(Part-B)

Guidelines and Assessment Manual

For

Micro Projects
Report
(Group No. 07)

COMPUTER Engineering Programme

(“I” Scheme Curriculum)
 Government Polytechnic Gondia

Academic Year: 2023 - 24

Report
On
Microproject
TITLE : APPLYING FIREWALL ON ROUTER
PROGRAM : COMPUTER ENGENERING
COURSE : ADVANCE COMPUTER NETWORK
CODE : 22519

Submitted by
Sr.No. Student Name Roll Enrolment No.
No
1 YASH GUPTA ANIL 25 2112420263
2 VAISHNAVI PRABHUDAS MACHHIRKE 26 2112420265
3 DIKSHA MACHINDRA JAGNE 27 2112420268
4 RITIK MINESH DHODHARMAL 28 2112420269

Submitted to
Mr. Zhamesh Bhalare
 MAHARASHTRA STATE BOARD
OF TECHNICAL EDUCATION
Certificate
This is to certify that,
Yash Gupta(25),Vaishnavi Machhirke(26)
Dikhsha Jagne(27), Ritik Dhodhasarmal(28)
of third Year Computer Technology students have submitted this Micro-Project
report on

“APPLYING FIREWALL ON ROUTER”

During academic session 2023- 2024 in the practical fulfilment course for Diploma in
Computer Engineering.

Mr. Zamesh Bhalare Mrs.Krishna

Kumar
Guide Head
Department of
Computer Technology

Principal

Mr. C.D. Gholghate

Government Polytechnic, Gondia

 ACKNOWLEDGEMENT
We would like to place on record our deep sense of gratitude to Mr. Zamesh Bhalare
Dept. of Computer Engineering for his generous guidance, help and useful
suggestions.

We express our sincere gratitude to Mrs. Bhavana P. Bhagat, Head of Dept. of Computer
Technology, for his stimulating guidance, continuous encouragement and supervision
throughout the course of present work.

We are extremely thankful to Prof. C.D. Gholghate , Principal, Government

Polytechnic, Ahmednagar for providing us infrastructural facilities to work in,
without which this work would not have been possible.

Yash Gupta (25),

Vaishnavi Machhirke(26)
Dikhsha Jagne(27),
Ritik Dhodhasarmal(28)

Micro-Project Report
 Various generations of computer system and operating system

1.0 Rationale:

The implementation of a firewall on a router is crucial for enhancing network security. A

firewall serves as a barrier between a trusted internal network and an untrusted external
network (typically the internet). The primary objective of this microproject is to apply
firewall rules to a router to protect the network from unauthorized access and potential
threats. The firewall will be configured to control incoming and outgoing network traffic
based on specified rules and policies.
2.0 Course Outcome Integrated

 Understand the principles of network security.

 Gain proficiency in configuring firewall rules on network devices.
 Learn about access control and traffic filtering.
3.0 Literature Review:

A firewall is a network security device, either hardware or software-based, which

monitors all incoming and outgoing traffic and based on a defined set of security rules it
accepts, rejects or drops that specific traffic. Accept : allow the traffic Reject : block the
traffic but reply with an “unreachable error” Drop : block the traffic with no reply A
firewall establishes a barrier between secured internal networks and outside untrusted
network, such as the Internet.

History and Need for Firewall

Before Firewalls, network security was performed by Access Control Lists (ACLs)
residing on routers. ACLs are rules that determine whether network access should be
granted or denied to specific IP address. But ACLs cannot determine the nature of the
packet it is blocking. Also, ACL alone does not have the capacity to keep threats out of
the network. Hence, the Firewall was introduced. Connectivity to the Internet is no
longer optional for organizations. However, accessing the Internet provides benefits to
the organization; it also enables the outside world to interact with the internal network of
the organization. This creates a threat to the organization. In order to secure the internal
network from unauthorized traffic, we need a Firewall.

How does Firewall work?

Firewall match the network traffic against the rule set defined in its table. Once the rule
is matched, associate action is applied to the network traffic. For example, Rules are
defined as any employee from HR department cannot access the data from code server
and at the same time another rule is defined like system administrator can access the data
from both HR and technical department. Rules can be defined on the firewall based on
the necessity and security policies of the organization. From the perspective of a server,
network traffic can be either outgoing or incoming. Firewall maintains a distinct set of
rules for both the cases. Mostly the outgoing traffic, originated from the server itself,
allowed to pass. Still, setting a rule on outgoing traffic is always better in order to
achieve more security and prevent unwanted communication. Incoming traffic is treated
differently. Most traffic which reaches on the firewall is one of these three major
 Transport Layer protocols- TCP, UDP or ICMP. All these types have a source address and
destination address. Also, TCP and UDP have port numbers. ICMP uses type code instead
of port number which identifies purpose of that packet. Default policy: It is very difficult
to explicitly cover every possible rule on the firewall. For this reason, the firewall must
always have a default policy. Default policy only consists of action (accept, reject or
drop). Suppose no rule is defined about SSH connection to the server on the firewall. So,
it will follow the default policy. If default policy on the firewall is set to accept, then any
computer outside of your office can establish an SSH connection to the server. Therefore,
setting default policy as drop (or reject) is always a good practice.

