DMZ Firewall Solution for the Express Router
Filter Function
2Prevents tunnel packets from entering the DMZ network
3Prevents RSVP packets from entering the DMZ network/router. Three separate filters are required.
4
5
6Prevents BootP updates from entering the DMZ network/router.
7Prevents Syslog updates from entering the DMZ network/router
8Discards all packets that fake the IP address of the router on LAN1 as these packets are allowed to pass the Tx filter on LAN1
Settings
Src. address type: | All |
Src. port: | All |
Action: | Discard |
Protocol: | TCP |
Dest. address type: | All |
Dest port: | Tunnel |
Src. address type: | All |
Src. port: | All |
Action: | Discard |
Protocol: | RSVP |
Dest. address type: | All |
Dest. port : | All |
Src. address type: | All |
Src. port : | All |
Action: | Discard |
Protocol: | UDP |
Dest. address type: | All |
Dest. port : | 1698 |
Src. address type: | All |
Src. port : | All |
Action: | Discard |
Protocol: | UDP |
Dest. address type: | All |
Dest. port : | 1699 |
Src. address type: | All |
Src. port : | All |
Action: | Discard |
Protocol: | UDP |
Dest. address type: | All |
Dest. port: | 67 |
Src. address type: | All |
Src. port: | All |
Action: | Discard |
Protocol: | UDP |
Dest. address type: | All |
Dest. port: | 514 |
Scr. address type: | All |
Src. port : | All |
Action: | Discard |
Protocol: | UDP |
Dest. address type: | All |
Dest. port: | All |
Scr. address type: | Host |
Src. address: | <LAN1 IP address> |
Src. port : | All |
Version 1.0 | 22 |