Patton electronic 2603, 2621, 2635 manual Security Triggers, Add Raw IP Filter

Page 75

Models 2603, 2621, and 2635 Getting Started Guide7 • Security

Protocol

Abbreviation

Number

 

 

 

6

TCP

 

 

8

EGP

 

 

9

IGP

 

 

17

UDP

 

 

46

RSVP

 

 

47

GRE

 

 

89

OSPFIGP

 

 

92

MTP

 

 

94

IPIP

 

 

This example continues to allow pings over the firewall:

1.From the Configuration Menu, > Configuration > Security > Security Policy Configuration... > Port Filters...

> Add Raw IP Filter

2.Enter 1 (for ICMP) in the Protocol Number field.

3.Set both Inbound and Outbound for Allow. (See figure 50.)

4.Click on Create.

Figure 50. Defining ICMP port filter for ping

You can now ping between the two networks

Security Triggers

Security triggers are used to allow an application to open a secondary port in order to transport data. The most common example is FTP. This procedure sets up a trigger on the Firewall to permit an FTP session from PC A to PC B, but not the reverse.

1.First, create an outbound-only portfilter for FTP and add it to the item0 policy.

2.Following the path given in step 1 for the ping portfilter in the previous section, click on Add TCP Filter.

3.The Port Range is entered as 21 for both Start and End.

Security Triggers

75

Image 75
Contents IPLink Series High Speed Routers Mailsupport@patton.com Summary Table of Contents Contents Contents Models 2603, 2621, and 2635 Getting Started Guide Remote Site Configuration Central site configuration EMC Ethernet Cable 123 Adapter Contents Models 2603, 2621, and 2635 Getting Started Guide List of Figures Models 2603, 2621, and 2635 Getting Started Guide List of Tables About this guide AudienceStructure Impaired functioning PrecautionsGeneral observations Safety when working with electricityFactory default parameters Typographical conventions used in this documentGeneral conventions General Information Chapter contentsGeneral attributes IPLink Series High Speed Routers overviewWAN Interfaces EthernetProtocol support PPP SupportFront Panel Status LEDs and Console Port SecurityConsole port Rear panel connectors and switchesEthernet port outlined in green Power connectorGeneral Information Product Overview Introduction Sync Serial Application Applications OverviewInitial Configuration Hardware installation Interface cable installationWhat you will need RJ-48C pinout diagram Models 2603, 2621, and 2635 Getting Started Guide Mechanical serviceability Case being opened with a screwdriver Ethernet connector Interface connector RJ-45 DB-25 DCE Installing the AC power cordInitial Configuration Do the following Installing the Ethernet cableWeb Browser IP address modificationWeb Operation and Configuration PC ConfigurationModel 2603 home Model 2635 home Ethernet LAN Port Ethernet Port LAN ConnectionsBasic Ethernet port attributes Configurable Ethernet parameters Serial Port Configuration WAN Serial Port Configuration Serial InterfaceVariables T1/E1 Interface Configuration Web Interface ConfigurationWeb Configuration , enter username See figure Configuring the IPLink Series 2603 for T1 OperationConfiguring the IPLink Series 2603 for E1 Operation Line Options Fractional T1Serial Port Configuration PPP Bridged WAN ServicesWAN Services WAN Service Configuration PPP ConfigurationPPP Bridged Leave User name and Password blank. Click on Create Remote site configuration PPP RoutedClick on Create Click the Update button PPP link status LMI Configuration LMI Management Frame Relay linksWeb Configuration Methods Dlci Number Use Frame Relay ConfigurationFrame Relay bridged creation Frame Relay bridgedCentral site configuration Relay Frame Relay RoutedDescription FR routed Frame Relay Channel Routed configuration Cost Interface frame-0 WAN Services Security Configuring the router Click on Create a new serviceClick on the Create a new Ip route... hyperlink Valid gateway route Configuring the security interfacesSecurity configuration home Define ‘ppp-0’ interface as External Configuring Security PoliciesEnabling the Firewall Firewall PortfiltersDeleting a security Policy Add Raw IP Filter Security TriggersConfiguring TCP port filter for FTP Adding trigger for FTP data transfer Attack Name Protocol Attacking Host Blacklisted? Intrusion Detection System IDSSecurity Introduction to NAT Enabling NATGlobal address pool and reserved map Click on Add Global Address Pool button Dhcp and DNS Configuration Services and features normally associated with each other NAT Dhcp ServerDhcp Server web Dhcp server configuration web Parameters for the Dhcp Server subnetDhcp IP address pool IP Addresses to be available on this subnetDNS server option information Example based on default range of IP address poolConfiguration of the Dhcp Relay Default gateway option informationAdditional option information Dhcp RelayDhcp Relay webpage Configuring the DNS Relay DNS RelayDNS Relay configuration webpage IP Services IP Services WEB ServerCLI Configuration Associated Ports for the different System IP Services System Configuration Authentication web page showing default superuser AuthenticationAccess the configuration and status of the alarms AlarmAlarm & Alarm Error Log configuration Remote AccessUpdate Backup/RestoreSave Restart Website SettingsSnmp Daemon Error LogSnmp Daemon configuration System ToolsSntp Client Configuration Configuring the Sntp Client Sntp Client Mode Configuration ParametersSntp Client General Configuration Parameters System Clock SettingConfiguration of the internal system calendar clock System Status Port Connection Status System StatusDefined Interfaces LAN StatusWAN Status Hardware StatusStatus LEDs Contacting Patton for assistance Warranty coverage Contact informationPatton support headquarters in the USA RMA numbers Out-of-warranty serviceReturns for credit Return for credit policyEMC Appendix a Compliance informationCE Declaration of Conformity SafetyCompliance Radio and TV Interference FCC PartAuthorized European Representative Appendix B Specifications T1/E1 Interface General CharacteristicsEthernet Sync Serial InterfaceProtocol Support PPP SupportManagement VDC power supply DimensionsPower and Power Supply Specifications AC universal power supplyAppendix C Cable Recommendations Adapter Ethernet CableAppendix D IPLink Physical Connectors RJ-45 non-shielded RS-232 console port EIA-561 RJ-45 shielded 10/100 Ethernet portSerial port 35 M/34 and DB-25 ConnectorPin No Circuit Signal Name Direction 21 DB-15 ConnectorPin No Signal E1/T1 RJ-48C ConnectorAppendix E Command Line Interface CLI Operation Remote Telnet Using the ConsoleCLI Terminology Local VT-100 emulationThen Administering user accounts Setting user passwordsAdding new users Changing user settings Controlling login accessControlling user access
Related manuals
Manual 133 pages 40.62 Kb Manual 8 pages 11.19 Kb