Generation of Firewall
Firewalls can be categorized based on their generation.
1. First Generation- Packet Filtering Firewall: Packet filtering firewall is used to
control network access by monitoring outgoing and incoming packets and allowing
them to pass or stop based on source and destination IP address, protocols, and ports. It
analyses traffic at the transport protocol layer (but mainly uses first 3 layers). Packet
firewalls treat each packet in isolation. They have no ability to tell whether a packet is
part of an existing stream of traffic. Only It can allow or deny the packets based on
unique packet headers. Packet filtering firewall maintains a filtering table that decides
whether the packet will be forwarded or discarded. From the given filtering table, the
packets will be filtered according to the following rules:

1. Incoming packets from network 192.168.21.0 are blocked.

2. Incoming packets destined for the internal TELNET server (port 23) are blocked.
3. Incoming packets destined for host 192.168.21.3 are blocked.
4. All well-known services to the network 192.168.21.0 are allowed.
5. Second Generation- Stateful Inspection Firewall: Stateful firewalls (performs
Stateful Packet Inspection) are able to determine the connection state of packet, unlike
Packet filtering firewall, which makes it more efficient. It keeps track of the state of
networks connection travelling across it, such as TCP streams. So the filtering
decisions would not only be based on defined rules, but also on packet’s history in the
state table.
6. Third Generation- Application Layer Firewall : Application layer firewall can
inspect and filter the packets on any OSI layer, up to the application layer. It has the
ability to block specific content, also recognize when certain application and protocols
(like HTTP, FTP) are being misused. In other words, Application layer firewalls are
hosts that run proxy servers. A proxy firewall prevents the direct connection between
either side of the firewall, each packet has to pass through the proxy. It can allow or
block the traffic based on predefined rules. Note: Application layer firewalls can also
be used as Network Address Translator(NAT).
7. Next Generation Firewalls (NGFW): Next Generation Firewalls are being deployed
these days to stop modern security breaches like advance malware attacks and
application-layer attacks. NGFW consists of Deep Packet Inspection, Application
Inspection, SSL/SSH inspection and many functionalities to protect the network from
these modern threats.

What is Magic Firewall?

“Magic Firewall” is a term used to describe a security feature provided by the web
hosting and security company Cloudflare. It is a cloud-based firewall that provides
protection against a wide range of security threats, including DDoS attacks, SQL
injections, cross-site scripting (XSS), and other types of attacks that target web
applications.
The Magic Firewall works by analyzing traffic to a website and using a set of predefined
rules to identify and block malicious traffic. The rules are based on threat intelligence
from a variety of sources, including the company’s own threat intelligence network, and
can be customized by website owners to meet their specific security needs.
The Magic Firewall is considered “magic” because it is designed to work seamlessly and
invisibly to website visitors, without any noticeable impact on website performance. It is
also easy to set up and manage, and can be accessed through Cloudflare’s web-based
control panel.
Overall, the Magic Firewall is a powerful security tool that provides website owners with
an additional layer of protection against a variety of security threats.
Types of Firewall
Firewalls are generally of two types: Host-based and Network-based.
1. Host- based Firewalls : Host-based firewall is installed on each network node which
controls each incoming and outgoing packet. It is a software application or suite of
applications, comes as a part of the operating system. Host-based firewalls are needed
because network firewalls cannot provide protection inside a trusted network. Host
firewall protects each host from attacks and unauthorized access.
2. Network-based Firewalls : Network firewall function on network level. In other
words, these firewalls filter all incoming and outgoing traffic across the network. It
protects the internal network by filtering the traffic using rules defined on the firewall.
A Network firewall might have two or more network interface cards (NICs). A
network-based firewall is usually a dedicated system with proprietary software
installed.

