The A10 Thunder Convergent Firewall (CFW) has a large set of technologies and features. This article will describe the most basic configuration of the Thunder CFW deployed at the edge of a corporate network and connected directly to the Internet. The purpose of this document is to guide the reader in setting up a basic firewall configuration which will securely route internal network traffic to the Internet.
The overview for this example consists of:
The most basic configuration for this network includes the following Thunder CFW technologies:
The following is a complete command line configuration for the A10 Thunder CFW:
class-list inside 172.20.0.0/16 lsn-lid 1 ! interface ethernet 1 name External enable ip address 188.8.131.52 255.255.255.252 ip nat outside ! interface ethernet 3 name CorporateNet enable ip address 172.16.0.1 255.255.0.0 ip nat inside ! ip route 0.0.0.0 /0 184.108.40.206 ! cgnv6 lsn inside source class-list inside ! cgnv6 nat pool public 220.127.116.11 netmask /32 ! cgnv6 lsn-lid 1 source-nat-pool public ! rule-set firewall rule 30 action permit cgnv6 source ipv4-address any source zone any dest ipv4-address any dest zone any service any ! fw active-rule-set firewall ! end
The following commands configure Carrier Grade NAT (CGNAT) to translate inside addresses to a public external IP address. In this case, all traffic will be exposed as a single IP address 18.104.22.168.
class-list inside 172.20.0.0/16 lsn-lid 1 cgnv6 lsn inside source class-list inside cgnv6 nat pool public 22.214.171.124 netmask /32 cgnv6 lsn-lid 1 source-nat-pool public
The following commands create a single firewall ruleset, which processes outgoing traffic and enables the NAT functionality using CGNAT.
rule-set firewall rule 30 action permit cgnv6 source ipv4-address any source zone any dest ipv4-address any dest zone any service any fw active-rule-set firewall
IP traffic is routed through interface Ethernet 1 directly to the ISP edge router device.
ip route 0.0.0.0 /0 126.96.36.199
This article described a simple firewall configuration. The purpose of this is the provide a quick start instruction to setup and troubleshoot a basic configuration. There are hundreds of features included with the A10 Thunder CFW. From this basic configuration, the customer can then customize the system, adding features one at a time.
The follow up article starts with the firewall configuration above, and shows how to add an application service to A10 Thunder CFW.