subnet contains 12 hosts, and therefore requires four host bits, or a “/28”. Thus, the next subnet is 172.16.55.192/28:

• 50 hosts => 172.16.55.0/26
• 40 hosts => 172.16.55.64/26
• 25 hosts => 172.16.55.128/27
• 20 hosts => 172.16.55.160/27
• 12 hosts => 172.16.55.192/28

With a “/28” mask (four host bits), the subnets increment by 16, so the next subnet begins at 172.16.55.208 (192 + 16 = 208). The next largest subnet contains 10 hosts, and therefore also requires four host bits, or another “/28”. Thus, the next subnet is 172.16.55.208/28:

• 50 hosts => 172.16.55.0/26
• 40 hosts => 172.16.55.64/26
• 25 hosts => 172.16.55.128/27
• 20 hosts => 172.16.55.160/27
• 12 hosts => 172.16.55.192/28
• 10 hosts => 172.16.55.208/28

With a “/28” mask (four host bits), the subnets increment by 16, so the next subnet begins at 172.16.55.224 (208 + 16 = 224). The next largest subnet contains five hosts, and therefore requires three host bits, or a “/29”. Thus, the next subnet is 172.16.55.224/29:

• 50 hosts => 172.16.55.0/26
• 40 hosts => 172.16.55.64/26
• 25 hosts => 172.16.55.128/27
• 20 hosts => 172.16.55.160/27
• 12 hosts => 172.16.55.192/28
• 10 hosts => 172.16.55.208/28
• 5 hosts => 172.16.55.224/29

With a “/29” mask (three host bits), the subnets increment by eight, so the next subnet begins at 172.16.55.232 (224 + 8 = 232). The next largest subnet contains four hosts, and therefore requires three host bits, or another “/29”. Thus, the next subnet is 172.16.55.232/29:

• 50 hosts => 172.16.55.0/26
• 40 hosts => 172.16.55.64/26
• 25 hosts => 172.16.55.128/27
• 20 hosts => 172.16.55.160/27
• 12 hosts => 172.16.55.192/28
• 10 hosts => 172.16.55.208/28
• 5 hosts => 172.16.55.224/29
• 4 hosts => 172.16.55.232/29

That takes care of the eight LAN subnets, now let’s do the two WAN links. Taking up where we left off, with a “/29” mask (three host bits), the subnets increment by eight, so the next subnet begins at 172.16.55.240 (232 + 8 = 240). The WAN links need two hosts each, and therefore we can use a “/30” for each, and with a “/30” mask, the subnets increment by four. Therefore, the two WAN subnets could be:

• 2 hosts => 172.16.55.240/30
• 2 hosts => 172.16.55.244/30

The next available subnet would be 172.16.55.248, but since we’ve covered all ten required subnets, we don’t need it at present. Note that we could also have used “/31” masks on the WAN links (per RFC 3021), in which case (incrementing by two, instead of four) they could be:

• 2 hosts => 172.16.55.240/31
• 2 hosts => 172.16.55.242/31

In this case, the address space starting at 172.16.55.244 is unused (with a “/31” mask, the subnets increment by two).

Well, that’s the idea of VLSM, a technique used to conserve address space through more efficient allocation. Next time, we’ll look at some more examples, including the times that VLSM won’t work.

SIP Overview

SIP Overview

SIP provides the necessary protocol mechanisms so that end systems and proxy servers can provide services:

• call forwarding, including
  • the equivalent of 700-, 800- and 900- type calls;
  • call-forwarding no answer;
  • call-forwarding busy;
  • call-forwarding unconditional;
  • other address-translation services;
• callee and calling ``number'' delivery, where numbers can be any (preferably unique) naming scheme;
• personal mobility, i.e., the ability to reach a called party under a single, location-independent address even when the user changes terminals;
• terminal-type negotiation and selection: a caller can be given a choice how to reach the party, e.g., via Internet telephony, mobile phone, an answering service, etc.;
• terminal capability negotiation;
• caller and callee authentication;
• blind and supervised call transfer;
• invitations to multicast conferences.

Extensions of SIP to allow third-party signaling (e.g., for click-to-dial services, fully meshed conferences and connections to multipoint control units (MCUs), as well as mixed modes and the transition between those) are available.

SIP addresses users by an email-like address and re-uses some of the infrastructure of electronic mail delivery such as DNS MX records or using SMTP EXPN for address expansion. SIP addresses (URLs) can also be embedded in web pages. SIP is addressing-neutral, with addresses expressed as URLs of various types such as SIP, H.323 or telephone (E.164).

