Black Box LR1530A-R3, LR1530A-EU-R3 manual Configure Firewall, Sample Firewall Application

Page 58

Applications

Configure Firewall

The router provides Firewall security for restricting access between any two networks connected through the router. Firewalls are set up on a per connection basis for the LAN and remote sites. The direction of filtering is from the perspective of the router; incoming traffic is from the network in question to the router, outgoing is from the router to the network. The direction of filtering may be set to incoming, outgoing, both or none. Once the direction of filtering for a connection has been set, holes may be created in the firewall to allow specified traffic through. Normally, the LAN firewall is used for restricting intranet traffic (connections within the corporate network) and remote site firewalls are used to limit access from less trusted sources, such as the Internet or dial-up links.

Main FTP server: 195.100.1.12

Main Web server: 195.100.1.20

Corporate Head

Office Network

195.100.1.0 Branch Office Network 195.100.2.0

Router with firewall enabled.

Internet

Any other network any IP address

Figure 2-10 Sample Firewall Application

The above diagram shows a corporate head office network, which is connected, to the Internet with an router. There is also a branch office at a remote site connected with a Digital Leased link. The administrator at the corporate head office wishes to set up an IP firewall to allow everyone on the Internet to have access to the corporate FTP and Web servers and nothing else. The administrator

52

Image 58

Contents Frame Relay/Leased Line Bridge/Router Specifications Normas Oficiales Mexicanas Electrical Safety Statement Page Page Page Contents Introduction to Filtering Appendix D Software Upgrades Page Unpack the unit Select a SiteIdentify the Connectors Rear View of the CSU-DSU routerMake the LAN Connections Connect to the ConsoleMake the WAN Link Connection Installation Power Up the router Login and Enter the Required ConfigurationMandatory Configuration Mandatory ConfigurationSet Link Interface Type Location Main Setting the Link Interface TypeLink Interface Type T1/E1 Selection Location Main Setting the T1/E1ParametersService parameters Location Main Framed/unframed/SF/ESFAs specifed First channel Number number of channelsSet Link Interface Type Location Main Identify the Status LEDs GreenFront View of the router Typical Applications & HOW to Configure Them Managing the router Using Menus Conventions Configuration Option Name Location MainOption Name Basic Frame Relay Configuration Frame Relay configurationLink Speed Location Main Frame Relay enable Location MainLink Speed Auto Learning the Frame Relay Configuration Auto-Learning Location Main Manual Configuration LMI TypeLMI Type IP Address Quick Start Frame RelayIP Address / Subnet mask size PPP Encapsulation Location Main Disabled Basic Leased Line ConfigurationFrame Relay disable Location Main Quick Start PPP Leased Line ConnectionsBasic PPP Leased Line Configuration Local IP Address Location MainBridge Connection Should You Bridge or Route? Configure as an Ethernet Bridge Bridged Local Area NetworksIP Address Applications Configure as an Ethernet IP router IP Routed Local Area NetworksIP Address Default Gateway Location Main Define an IP Default GatewayDefault Gateway Edit Static Route Location Main Define an IP Static RouteRemote Site Next Hop Cost Add Define an IP Subnet Mask IP Address & Subnet Size Location Main IP Address / mask sizeApplications Configure as an Ethernet IPX router Novell Servers in Both LocationsApplications Novell Servers in One Location Only IPX Routed Local Area Networks Servers on one sideIPX Frame Types Location Main PPP Link Configuration Overview Numbered LinksUnnumbered Links Server Configure Dynamic Host Configuration ProtocolDhcp Services Location Main IP Address Pool Location MainLocal + External DNS Server Configuration DNS Set-Up Location MainEnabled Configure Network Address Translation NATNAT Enabled Location Main NAT ExportsTranslation type Location Main Security Level Location Main Configure PPP SecuritySecurity Level Outgoing PAP Password Outgoing Chap Secret Incoming PAP Password Incoming Chap SecretSecurity Database Entry Location Main Configure Firewall 10 Sample Firewall ApplicationFirewall WAN Remote Site Filter direction Location Main FTP & WWW Designated Servers Location MainFirewall LAN Filter Direction Location Main Firewall Table Entry Location MainFirewall Location Main Applications MAC Address Filtering Introduction to FilteringPattern Filtering Not Introduction to Filtering Bridge NetBIOS &NetBEUI Microsoft WindowsPopular Filters IP & Related TrafficIP Router NetBIOS over TCPBanyan Other interesting TCP PortsAppendix a Menu Trees Menu Tree From previous Page Appendix B Octet Locations on Ethernet Frames Octet Locations on Ethernet Frames Ethernet Type Codes ARPOctet Locations on Ethernet Frames Octet Locations on a Bridged XNS Frame Octet Locations on Ethernet Frames Opening the case Appendix C Servicing InformationIdentifying the Internal Components CPUJ11 To Clear a Lost Password Sanity TimerForce Zmodem Software Load Connecting to the Console Connector Figure C-3 Rear View of the Console and LAN ConnectorsModule WAN Interface ConnectionPinout Information CSU/DSU ModuleT1/E1 Module T1/E1Universal WAN Module Connecting cable must be a shielded cable Link PinoutsServicing Information RS232C / V.24 Link Pinouts DCERS530 / RS422 Link Pinouts Figure C-8 RS530 / RS422 Link Pinouts11 / X.21 Link Pinouts Figure C-9 V.11 / X.21 Link Pinouts11 / X.21 DB25 to DB15 Connector Cable Figure C-10 V.11 / X.21 DB25 to DB15 Connector CableNull-Modem Cable Configuration Figure C 11 V.35 Null-Modem CableRS232 / V.24 Null-Modem Cable Figure C-12 RS232 / V.24 Null-Modem CableSignal Ground DTE Ready a RS530 / RS422 Null-Modem CableServicing Information Appendix D Software Upgrades Considerations Servicing Information Page PC used for Tftp transfers Link