Patton electronic 2603, 2621, 2635 manual Configuring the router, Click on Create a new service

Page 69

Models 2603, 2621, and 2635 Getting Started Guide

7 • Security

 

 

Introduction

Security provides the ability to setup and enforce security policies. The policies define the types of traffic per- mitted to pass through a gateway, either inbound, outbound, or both, and from which origins the traffic may be allowed to enter.

Within the security configuration is a stateful firewall. A stateful firewall utilizes a security mechanism to main- tain information concerning the packets it receives. This information is used for deciding dynamically whether or not a packet may pass through.

Port filters are rules that determine how a packet should be handled. The rules define the protocol type, the range of source and destination port numbers and an indication whether the packet is allowed or not.

Security triggers are used with applications that require and create separate sessions. The most common exam- ple is FTP. An FTP client establishes a connection to a server using port 21, but data transfers are done on a separate connection or port. The port number, and who makes the connection, can vary depending on the FTP client. To allow FTP to work without triggers, you would need to set up port filters allowing the correct port numbers through. This is a significant security risk.

This risk can be avoided by using security triggers. Triggers tell the security mechanism to expect these second- ary sessions and how to handle them. Rather than allowing a range of port numbers, triggers handle the situa- tion dynamically, opening the secondary sessions only when appropriate. The triggers work without needing to understand the application protocol or reading the payload of the packet, although this does happen when using NAT.

Triggering allows you to set up a trigger for different application protocols that use multiple sessions. The tim- eout between sessions and whether or not session chaining are allowed are configurable. Session chaining is not needed for FTP but is for NetMeeting.

Configuring the router

The configuration of security assumes that the IPLink router has been configured with a valid IP address for the Ethernet port so that the user may access the modem via the web page. If the IP address is still the factory default, go to the section in Chapter 3 entitled IP Address Modification.

In this example the WAN transport between the two IPLink router/Routers will be PPP (routed).

1.Click on WAN under Services Configuration in the IPLink router’s Configuration Menu.

2.Click on Create a new service....

3.Select PPP routed and click on the Continue=> button.

4.For this example, enter PPP Security Firewall in the Description field. (See figure 41.)

5.Click on Create.

Introduction

69

Page 68 Page 70
Image 69
Page 68 Page 70
Contents IPLink Series High Speed Routers Mailsupport@patton.com Summary Table of Contents Contents Contents Models 2603, 2621, and 2635 Getting Started Guide Remote Site Configuration Central site configuration EMC Ethernet Cable 123 Adapter Contents Models 2603, 2621, and 2635 Getting Started Guide List of Figures Models 2603, 2621, and 2635 Getting Started Guide List of Tables About this guide AudienceStructure Impaired functioning PrecautionsGeneral observations Safety when working with electricityFactory default parameters Typographical conventions used in this documentGeneral conventions General Information Chapter contentsGeneral attributes IPLink Series High Speed Routers overviewProtocol support EthernetPPP Support WAN InterfacesFront Panel Status LEDs and Console Port SecurityConsole port Rear panel connectors and switchesEthernet port outlined in green Power connectorGeneral Information Product Overview Introduction Sync Serial Application Applications OverviewInitial Configuration Hardware installation Interface cable installationWhat you will need RJ-48C pinout diagram Models 2603, 2621, and 2635 Getting Started Guide Mechanical serviceability Case being opened with a screwdriver Ethernet connector Interface connector RJ-45 DB-25 DCE Installing the AC power cordInitial Configuration Do the following Installing the Ethernet cableWeb Operation and Configuration IP address modificationPC Configuration Web BrowserModel 2603 home Model 2635 home Ethernet LAN Port Ethernet Port LAN ConnectionsBasic Ethernet port attributes Configurable Ethernet parameters Serial Port Configuration WAN Serial Port Configuration Serial InterfaceVariables T1/E1 Interface Configuration Web Interface ConfigurationWeb Configuration , enter username See figure Configuring the IPLink Series 2603 for T1 OperationConfiguring the IPLink Series 2603 for E1 Operation Line Options Fractional T1Serial Port Configuration PPP Bridged WAN ServicesWAN Services WAN Service Configuration PPP ConfigurationPPP Bridged Leave User name and Password blank. Click on Create Remote site configuration PPP RoutedClick on Create Click the Update button PPP link status LMI Configuration LMI Management Frame Relay linksWeb Configuration Methods Dlci Number Use Frame Relay ConfigurationFrame Relay bridged creation Frame Relay bridgedCentral site configuration Relay Frame Relay RoutedDescription FR routed Frame Relay Channel Routed configuration Cost Interface frame-0 WAN Services Security Configuring the router Click on Create a new serviceClick on the Create a new Ip route... hyperlink Valid gateway route Configuring the security interfacesSecurity configuration home Define ‘ppp-0’ interface as External Configuring Security PoliciesEnabling the Firewall Firewall PortfiltersDeleting a security Policy Add Raw IP Filter Security TriggersConfiguring TCP port filter for FTP Adding trigger for FTP data transfer Attack Name Protocol Attacking Host Blacklisted? Intrusion Detection System IDSSecurity Introduction to NAT Enabling NATGlobal address pool and reserved map Click on Add Global Address Pool button Dhcp and DNS Configuration Services and features normally associated with each other NAT Dhcp ServerDhcp Server web Dhcp server configuration web Parameters for the Dhcp Server subnetDhcp IP address pool IP Addresses to be available on this subnetDNS server option information Example based on default range of IP address poolAdditional option information Default gateway option informationDhcp Relay Configuration of the Dhcp RelayDhcp Relay webpage Configuring the DNS Relay DNS RelayDNS Relay configuration webpage IP Services IP Services WEB ServerCLI Configuration Associated Ports for the different System IP Services System Configuration Authentication web page showing default superuser AuthenticationAccess the configuration and status of the alarms AlarmAlarm & Alarm Error Log configuration Remote AccessUpdate Backup/RestoreSave Restart Website SettingsSnmp Daemon Error LogSnmp Daemon configuration System ToolsSntp Client Configuration Configuring the Sntp Client Sntp Client Mode Configuration ParametersSntp Client General Configuration Parameters System Clock SettingConfiguration of the internal system calendar clock System Status Port Connection Status System StatusWAN Status LAN StatusHardware Status Defined InterfacesStatus LEDs Contacting Patton for assistance Warranty coverage Contact informationPatton support headquarters in the USA Returns for credit Out-of-warranty serviceReturn for credit policy RMA numbersEMC Appendix a Compliance informationCompliance SafetyRadio and TV Interference FCC Part CE Declaration of ConformityAuthorized European Representative Appendix B Specifications Ethernet General CharacteristicsSync Serial Interface T1/E1 InterfaceProtocol Support PPP SupportManagement Power and Power Supply Specifications DimensionsAC universal power supply VDC power supplyAppendix C Cable Recommendations Adapter Ethernet CableAppendix D IPLink Physical Connectors RJ-45 non-shielded RS-232 console port EIA-561 RJ-45 shielded 10/100 Ethernet portSerial port 35 M/34 and DB-25 ConnectorPin No Circuit Signal Name Direction 21 DB-15 ConnectorPin No Signal E1/T1 RJ-48C ConnectorAppendix E Command Line Interface CLI Operation CLI Terminology Using the ConsoleLocal VT-100 emulation Remote TelnetThen Administering user accounts Setting user passwordsAdding new users Changing user settings Controlling login accessControlling user access
Related manuals
Manual 133 pages 40.62 Kb Manual 8 pages 11.19 Kb
Top Page Image Contents