SIP can also be used for signaling Internet real-time fax delivery. This requires no major changes. Fax might be carried via RTP, TCP (e.g., the protocols discussed in the Internet fax WG) or other mechanisms.

SIP is independent of the packet layer and only requires an unreliable datagram service, as it provides its own reliability mechanism. While SIP typically is used over UDP or TCP, it could, without technical changes, be run over IPX, or carrier pigeons, frame relay, ATM AAL5 or X.25, in rough order of desireability.

SIP Operation in Redirect Mode

SIP Operation in Proxy Mode

Check Point Firewall-1 on Linux, Part Three

Check Point Firewall-1 on Linux, Part Three

This is the third and final article in a series devoted to the exploration of Check Point Firewall-1 for Linux. In the first article we discussed single and multi-system installation and post-installation tasks. The second article explored Firewall-1 concepts such as network objects, firewall rules, address translation rules, and NAT, as well as features and limitations of Firewall-1. In this installment, we will go over aspects of Firewall-1 such as file and directory layout, rulesets, migrating existing Firewall-1 installations to Linux, and backup and standby configurations.

Inside Firewall-1

File and Directory Layout

Firewall-1 on Linux is installed into a directory on /opt. This directory is symbolically linked as /etc/fw, and all directories, commands, and files are accessed relative to /etc/fw. Inside /etc/fw/ there are the following important subdirectories:

• the bin directory, which contains the Firewall-1 binaries (executable programs);
• the conf directory, which contains the configuration files, rulesets, etc.;
• the log directory contains the Firewall-1 log files;

... plus several others.

The Conf Directory

The conf directory contains the most user-serviceable parts, and is where a Firewall-1 hacker might spend most of his or her time. Inside the conf directory there are a number of files, including:

• *.W files, which are the editable versions of the rule sets;
• *.pf files, which are the compiled versions of the rule sets;
• objects.C, which contains the network objects; and,
• rulebases.fws, which contains the rule sets in a format that is used by the Policy Editor; and,
• gui-clients, which lists the IP addresses of any management stations.

File Formats

Most of the files in the conf directory are ASCII text, and rather than using the GUI Policy Manager program, it is possible to interface directly with Firewall-1 from the command line. The basic Firewall-1 rulesets are stored in *.W files, which are in a easily readable text format. These files correspond to the rule sets defined in the Policy Manager, with each policy being stored in a separate file, and each line in a policy stored in a set of lines in the *.W file.

The format of the *.W files is not complex, and if you are an experienced firewall administrator then some experimentation will explain the language used in the files. It is possible to copy the *.W files, edit a copy, and revert to the old copy if your edits go astray or cause problems.

Network Objects

The network objects are stored in the objects.C file. This file is, again, ASCII text and can be edited with a text editor such as vi. The network objects for all rule sets are stored in the same objects.C file, so be careful when editing it.

Rulesets (.W and .pf files)

Generating a firewall ruleset from one of the *.W files can be done from the command line. The command to do this is:

fw gen myrules.W > myrules.pf

This generates an inspection (*.pf) file from the *.W language used by the Policy Manager. Note that it is possible to edit the *.pf files directly, as they are ASCII text as well. The *.pf files are in a language called INSPECT, which is described in chapter 3 of the Firewall-1 Reference Guide. The Reference Guide is available in PDF format in the Docs directory on the CD-ROM.

Ruleset Generation

Once you have generated an INSPECT file from a *.W file, it is possible to load this into the running firewall using a command such as:

fw load myrules.pf

Note that loading an INSPECT file reads both the inspect script and the objects.C file, so if you have hand-edited both files and not kept them in sync, you could encounter problems at this stage.

Migrating an Existing Firewall-1 Installation To Linux

If you have an existing Firewall-1 installation on, for example, Windows NT, it is possible to upgrade to the latest version of Firewall-1 by using the standard Firewall-1 installation program. This upgrades previous versions of the rulesets to new versions, adds any required network objects to the objects.C file and installs the new software. If you have an existing installation on Windows NT and wish to migrate this to a Linux installation, there are several steps that you will need to follow.

Pre-Planning and Preparation

Firstly, upgrading a machine from Windows NT to Linux is going to involve some (possibly considerable) period of down time. Assuming that you have a running firewall, and that it is in a production environment, you may wish to consider building a second machine to migrate your NT firewall onto, rather than re-installing the production firewall. One other advantage of this is that it gives you a chance to fall back should things go wrong. It also means that once you are finished you may possibly have a spare machine for redundancy or disaster recovery purposes.

