Patton electronic 3086 manual Security Triggers, 124

Page 124

6 • SecurityModel 3086 G.SHDSL Integrated Access Device User Guide

Transport Type Abbreviation
94	IPIP

To allow pings between the two PCs:

1.From the Configuration Menu, > Configuration > Security > Firewall Policy Configuration > Port Filters > Add Raw IP Filter

2.Enter 1 (for ICMP) in Transport Type.

3.Both Inbound and Outbound should be allowed.

4.Click on Apply.

You can now ping between the two networks

Security Triggers

Security triggers are used to allow an application to open a secondary port in order to transport data. The most common example is FTP. This procedure is to set up a trigger on the Firewall to have an FTP session from PC A to PC B, but not the reverse.

1.First, create an outbound-only portfilter for FTP and add it to the item0 policy.

2.Following the path given in step 1 for the ping portfilter, click on Add TCP Filter.

3.The Port Range is entered as 21 for both Start and End.

4.Set Inbound as Block, but Outbound as Allow.

5.Click on Apply.

124	Security Triggers

Image 124

Contents Shdsl Integrated Access Device Patton Electronics Company, Inc Contents Basic Application Configurations Contents Specialized Configurations 113 Contacting Patton for assistance 143 Cable Recommendations 157 Contents Page Audience About this guideStructure Precautions Safety when working with electricity Factory default parametersAbout this guide General conventions Typographical conventions used in this documentMouse conventions Chapter contents General InformationGeneral attributes Model 3086 G.SHDSL IAD overviewModel 3086 G.SHDSL IAD overview Shdsl Characteristics EthernetTDM Interface Protocol supportATM Protocols PPP SupportManagement Security ModelWAN DSL Power connector Rear panel connectors and switchesConsole port outlined in red Ethernet port outlined in green RJ-11/4 DSL line port uses pins 2 and 3 of the RJ-11 portLine port outlined in yellow Product Overview Product Overview Applications OverviewInternet/Extranet Access IP/FR and TDM AccessIP/FR and Voice over DSL Product OverviewMetro Intranet Access Quick Start Installation Installing the AC power cord Hardware installationWhat you will need Connecting network cables Quick Start InstallationWeb Operation and Configuration PC ConfigurationIP address Quick Start modification IP address has now been successfully changedModel 3086 home page displays see Figure Model 3086 menu structure is shown in onModel 3086 Menu Structure Basic Application Configurations Basic Application Configurations IPoA Routed RFC Introduction Routed WAN Services Bridged WAN Services TDM PortRear panel power and interface connectors Connecting the 3086 serial port to a DTE Connecting the 3086 serial port to a DCEX.21 Ports InterfacesConfiguring the V.35 or X.21 port via DIP switches X.21 PortsDIP switches location Switch Bank S2 Switch Position Function Factory Default Selected OptionSwitch Bank S3 T1 Interface T1 Interface ConnectionT1 Interface Configuration DIP Switch ConfigurationData Rate kbps Figuration only Web Interface Configuration Line Code The 3086 T1 interface uses B8ZSE1 Interface E1 Interface ConnectionDescription of S2 options follows the table E1/CRC S3-8 Setting Web Interface Configuration CLI configuration Using the 3086 as a simple modem TDM data over DSLCLI configuration Wait for configuration saved message… Saving configuration… Web browser configuration Clear Error CountersCircuit ID Intended DSL Data RateDSL Rate Number of i Bit Intended Serial Interface Data RateTerminal Type TDM Plus Ethernet Traffic Selecting PCM mode Selecting the DSL link speedAssigning bandwidth to serial and Ethernet ports Central or Remote terminal Master/SlaveFor 3086 B type For 3086 a at the prompt typeSelect between Annex a and Annex B To select Annex B type Circuit ID Intended Serial Interface Data Rate Interface Type Using the 3086 in Routed or Bridged applications Model 3086 Remote Configuration Steps PPPoH BridgedTwo stand-alone units directly connected Ethernet extension Hdlc Pppoh BridgedLeave User name and Password blank. Click on Apply Model 3086 Central Configuration Steps PPPoH Bridged Model 3086 Remote Configuration Steps PPPoH Routed Network Extension HDLC-PPPoH RoutedModel 3086 G.SHDSL Integrated Access Device User Guide Click on Configure Basic Application Configurations Model 3086 Central Configuration Steps PPPoH Routed Using the 3086 in Routed or Bridged applications RFC 1483 Bridged Configuration Bridged application configurations to a DslamDslam Connections with remote CPE units Model 3086 Remote Configuration Steps RFC 1483 Bridged Model 3086 Central Configuration Steps RFC 1483 Bridged PPPoH Bridged Configuration Dslam Connections with remote CPE units Model 3086 Central Configuration Steps PPPoH Bridged PPPoA Bridged RFC 2364 Configuration Model 3086 Remote Configuration Steps PPPoA BridgedModel 3086 CentralConfiguration Steps PPPoA Bridged VPI = VCI = LLC header mode = off Hdlc header mode = offModel 3086 Remote Configuration Steps RFC 1483 Routed Routed application configurations to a DslamRFC 1483 Routed Model 3086 G.SHDSL Integrated Access Device User Guide Basic Application Configurations Model 3086 Central Configuration Steps RFC 1483 Routed One IP interface was called ip1 with an IP addressIp set interface ip1 ipaddress 192.168.100.2 Dslam Connections with remote CPE units Basic Application Configurations PPPoH Routed Ip set interface ip1 ipaddress 192.168.100.2 Dslam Connections with remote