I'd have to chime in on the "badly formulated question" verdict.
A proper exercise/question must have more specific pass/fail requirements. Something along the lines of:
"Design a firewall setup with these constraints:
* E-mail traffic shall be permitted from the Internet to and from two specific hosts. Further, all hosts on the network shall be able to send and retrieve e-mail from these hosts.
* You shall provide for HTTP and HTTPS connectivity to the Internet from an office LAN. Connections to originate from LAN only.
* A web server shall serve HTTPS queries from all hosts.
* One part of the office holds engineers. They need to be able to use SSH to hosts on the Internet to work. You can expect their workstations to have static addresses and you will assign them.
* You have 2001:DB0::/48 as address space. Subnet as needed. The provider has requested you use the first /64 as demarcation LAN between you and their infrastructure. They will have the first IP address on their router, and will route the entire /48 towards the second address on the outside network.
* Pay special attention to control traffic when constructing rules.
* Anything not explicitly allowed is forbidden, unless you can demonstrate a valid reason for it. "
This is both specific and non-specific, and it is, IMNSHO, a much better replication of what is needed in real life. There is thinking required, and reading both on the lines and between them. Because the requirements will be un-informed, yet the demands are real.
I spent some years at a large university, teaching network theory and practice to engineering students, and I've seen the commercial crap that is re-runs from the 90s as well. The world desperately needs clued network engineers, not 14 day bootcamp wonders.
Home
Help
Search
Login
Register