Your new firewall system should be of sufficient capability and performance to cater for your organisation's growth over a period of, perhaps, 2 - 3 years.

ASCII Files

Firstly, one warning: ASCII files on Windows NT and ASCII files on Linux are not exactly the same format. On Windows NT, each line of an ASCII file is terminated by a CR/LF sequence, which is 2 bytes. An ASCII file on Linux is terminated by a single LF byte. Firewall-1 on Linux uses ASCII files in the Linux format, while Firewall-1 on NT uses ASCII files in the NT format. They will not be able use each other's files directly. There are many utilities around that are capable of converting a NT (or DOS) format text file to a Linux (or UNIX) format file. The one I prefer to use is the old faithful vi (actually vim, with the -b flag):

vi -b some-dos-file

On loading a DOS text file, you will see that each line has a hanging "^M" sequence at the end. The command to remove these is:

:%s///g

where means "hold down the Ctrl key, hit V, then hit M". You will see a "^M" sequence appear in vi when you do this.

Any files (objects.C, *.W, or rulebases.fws) copied from an NT system to a Linux system must be put through this process.

Migrating the Network Objects

Copying the network objects from an NT system to a Linux system is relatively straightforwards. You just copy the objects.C file on NT to a floppy disk and copy it back into the conf directory on Linux.

Remember to convert the file to UNIX format, as mentioned above!

Migrating the Rulesets

As mentioned earlier, the Firewall-1 rulesets are stored in a group of text files, which are *.W on Windows NT. You need to copy all of these files from your NT firewall to your Linux firewall and put them in the conf directory.

There is one other file you will need to copy: rulebases.fws. This file contains a conglomeration of all of the rule sets, in a format used by the Policy Editor. Without the rulebases.fws file, you will be able to manually compile and load *.W files but you will not be able to see them in the GUI.

Migrating from a v4.0 Installation

If you have an existing Firewall-1 installation on NT that is Firewall-1 version 4.0, and you want to migrate that to a Linux installation, then you will have two tasks. The first is migrating from NT to Linux, the second is to upgrade to Firewall-1 version 4.1 (as version 4.0 does not run on Linux).

The migration process is very similar, with a few catches. Firstly, there are some additional objects in the version 4.1 objects.C file that you must capture as you migrate to Linux. These will be in the default objects.C file when you install Firewall-1 on Linux, so it is important not to lose this file when you copy your objects.C file from Windows NT.

Instead of copying the file directly across from NT, copy it to a new file called objects.C.old. You then will have two files, objects.C.old which has come from NT, and objects.C which was provided with Firewall-1 on Linux.

After converting the objects.C.old file to UNIX format, you can merge these two files into one by using the following command:

fw confmerge objects.C.old objects.C > objects.C.new

You now have an objects.C.new file that contains all of the necessary network objects. Rename this to objects.C using:

mv objects.C.new objects.C

Additionally, you will want to copy both the rulebases.fws and the *.W files from your version 4.0 system to your new version 4.1 system. These can be copied across directly. I suggest loading each rule set into the Policy Manager and saving it after you have done this, this will update them into their new version 4.1 formats if required.

Migrating From a v3 or Earlier Installation

I would recommend against upgrading from Firewall-1 version 3.0 to 4.1 and migrating across platforms at the same time. Provided that you have all of the necessary software and media, I would instead recommend the following procedure:

• upgrade your existing Firewall-1 version 3.0 installation on NT to version 4.1 on NT, using the version 4.1 installation media; and,
• migrate from Firewall-1 version 4.1 on NT to Linux, using the procedures that I have outlined above.

Note that Check Point states that it is not possible to upgrade from a version prior to 3.0 to a version 4.1 firewall. You need to upgrade from your prior version to version 3.0, and then from 3.0 to 4.1. If you are migrating to Linux at the same time then you will probably have a 3 step process. Plan for plenty of downtime while you are doing this!

Migrating Multi-System Installations

Note that migrating a system from NT to Linux is not significantly more complicated if you have a multi system installation than a single system installation. The first step is to migrate the master firewall (aka the management server, or machine running the fwm module). While doing so, you should refrain from applying any ruleset changes to any of the slave Enforcement Modules. The Enforcement Modules can then be migrated one at a time. While you are migrating an Enforcement Module, there is no need to migrate any of the rulesets (rulebases.fws, objects.C, or *.W files), as these can be propagated to the Enforcement Module once it has been installed. Essentially, you should set up an "empty" Enforcement Module, and use the Management Module to propagate a rule set to it, just as you did when you first installed the module.