Advantages of using Firewall

1. Protection from unauthorized access: Firewalls can be set up to restrict incoming
traffic from particular IP addresses or networks, preventing hackers or other malicious
actors from easily accessing a network or system. Protection from unwanted access.
2. Prevention of malware and other threats: Malware and other threat prevention:
Firewalls can be set up to block traffic linked to known malware or other security
concerns, assisting in the defense against these kinds of attacks.
3. Control of network access: By limiting access to specified individuals or groups for
particular servers or applications, firewalls can be used to restrict access to particular
network resources or services.
4. Monitoring of network activity: Firewalls can be set up to record and keep track of
all network activity. This information is essential for identifying and looking into
security problems and other kinds of shady behavior.
5. Regulation compliance: Many industries are bound by rules that demand the usage of
firewalls or other security measures. Organizations can comply with these rules and
prevent any fines or penalties by using a firewall.
6. Network segmentation: By using firewalls to split up a bigger network into smaller
subnets, the attack surface is reduced and the security level is raised.
Disadvantages of using Firewall
1. Complexity: Setting up and keeping up a firewall can be time-consuming and difficult,
especially for bigger networks or companies with a wide variety of users and devices.
2. Limited Visibility: Firewalls may not be able to identify or stop security risks that
operate at other levels, such as the application or endpoint level, because they can only
observe and manage traffic at the network level.
3. False sense of security: Some businesses may place an excessive amount of reliance
on their firewall and disregard other crucial security measures like endpoint security or
intrusion detection systems.
4. Limited adaptability: Because firewalls are frequently rule-based, they might not be
able to respond to fresh security threats.
5. Performance impact: Network performance can be significantly impacted by
firewalls, particularly if they are set up to analyze or manage a lot of traffic.
6. Limited scalability: Because firewalls are only able to secure one network, businesses
that have several networks must deploy many firewalls, which can be expensive.
7. Limited VPN support: Some firewalls might not allow complex VPN features like
split tunneling, which could restrict the experience of a remote worker.
8. Cost: Purchasing many devices or add-on features for a firewall system can be
expensive, especially for businesses.
Real-Time Applications of Firewall
1. Corporate networks: Many businesses employ firewalls to guard against unwanted
access and other security risks on their corporate networks. These firewalls can be set
up to only permit authorized users to access particular resources or services and to
prevent traffic from particular IP addresses or networks.
2. Government organizations: Government organizations frequently employ firewalls to
safeguard sensitive data and to adhere to rules like HIPAA or PCI-DSS. They might
make use of cutting-edge firewalls like Next-generation firewalls (NGFW), which can
detect and stop intrusions as well as manage access to particular data and apps.
3. Service providers: Firewalls are used by service providers to safeguard their networks
and the data of their clients, including ISPs, cloud service providers, and hosting firms.
They might make use of firewalls that accommodate enormous volumes of traffic and
support advanced features such as VPN and load balancing.
4. Small enterprises: Small firms may use firewalls to separate their internal networks,
restrict access to specific resources or applications, and defend their networks from
external threats.
5. Networks at home: To guard against unwanted access and other security risks, many
home users employ firewalls. A firewall that many routers have built in can be set up to
block incoming traffic and restrict access to the network.
6. Industrial Control Systems (ICS): Firewalls are used to safeguard industrial control
systems against illegal access and cyberattacks in many vital infrastructures, including
power plants, water treatment facilities, and transportation systems.

4.0 Actual Procedure followed:

1. Project Topic Selection: The project topic, "Applying Firewall to Router" was chosen
based on Network security.
2. Project Implementation:
 Created a network topology
 Configured a network with network address i.e., 192.168.11.1 and 192.168.12.1
 Configured a DHCP using Servers
 Configured a Firewall in Server via inbound rules
 Configured a HTTP
3. Testing and Debugging: Tested the features that is all features working of firewall on
router and its network.
4. Documentation: Documentation was created to provide instructions on how to we
configured this firewall in network and how its work.

5.0 Actual Resources Used

Sr. Name of Resource/material Specification s Quantity Remarks

No.
1. Computer System with broad Intel core i3
specifications CPU, GHz,4G B
RAM 1
2. Operating System Windows- 11

3. Router -

6.0 Outputs of the Micro-Project

Configuring a Router
REQUIRED:

Login credentials: username and password which are required for loging in a admin panel of router
Network Address: This address is a main address of network given to router. eg.(192.168.1.1)
Subnet Mask: identifier of subnet of class of network is using. eg.(255.255.255.0)
Default Gateway: Used for identifying a gateway for incoming and outgoing traffic. eg.
(192.168.1.1)
STEPS:

