Installation guide

STEP 9: Principles of firewall configuration

This section explains the steps necessary for configuring any firewall. Product-specific information is in the

section on ‘

suggested firewall products’.

To configure your firewall, you may need to connect it to a computer.

• Make sure that the configuring computer is not connected to any other computer (e.g. via

wireless connection) – only one network connection is allowed, and this is between the

configuration computer and the firewall.

• Read the firewall manual regarding the default IP address your firewall will have. Configure

your configuration computer so that it can establish a TCP/IP connection to the firewall – the

manual usually tells you how to do this.

• Follow the instructions in your manual to open a web browser in your configuration computer,

and point it at the firewall's configuration address. Quite often that will be http://

192.168.0.1:80 or http://192.168.0.1:8080. Usually, you will be prompted for a user name and

password – consult your manual for the default password.

The first thing to do after logging into your firewall is change the password.

• It is important that you chose this password well – anybody who could access your firewall

configuration interface from the Internet could take over your whole network if your password

is too easy. Read how to choose a good password before you chose one.

After you have changed your password and logged into the firewall configuration interface using

your new password:

• Close all ports on your firewall using the firewall’s configuration interface. Do it before you do

anything else. If you cannot find it in the interface menu, consult your manual. It only takes a

couple of mouse clicks to do so. Some devices have all ports disabled by default, and this is

how it should be.

• Now configure the firewall’s WAN (Internet) interface via the configuration screen. In most

cases, the ISP will have provided you with a static IP number and DNS server details which

you will enter. Alternatively, some have their IP number allocated dynamically. In that case,

set the firewall’s WAN address to ‘DHCP client’ or ‘automatically allocated’. Many firewall

devices have to restart after this.

• Connect your firewall device or system to your Internet connection (ADSL modem, cable,

satellite modem, ethernet port). At this stage no other computer connected to your Intranet

is allowed to be connected to your firewall. Still, only the configuration computer is connected

to your firewall, plus the ADSL or cable or satellite modem plugged into Internet (WAN) port

of the firewall.

• Now open another browser window on your configuration computer. Try to browse the web,

e.g. http://www.google.com. If it works, try to send and receive a test email. If that works, you

do not have to open any additional ports on your firewall.

• The last step is to test your firewall. You need a few more skills and tools for that and some

hints are given in the section

Step Ten – DIY security audit Take this task seriously. If you

cannot do it yourself, you must contract somebody who can before you consider connecting

your practice network to the Internet. If you do not test your firewall, your patient's confidential

data stored on your network is at risk.

• If you are happy with your setup, run through the tutorial’s final checklist.

• Now you can connect your practice network to the firewall!