Backup and Standby Configuration

Some Firewall-1 administrators on NT have set up standby configurations of Firewall-1, using such software as StoneBeat. This is not really possible with the Linux version of Firewall-1, although there are some pieces of software that are emerging to perform failover and High Availability on Linux. I haven't tested any of these with Firewall-1, however.

An alternative to having a hot standby is to have a spare machine, configured (hardware and software) similarly to your primary firewall. This can be left running, off-line, or even switched off and locked in a safe. Periodically, it would pay to back up the conf directory of your primary Firewall-1 system and restore it onto your spare machine, or even just restore the objects.C and rulebases.fws files, from which most of the rest of the configuration can be regenerated.

Summary

Without getting into the good or bad points of commercial software (I tend to use a mix of commercial and free software myself, whatever suits my needs best tends to get the green light), it can be said that Firewall-1 is a fast, reliable, and popular piece of software that does the job of creating a firewall with an easy to manage GUI on Linux. Existing Firewall-1 customers with an interest in Linux will be pleased to note that Firewall-1 performs more than adequately on Linux. The performance of Firewall-1 on Linux appears to noticeably exceed that of Firewall-1 on NT, even from anecdotal evidence gained from the small handful of installations that I have performed. Firewall-1 customers with an NT based firewall who are concerned about performance may well be advised to migrate away from Windows NT and on to Linux.

Check Point Firewall-1 on Linux, Part Two

Check Point Firewall-1 on Linux, Part Two
Check Point Firewall-1 has been the market-leading firewall system since its introduction in 1994. The main advantage of Firewall-1 is its comprehensive and easy to understand GUI, which has made it a firewall system of choice for many corporate IT managers. This is the second in a series of three articles that will examine Check Point Firewall-1 for Linux. The first article consisted of a brief introductory overview of Firewall-1, and a discussion of installation, post-installation tasks, as well as single and multi-system installations. This installment will cover Firewall-1 concepts such as network objects, firewall rules, address translation rules, and NAT, as well as features and limitations of Firewall-1. The final article will then discuss aspects of Firewall-1 such as file and directory layout, rulesets, migrating existing Firewall-1 installation to Linux, and back-up and standby configurations.

Firewall-1 Concepts

Network Objects

A network object is the basic "unit of information" for Firewall-1. The "Network Objects" table is where all of the information about anything with an IP address (or group of IP addresses) is stored.

To manage your network objects, start the Firewall-1 Policy Editor, and choose "Network Objects" from the manage menu. You will need to enter details of the various objects you have on your network, including:

* The firewall itself!
*
* Servers, both inside and outside of your network, that you want to connect to; and,
Workstations, inside and outside, that connections are coming from.

For example, you might want to define the following simple set of network objects:

* A firewall;
* The network range inside your network;
* A few servers on a DMZ, for example a web server or FTP server, which you allow public access to; and,
* Some servers on the Internet that you allow / disallow internal users to access.

Services

Firewall-1 comes with a pre-defined set of services, including most of the well-known services in use on the Internet. It is possible, however, that you may want to include more services that are not predefined. To do this, choose "Services" from the Manage menu in the Firewall-1 Policy Editor.

Groups

You can group network objects or services together into an easy-to-manage group. For example, you may have a number of web servers in a DMZ to which you want to allow public access. To avoid having to define a large number of rules, one for each server, or to define a rule containing a large list of servers, you could group all of your web servers together into a single group called "Web-Servers". Use this group in a rule, rather than each individual server.

Firewall Rules

Firewall-1 comes pre-installed with an empty rule set.

Once you have a basic set of network objects and groups defined, you will want use the Policy Editor to begin programming your firewall with a set of rules that define your security policy. Rules can be added to the end of the rule set, inserted at the top or anywhere in the middle. The Firewall-1 policy editor allows you to cut and paste rules, move rules up and down in the rule set, or delete rules at will.

Experimenting with an existing rule set, reading the Check Point "Getting Started Guide" and the Firewall-1 manual (contained in PDF format on the installation CD, in the Docs directory) is the best way to learn how to use the GUI management tool.

Address Translation Rules

Firewall-1 supports a wide range of Network Address Translation (NAT) rules. The Policy Editor's main tab, "Security Policy", lists accept/deny rules only. The second tab, "Address Translation", is where the address translation rules are shown.