1. Gather Necessary Information: Before you start, gather all the necessary information, including
your Internet Service Provider (ISP) details, network devices, and any login credentials. You will
 typically need your ISP username and password, the router's default IP address, and the router's admin
credentials.
2. Connect Hardware: a. Power off your modem, router, and any other network devices.
b. Connect the modem to the router's WAN (Internet) port using an Ethernet cable.
c. Connect your computer to one of the router's LAN ports using another Ethernet cable.
d. Power on the modem and wait for it to initialize.
e. Power on the router.
3. Access Router Interface: a. Open a web browser on your computer. b. Enter the router's default IP
address into the address bar (common addresses are 192.168.0.1 or 192.168.1.1). c. You'll be
prompted to enter the router's username and password. These are often set to default values (check
your router's manual). It's essential to change these credentials for security.
4. Initial Setup Wizard: a. Once logged in, many routers will prompt you to run an initial setup wizard.
Follow the on-screen instructions, which usually include configuring basic settings like your time
zone, Wi-Fi network name (SSID), and Wi-Fi password.
b. Choose a strong password for router admin access.
5. Internet Connection Settings: a. Depending on your ISP, you may need to select your connection
type (e.g., DHCP, PPPoE, Static IP). Your ISP should provide you with this information.
b. Enter the required information, such as the ISP username and password. For DHCP, the router will
typically obtain this information automatically.
c. Test your internet connection to ensure it's working.
6. Wireless Network Configuration: a. Set up your Wi-Fi network by configuring the SSID (network
name) and Wi-Fi password. Enable WPA2 or WPA3 security for a strong encryption.
b. Configure other wireless settings, such as the channel and frequency band (2.4GHz or 5GHz).
c. You may want to enable WPS (Wi-Fi Protected Setup) for easy device connections, but be cautious
about potential security risks.
7. Security Settings: a. Change the default login credentials to something strong and unique to prevent
unauthorized access to your router.
b. Disable remote administration unless necessary.
8. Port Forwarding and Quality of Service (QoS) (if needed): a. Configure port forwarding to allow
specific applications or services to work through the router.
b. Set up QoS to prioritize specific devices or types of network traffic for a smoother experience.
9. Firmware Updates: Check for firmware updates for your router and apply them. This ensures your
router has the latest security patches and features.
10. Save and Reboot: After making all the necessary configurations, save the settings, and reboot your
router to apply the changes.
11. Connect Devices: Connect your devices (computers, smartphones, smart TVs, etc.) to your Wi-Fi
network using the SSID and password you configured earlier.
12. Test the Network: Finally, test your network by accessing the internet and making sure all devices
are connected and working as expected.
 Applying Firewall

1. Access Your Router's Web Interface:

 Open a web browser and enter your router's IP address (e.g., 192.168.0.1 or 192.168.1.1) in
the address bar.
 Log in to the router's admin interface using your username and password.
2. Navigate to Firewall Settings:
 Once logged in, navigate to the firewall settings. This location can vary based on your router
model. Look for terms like "Firewall," "Security," or "Access Control."

3. Enable the Firewall:

 If your firewall is not already enabled, turn it on. This is typically done with a simple toggle
switch.
4. Create Firewall Rules:
a. Inbound Rules (Traffic Coming In):
 Click on "Inbound Rules" or a similar option.
 Create rules to control incoming traffic. For example, if you want to block all incoming traffic
except for web traffic (HTTP and HTTPS), create a rule like this:
 Rule Name: Allow HTTP and HTTPS
 Action: Allow
 Protocol: TCP
 Port Range: 80-443
b. Outbound Rules (Traffic Going Out):
 Click on "Outbound Rules" or a similar option.
 Create rules to control outgoing traffic. For instance, if you want to block all outgoing traffic
to specific websites, create a rule like this:
 Rule Name: Block Example.com
 Action: Block
 Destination IP Address: [IP address of Example.com]
5. Test the Rules:
 Save the rules and test them. Try accessing a website you blocked in the outbound rules to
ensure it's blocked.
6. Advanced Firewall Rules:
 Depending on your router, you may have advanced options for more granular control. You can
create rules based on source and destination IP addresses, specific ports, and protocols.
7. Logging and Alerts:
 Configure the firewall to log events and send alerts if needed. This can help you keep track of
what's happening on your network.
8. Apply and Save Settings:
 Once you've configured the firewall rules to your satisfaction, apply the changes and save the
settings.
9. Reboot the Router:
 To ensure the firewall rules take effect, it's a good practice to reboot the router.
10. Regularly Review and Update Rules:
 Over time, you may need to modify or add new rules based on your network requirements and
security needs. Regularly review your firewall settings to stay protected.

Remember that configuring a firewall can impact the functionality of your network and certain
applications. Always be cautious when setting up rules, and make sure your configuration aligns with
your network's security and usability requirements

NETWORK TOPOLOGY-
INBOUND RULES-

ICMP PACKET STATUS-

 HTTP PACKKETS –

7.0 Skill Development

The microproject provided an opportunity to develop the following skills:

 Proficiency in network management, including the use of Router and Firewall.

 Knowledge of Firewall and its Feature with working.
 Understanding of Router Working.
 Understanding of network security.

8.0 Applications of the Micro-Project:

 Applied Firewall to network.

 Configured Router And Network.
 Provide Network Security in network locally and globally.

Teacher Signature
Mr. Zhamesh Bhalare