CPE units Basic Application Configurations Model 3086 Central Configuration Steps PPPoH Routed Basic Application Configurations Basic Application Configurations Model 3086 Remote-Client Configuration Steps PPPoA Routed PPPoA Routed RFCUser Namefred Passwoodfredspass Click on Configure ChapBasic Application Configurations Dslam Connections with remote CPE units Model 3086 Central-Server Configuration Steps PPPoA Routed 100 101 Local IP Magic Number MRU 102103 104 105 106 IPoA Routed RFC Model 3086 Remote Configuration Steps IPoA Routed107 108 109 110 VPI0 VCI700 WAN IP address Click on Apply Model 3086 Central Configuration Steps IPoA Routed111 112 Specialized Configurations IP Configurations RouterRIP and RIPv2 Static Route Dhcp Server and RelaySpecialized Configurations 115DNS Client 116DNS Relay Mode 117IP Configurations Security Configuring the IAD 120Security Configuring the security interfaces121 Deleting a Firewall Policy 122Enabling the Firewall Firewall PortfiltersFirewall Policies Firewall policy named item0 is now deletedSecurity Triggers 124125 Intrusion Detection System IDS Scan Attack Block DurationDefault = 86400 seconds126 127 Intrusion Detection System IDS NAT Network Address Translation Enabling NAT 130NAT Network Address Translation Global address pool and reserved map131 132 Monitoring Status Status LEDs 134Diagnostics Software Upgrades ConfigurationProcedure PingDiagnostics Operating Local Analog Loopback LAL-Serial Port LoopOperating Remote Digital Loopback RDL-DSL Loop 137Network Loop T1/E1 Diagnostics138 T1/E1 Local Loop 139QRSS-BIT Error Rate Diagnostics 140Alarms T1/E1 connection StatusTransceiver Status FDL statistics T1 onlyBIT Error Rate V.52 Diagnostics 142Contacting Patton for assistance Warranty coverage Out-of-warranty serviceContact information Returns for creditReturn for credit policy RMA numbersShipping instructions Contacting Patton for assistancePage Appendix a Compliance information Safety ComplianceRadio and TV Interference FCC Part CE Declaration of ConformityAuthorized European Representative FCC Part 68 Acta StatementIndustry Canada Notice 149150 Appendix B Specifications General Characteristics Shdsl CharacteristicsEthernet 152Sync Serial Interface T1/E1 Interface 3086/RIK and RIT models only64K/G.703 Port 3086/RIF Model Protocol SupportPPP Support ATM ProtocolsManagement 154Dimensions Power and Power Supply SpecificationsSecurity Compliance Standard Requirements156 Appendix C Cable Recommendations DSL Cable Ethernet CableAdapter Foot 3 m, RJ-11/RJ-11 refer to RJ-11non-shielded port onAppendix D Physical Connectors Assuming the MDI-X switch is in the out position RJ-45 shielded 10/100 Ethernet portRJ-11 non-shielded port RJ-45 non-shielded RS-232 console port EIA-56135 M/34 Connector 35 DB-25 Female ConnectorPhysical Connectors Serial portPower input 21 DB-15 Connector E1/T1 RJ-48C ConnectorIEC 320 connector two prong 162Appendix E Command Line Interface CLI Operation 163CLI Terminology Produces a list of numbered transport objectsLocal VT-100 emulation Remote TelnetUsing the Console Command Line Interface CLI OperationThen 165Administering user accounts Setting user passwordsAdding new users Following information is returnedChanging user settings Controlling login accessControlling user access Shdsl CommandsFor CPE remote unit To establish the DSL link168 169 170 Appendix F Interworking Functions Information Interworking Functions Information LMI Configuration Options ManagementType Default Value nomaintenanceFrame Relay Local Management Interface 173MgtAutoStart Default Value False T391Value Default ValueT392Value Default Value FullReportCycle Default ValueCLI Configuration Methods Show current configurationCommand lmi show Set configuration variableFrame Relay Service Interworking FRF.8 Web Configuration MethodsFRS Configuration Options DE MappingFecn Mapping Translation Mode177 FRS Name 178CLI Configuration Method Command frs set group # variable valueShow one of the eight groups Set variable attributes on a specified groupFRS Overview Screen Set variable attributes on a specified channel180 Group/Channel Level Configuration Screen 181Frame Relay Network Interworking FRF.5 FRN Configuration Options182 Port Level Configuration Options 183Channel Level Configuration Options 184CLI Configuration Methods for Port Level Management List all ports available to the systemShow detailed information about a specific port 185Command frn set port# variable value Configuration Management of the Channel Level VariablesUnderstanding the Channel Level View 186Command frn set port# channel # variable value Set Configuration Variables associated with the Channels187 Port Level Information Screen 188Packet Information Screen Channel Level Information Screen189 Frame Relay CLI Configuration Options Frame Relay Configuration OptionsFrame Relay Ethernet Based Operations Clear all Frame Relay Transports Delete the specified transportList all active Frame Relay Channels 191Serial Interface Configuration Web Based Configuration of the Frame Relay ChannelConfiguration Variables Available Clock ModeGain help about the Serial Interface Show current configuration settings193 Web Interface Configurations Ping commands from the CLI InterfacePing and Trace Route 194Trace Route from the CLI Interface Define Usage ip tracerouteStart Trace Route ip traceroute start 195Backup and Restore Features Backup ConfigurationRestore Configuration Ping and traceroute from the web interface

Related manuals

Manual 2 pages 38.76 Kb