In most cases, you will create address translation rules when defining the network objects. To do this, in the network object properties window, choose the "NAT" tab. There are two basic types of NAT: These are Static and Hide NAT.

1. Static NAT

Static NAT is where a single IP address outside your network gets mapped to a single IP address inside your network, in other words a 1:1 mapping. For Static NAT to work, your firewall must have more than one externally visible IP address (more on that under "ARP" shortly), and your ISP must provide routing for all of your externally visible IP addresses.

Static NAT is most useful in cases where you have a server inside your network (or on a DMZ) to which you want to provide access from the Internet. In order for this to happen, you must have an externally visible IP address for that server to use, and hence you must use Static NAT.

To use Static NAT for a network object, you must first ensure that no other network object is using the external IP address that you want to use. Open the network object to which you want to apply NAT (e.g.: an internal server of some kind). In the NAT tab, select the checkbox labelled "Add Automatic Address Translation Rules", choose "Static" as the translation method, and enter the externally visible IP address of the network object in the "Valid IP Address" field. You should now have created a network object that has an internal IP address as well as an externally visible IP address.

2. Hide NAT

Hide NAT (or dynamic NAT) is similar to IP Masquerading or other similar functions. This is where a number of network objects, or your entire network, gets hidden behind a single externally visible IP address.

To use Hide NAT, you only need to use a single IP address connected to the Internet (although you can have more.) You can use Hide NAT to hide your network behind the external IP address of your firewall, this is exactly the same as IP Masquerading. To use Hide NAT for a network object, open the network object that you want to apply NAT to (this could be a workstation, group, or network). In the NAT tab, select the checkbox labelled "Add Automatic Address Translation Rules", choose "Hide" as the translation method, and enter the externally visible IP address that you wish to use in the "Valid IP address" field.

Editing NAT rules

When you create static or hide NAT rules in a network object, this creates address translation rules within the "Address Translation" tab of the Policy Editor. These rules cannot be edited, but new rules can be added above and below the automatically generated rules.

For example, after setting up NAT for a pair of hidden networks, you may wish to disable NAT for traffic going between those networks. You can do this by inserting an address translation rule at the top of the list, showing that traffic from and to these networks are to be left untranslated. To do this, you might want to first create a group object containing all of your networks (the Address Translation rules can only take a single object in each field of a rule), and leave the "translated packet" source and destination fields reading "= (Original)".

NAT rules can also be used for more complex packet mangling. For example, you might want a host to appear as one IP address when access is requested from the Internet, but a different IP address when it is accessed from a DMZ. (The discussion of why and how to do this is complex and beyond the scope of this article.)

ARP and routes

Firewall-1 relies on a fairly complex system of ARP and route table entries to assist with static NAT.

In order for static NAT to operate correctly, you must define an ARP rule to make the externally visible IP address of the NAT-ed server appear at the MAC address of your firewall. To do this, you need to know the MAC address of your firewall's external interface (this can be obtained by running "ifconfig" and looking at the "HWaddr" value).

Publishing the ARP entry is done using the /sbin/arp program, as follows:
/sbin/arp -s xx:yy:zz:aa:bb:cc

... where xx:yy:zz:aa:bb:cc is the address that you want to publish, and is the MAC address of the external interface of the firewall (NOT that of the host!).

Surprisingly enough (and confusing even for TCP/IP experts), you also need to create a route, from the external IP address to the internal IP address. For example, if you have a web server which has an internal IP address of 192.168.1.1, and you have set up Static NAT for this server to appear on the internet as 211.11.22.33, then you need to add a route table entry with the following command:

/sbin/route add -host 211.11.22.33 gw 192.168.1.1

Needless to say, adding all of these arp and route entries can be somewhat boring each time your firewall is restarted, so you had probably best put these in one of your init scripts (e.g.: /etc/rc.d/rc.local).

FEATURES AND LIMITATIONS

Features

Firewall-1's main feature, in comparison to other firewall systems, is the relatively easy to use and intuitive GUI.

Firewall-1 supports many types of address translation, that (for example) are not supported by the ipchains module in the Linux 2.2 kernel. For a complex firewall that protects many different types of network devices, this is a must-have feature. This type of address translation is now a feature of the Linux 2.4 kernel with the ipfilter package, and so support for complex address translation is no longer a feature that differentiates Firewall-1 from the Linux kernel.

