Perle Systems 1700 manual Enter ID# 1 for ISP remote site, Inbound, FTP Server, WWW Http Server

Page 63

Applications

First the firewall on the ISP connection (remote site 1) of the WAN is set-up. The firewall option is set to “inbound” to have this WAN firewall filter traffic from the ISP to the router while allowing unrestricted access out to the Internet.

Firewall

Location: Main

ªConfiguration

ªApplications Set-up

ªFirewall Set-up

ªWAN Firewall Set-up

ªenter ID# 1 for ISP remote site

ªFirewall

ªinbound

The firewall on the Internet connection is set-up to protect the entire corporate network, including the branch office, from unauthorized traffic.

Then the entries are made in the “Designated Servers” menu to allow Internet access to the FTP and Web servers on the corporate network.

FTP & WWW Designated Servers

Location: Main

ªConfiguration

ªApplications Set-up

ªFirewall Set-up

ªWAN Firewall Set-up

ªID# 1 for ISP remote site

ªDesignated Servers

ªFTP Server

195.100.1.12

ªWWW (HTTP) Server

195.100.1.20

When defining a designated server you will be prompted for the IP address of that device. Adding an entry to the designated servers list allows you to quickly setup a firewall entry without having to figure out TCP port values.

Next, the LAN firewall is set-up to restrict access to the LAN. The firewall option is set to “outbound” to have the LAN firewall filter traffic from the router.

Firewall

Location: Main

ªConfiguration

ªApplications Set-up

ªFirewall Set-up

ªLAN Firewall Set-up

ªFirewall

ªOutbound

Note: if this P1730 has a second LAN interface installed, you will be requested to select which LAN this firewall entry is to be used with.

57

Page 62 Page 64
Image 63
Page 62 Page 64
Contents Bridge / Routers User And System Administration Guide Federal Communications Commission FCC Using This Manual Contents Introduction to Filtering Appendix D Interface Pinouts Select a Site Unpack the RouterLocation of the Reset Hole on Router Identify the Reset SwitchIdentify the Connectors P1705P1730 Make the Link Connections Connect to the ConsoleManaging the P1705 & P1730 Using the Menus Power Up the Bridge/RouterOption Name ConventionsPassword Login to Bridge/Router and Enter the Required Configuration56/64 kbps T1 or E1Reserved As specifedFirst channel Number of channelsIsdn U Isdn S/T PPP Isdn Mandatory ConfigurationOff Identify the Status LEDsTypical Applications & How to Configure Them Bridging and Routing Should You Bridge or Route? Networks Bridged across a WAN link BridgingIP Address / Size of Subnet Mask IP RoutingIP Addressing IP Subnets MasksDefining an IP Subnet Mask IP Static Route IP Default GatewayNovell Servers in Both Locations IPX RoutingIPX Routed Local Area Networks Servers on one side Novell Servers in One Location OnlyIeee 802.2 Frames IPX RoutingEthernet-II Frames RAW 802.3 FramesNovell Server with Dual LANs IPX ForwardingSelect LAN1 or LAN2 Link IP address PPP Link ConfigurationPPP Overview Numbered LinksPeer IP address Unnumbered LinksMultilink Operation Basic Isdn Connections Basic WAN ConfigurationsSwitch Type Directory NumberSpid Console after a full reset Soft ResetPPP Isdn Manual Call Quick Connections IP Address / Subnet mask size Manual CallFrame Relay configuration Basic Frame Relay ConfigurationLink Speed Auto Learning the Frame Relay ConfigurationLMI Type Manual Configuration LMI TypePPP Enabled Quick Start Frame RelayIP Address / mask size Quick Start PPP Leased Line Connections Basic Leased Line ConfigurationBridge Connection Configure Remote Site Profiles Isdn Number Configure Remote Site Profiles for Isdn PPPEnabled Dlci Configure Remote Site Profile for Frame RelayªConfiguration WAN Set up Remote Site Set-up Remote Site AliasCIR Primary LinkEIR DisabledConfigure Remote Site Profiles for Leased Line PPP Site profile Schedule RecoveryConfigure Remote Site Profiles for PPPoE ªenabledLAN ªTCP mss value ª1452 ªPPPoE remote site alias ªISP provided usernameªIP Address / number of addresses Advanced FeaturesConfigure Dynamic Host Configuration Protocol ªServerIP address external DNS server IP address local DNS serverNetwork Address Translation and Port Translation Enter the private network IP address of each service offered11 Napt Configuration Configure PPP Security Security Security Level Incoming PAP Password Outgoing PAP PasswordIncoming Chap Secret Outgoing Chap Secret 13 Sample Firewall Application Configure FirewallFTP Server Enter ID# 1 for ISP remote siteInbound ID# 1 for ISP remote siteSource Mask Filter ID # Destination AddressDestination Mask Source AddressCompression Network Address TranslationFilters Bandwidth On Demand EnableLocation Main QOS Priority QueuingªPriority ªPriority List Number Simple Network Time Protocol Sntp ªenableªTime ªIP AddressMAC Address Filtering Introduction to FilteringNot Pattern FilteringIP & Related Traffic NetBIOS &NetBEUI Windows For WorkgroupsPopular Filters BridgeOther interesting TCP Ports NetBIOS over TCPIP Router BanyanAppendix a Menu Trees Menu Tree Menu Tree Octet Locations on a Bridged TCP/IP Frame Appendix B Octet Locations on Ethernet FramesConfiguration Pages Octet Locations Octet Locations on a Bridged XNS Frame Opening the case Appendix C Servicing InformationIdentifying the Internal Components To Clear a Lost Password Changing LAN or WAN InterfacesSelecting MDI or MDI-X LAN Interface Processor settings for the Isdn Link Modules Installing the Isdn Link ModulesChanging the Termination Straps on the Isdn S/T Interface Connecting to the ISDN-U Link ModulePerforming a Software Upgrade PC used for Tftp transfers Router a Router B Router C Pinout Information Link Clocking InformationATL-CSU/DSU Link Module Information Switches DB25 Female DCE Console PinoutsDB25 Female DTE 24 & RS232C Link PinoutsDB15 Female DTE 11/X.21 Link PinoutsDB25 Female DTE RS442 & RS530 Link PinoutsDCE Link PinoutsFigure D-9 RS232 Null-Modem Cable RS232 Null-Modem Cable ConfigurationFigure D 10 V-35 Null-Modem Cable Null-Modem Cable ConfigurationFigure D-11 RS530 Null-Modem Cable RS530 Null-Modem Cable ConfigurationFigure D-12 RS530 to RS449 Conversion Cable RS530 To RS449 Conversion CableFigure D-13 V.11/X.21 Null-Modem Cable 11/X.21 Null-Modem Cable Configuration
Top Page Image Contents