Allied Telesis AT-AR300 manual Time Limited Rules, New Command Syntax

■Reverse NAT

This translates the addresses of public side devices to addresses suitable for the private side of the firewall (destination address will be translated for outbound packets, source address for inbound packets).

■Double NAT

This translates both the public and private side source and destination addresses.

■Enhanced NAT

This translates many private or public side addresses into a single global or local address. If it is applied to a private interface the rule matches the outbound sessions (source address will be translated for outbound packets, destination address for inbound packets). If it is applied to a public interface the rule matches the inbound sessions (source address will be translated for inbound packets, destination address for outbound packets).

■Subnet Translation

This translates IP addresses from one subnet into another subnet (e.g. all 192.168.xxx.xxx IP addresses can be translated into 202.36.xxx.xxx addresses). Subnet translation may be applied to Standard, Reverse and Double NAT.

Time Limited Rules

Rules can be set to expire after a specified Time To Live (TTL). A new parameter, TTL, specifies the time duration in hours and minutes that the rule will exist. The rule will be active from the creation of the rule and will be deleted after the time specified has expired. All entries created from this rule will be destroyed once the rule expires. Rules defined with a TTL value will not appear in router-generated configuration scripts, as they are dynamic.

New Command Syntax

The new syntax is:

ADD FIREWALL POLICY=policy RULE=rule-idACTION={ALLOWDENY NATNONAT} INTERFACE=interface PROTOCOL={protocolALLEGP GREOSPFSATCPUDP} [AFTER=hh:mm] [BEFORE=hh:mm] [DAYS={MONTUEWEDTHUFRISATSUNWEEKDAY WEEKEND}[,...]] [ENCAPSULATION={NONEIPSEC}] [GBLIP=ipadd] [GBLPORT={ALLport[-port]}] [GBLREMOTEIP=ipadd[-ipadd]] [IP=ipadd[-ipadd]] [LIST={list-nameRADIUS}]

[NATTYPE={DOUBLEENHANCEDREVERSESTANDARD}] [NATMASK=ipadd] [PORT={ALLport[-port]service-name] [REMOTEIP=ipadd[-ipadd]] [SOURCEPORT={ALLport[-port]}] [TTL=hh:mm]

SET FIREWALL POLICY=name RULE=rule-id[PROTOCOL={protocol ALLEGPGREOSPFSATCPUDP}] [AFTER=hh:mm] [BEFORE=hh:mm] [DAYS={MONTUEWEDTHUFRISATSUNWEEKDAY WEEKEND}[,...]] [ENCAPSULATION={NONEIPSEC}] [GBLIP=ipadd] [GBLPORT={ALLport[-port]}] [GBLREMOTEIP=ipadd[-ipadd]] [IP=ipadd[-ipadd]] [NATMASK=ipadd] [PORT={ALLport[-port] service-name}] [REMOTEIP=ipadd[-ipadd]] [SOURCEPORT={ALL port[-port]}] [TTL=hh:mm]

These commands add or modify a rule defining the access allowed between private and public interfaces of the specified policy. By default all access from public interfaces (outside the firewall) is denied and all access from private interfaces (inside the firewall) is allowed. To refine the security policy

Software Release 2.3.1 C613-10325-00 REV B