Comparison between Firewall-1, ipchains, and netfilter

Ipchains is the firewalling system built into the Linux 2.2 kernel. The ipchains home page is here: http://netfilter.kernelnotes.org/ipchains/

Netfilter, the firewalling system built into the Linux 2.4 kernel, is designed as a replacement for ipchains. The home page for netfilter is here: http://netfilter.kernelnotes.org/

Note that netfilter is, correctly speaking, a conglomerate of components. At the bottom layer in the kernel there is "netfilter" which is the system built into the 2.4 kernel for mangling packets. On top of this is a layer for network address translation (NAT), a layer for packet filtering (IPtables), and a user-space tool called "iptables" for managing the entire process.

Rule chains and trees

Both ipchains and iptables set up a number of "rule chains" in a type of tree structure. At the top of the tree are some pre-installed chains, called input, output, and forward (or for iptables, INPUT, OUTPUT and FORWARD). Each of these chains can branch to another chain for evaluating rules, performing NAT, or other functions (such as logging) based on certain conditions.

A common procedure with ipchains or iptables is to set up a rule chain based on the input and output interface of the packet. The pre-installed chains then branch to these chains based on some rules defined at the top of the chain.

Firewall-1 supports a single chain of rules. Each packet passes the rule chain from the top to the bottom, until it meets a rule that either accepts or rejects the packet.

Performance Issues

The branching-chain of rules is more efficient than the single chain of rules, because each packet has to pass through fewer rules, on average, before meeting an accept/reject match. Because of this, Firewall-1 is, on a complex rule set, measurably slower on average than using netfilter on the same hardware.

On the other hand, establishing the branching chain is more complex, and more error-prone. Many GUI-based rule-set generators for ipchains do not use the branching-chain mechanisms but instead put all rules into the input, output and/or forward chains as appropriate. This negates most of the performance advantage that would be obtained from not using Firewall-1.

Both Firewall-1 and ipchains / netfilter are implemented as kernel modules. I expect that any measurement of the performance difference between Firewall-1 and iptables using a similar (non-branched) rule set would be very slight. Note that Firewall-1 for Windows NT is not implemented as a kernel module (I expect that this is because Check Point does not have access to Microsoft's source code) and is therefore measurably slower than Firewall-1 for Linux on the same hardware.

Management, Usability, and Support

Generally speaking, I have found Firewall-1 support to be quite good, although somewhat slow. There are many individuals and organisations world-wide that are well trained in Firewall-1 management, and so obtaining staff or an outsourcer to look after a Firewall-1 system should not be a major headache. In comparison, the ipfilter code in Linux is relatively new, and rather complex. I would expect that the learning curve for this would be fairly significant, and finding staff trained in its use would be noticeably more difficult.

To a certain extent, however, a firewall is a firewall, and an experienced security consultant with a good understanding of firewalling concepts should have no difficulty learning either the Firewall-1 or iptables systems. Firewall-1 does appear to have the edge in terms of usability at the moment, however. The Firewall-1 GUI is excellent, and I hope that there will be a port to KDE and/or GNOME in the not too distant future!

Price

Firewall-1 does not compete with either iptables or ipchains on price. Both ipchains and iptables are free products. Firewall-1 is not-free, and not even particularly cheap.

Proxy services

Ipchains and netfilter are packet-filtering and packet-mangling modules only. Firewall-1 is not a proxy server system, and does not provide some features found in other packages available on Linux (e.g.: the Squid proxy cache server). It does, however, provide some limited content filtering through proxy "resources" which are defined as Firewall-1 objects.

Because Firewall-1's content filtering features are rather limited, and, in any case, slow down the operation of the firewall ruleset, I am inclined not to use it. Content filtering in HTTP requests is probably best done using a separate proxy server (e.g.: Squid), while SMTP filtering is probably best done using a combination of mail relay system (e.g.: sendmail) and attachment filtering / virus scanning package. There are many of these available on the market, some of which are reasonably priced or free.

Generally speaking, a packet filtering system is much faster than a proxy firewall. Firewall-1 is built for speed, and is therefore mostly implemented as a packet filtering system only. Although it would be possible to run Squid on the same Linux server as being used for Firewall-1, I would be inclined not to do so, for performance reasons.

The Next Article...

This installment of our look at Check Point Firewall-1 for Linux has covered Firewall-1 concepts such as network objects, firewall rules, address translation rules, and NAT, as well as features and limitations of Firewall-1. The third and final article will discuss aspects of Firewall-1 such as file and directory layout, rulesets, migrating existing Firewall-1 installation to Linux, and back-up and standby configurations.