Patton electronic 2635, 2621 manual Security Triggers, You can now ping between the two networks

Page 75

Models 2603, 2621, and 2635 Getting Started Guide7 • Security

Protocol

Abbreviation

Number

 

 

 

6

TCP

 

 

8

EGP

 

 

9

IGP

 

 

17

UDP

 

 

46

RSVP

 

 

47

GRE

 

 

89

OSPFIGP

 

 

92

MTP

 

 

94

IPIP

 

 

This example continues to allow pings over the firewall:

1.From the Configuration Menu, > Configuration > Security > Security Policy Configuration... > Port Filters...

> Add Raw IP Filter

2.Enter 1 (for ICMP) in the Protocol Number field.

3.Set both Inbound and Outbound for Allow. (See figure 50.)

4.Click on Create.

Figure 50. Defining ICMP port filter for ping

You can now ping between the two networks

Security Triggers

Security triggers are used to allow an application to open a secondary port in order to transport data. The most common example is FTP. This procedure sets up a trigger on the Firewall to permit an FTP session from PC A to PC B, but not the reverse.

1.First, create an outbound-only portfilter for FTP and add it to the item0 policy.

2.Following the path given in step 1 for the ping portfilter in the previous section, click on Add TCP Filter.

3.The Port Range is entered as 21 for both Start and End.

Security Triggers

75

Image 75
Contents IPLink Series High Speed Routers Mailsupport@patton.com Summary Table of Contents Contents Models 2603, 2621, and 2635 Getting Started Guide Remote Site Configuration Central site configuration EMC Ethernet Cable 123 Adapter Models 2603, 2621, and 2635 Getting Started Guide List of Figures Models 2603, 2621, and 2635 Getting Started Guide List of Tables About this guide AudienceStructure Precautions Safety when working with electricityImpaired functioning General observations Factory default parametersGeneral conventions Typographical conventions used in this documentGeneral Information Chapter contentsGeneral attributes IPLink Series High Speed Routers overviewWAN Interfaces EthernetProtocol support PPP SupportLogging or Smtp on events POST, Post errors, PPP/DHCP, IP SecurityFront Panel Status LEDs and Console Port Rear panel connectors and switches Console portOn the rear panel from left to right are the following Ethernet port outlined in green Power connectorGeneral Information Product Overview Introduction Sync Serial Application Applications OverviewInitial Configuration Hardware installation Interface cable installationWhat you will need RJ-48C pinout diagram Initial Configuration Ethernet connector Interface connector RJ-45 DB-15 Case being opened with a screwdriver Ethernet connector Interface connector RJ-45 DB-25 DCE Installing the AC power cordInitial Configuration Do the following Installing the Ethernet cablePC Configuration IP address modificationIP address has now been successfully changed Web Operation and ConfigurationModel 2603 home Model 2635 home Ethernet LAN Port Ethernet Port LAN ConnectionsBasic Ethernet port attributes Configurable Ethernet parameters Serial Port Configuration WAN Serial Port Configuration Serial InterfaceVariables T1/E1 Interface Configuration Web Interface ConfigurationWeb Configuration , enter username See figure Configuring the IPLink Series 2603 for T1 OperationConfiguring the IPLink Series 2603 for E1 Operation Line Options Fractional T1Serial Port Configuration PPP Bridged WAN ServicesWAN Services WAN Service Configuration PPP ConfigurationPPP Bridged Leave User name and Password blank. Click on Create Remote site configuration PPP RoutedPPP Routed Configuration menu Click on CreateEdit IP address of WAN port Click the Update buttonPPP link status Username blank Password blank Click on the Create button LMI Management Frame Relay linksLMI Configuration Web Configuration Methods Dlci Number Use Frame Relay ConfigurationFrame Relay bridged creation Frame Relay bridgedCentral site configuration Relay Frame Relay RoutedDescription FR routed Frame Relay Channel Routed configuration IP route for Frame Relay routed application Cost Interface frame-0WAN Services Security Configuring the router Click on Create a new serviceClick on the Create a new Ip route... hyperlink Valid gateway route Configuring the security interfacesSecurity configuration home Click on the hyperlink New Policy... See figure Configuring Security PoliciesEnabling the Firewall Firewall PortfiltersDeleting a security Policy You can now ping between the two networks Security TriggersConfiguring TCP port filter for FTP Adding trigger for FTP data transfer Attack Name Protocol Attacking Host Blacklisted? Intrusion Detection System IDSSecurity Introduction to NAT Enabling NATGlobal address pool and reserved map Click on Add Global Address Pool button Dhcp and DNS Configuration Services and features normally associated with each other NAT Dhcp ServerDhcp Server web Dhcp server configuration web Parameters for the Dhcp Server subnetNext section see figure 58. has three parameters IP Addresses to be available on this subnetDNS server option information Example based on default range of IP address poolConfiguration of the Dhcp Relay Default gateway option informationAdditional option information Dhcp RelayDhcp Relay webpage Configuring the DNS Relay DNS RelayDNS Relay configuration webpage IP Services CLI Configuration IP ServicesNext command disables the WEB server WEB ServerAssociated Ports for the different System IP Services System Configuration Authentication web page showing default superuser AuthenticationAccess the configuration and status of the alarms AlarmAlarm & Alarm Error Log configuration Remote AccessUpdate Backup/RestoreSave Restart Website SettingsSnmp Daemon Error LogSnmp Daemon configuration System ToolsSntp Client Configuration Configuring the Sntp Client Sntp Client Mode Configuration ParametersSntp Client General Configuration Parameters System Clock SettingConfiguration of the internal system calendar clock System Status Port Connection Status System StatusHardware Status LAN StatusMAC address the MAC address of the Ethernet port WAN StatusStatus LEDs Contacting Patton for assistance Warranty coverage Contact informationPatton support headquarters in the USA RMA numbers Out-of-warranty serviceReturns for credit Return for credit policyEMC Appendix a Compliance informationFCC Part 68 Acta Statement Model 2603 only ComplianceRadio and TV Interference FCC Part CE Declaration of ConformityIndustry Canada Notice 2603 Model only Appendix B Specifications T1/E1 Interface General CharacteristicsEthernet Sync Serial InterfaceProtocol Support PPP SupportManagement VDC power supply DimensionsPower and Power Supply Specifications AC universal power supplyAppendix C Cable Recommendations Adapter Ethernet CableAppendix D IPLink Physical Connectors Assuming the MDI-X switch is in the out position RJ-45 shielded 10/100 Ethernet portRJ-45 non-shielded RS-232 console port EIA-561 Serial port 35 M/34 and DB-25 ConnectorPin No Circuit Signal Name Direction 21 DB-15 ConnectorPin No Signal E1/T1 RJ-48C ConnectorAppendix E Command Line Interface CLI Operation Local VT-100 emulation Using the ConsoleCLI Terminology Produces a list of numbered transport objectsThen Another example shows when the user must provide a parameterAdding new users Administering user accountsSetting user passwords Enter the new password twice as promptedFor example, to change the security level for fred, enter Changing user settingsControlling login access Controlling user access
Related manuals
Manual 133 pages 54.65 Kb