Reject target, Firewall configuration procedures | Avocent ACS 5000

84Cyclades® ACS 5000 Installation/Administration/User Guide

REJECT target

If REJECT is selected from the Target pull-down menu, the following pull-down menu appears.

Any Reject with option causes the input packet to be dropped and a reply packet of the specified type to be sent.

Table 7.11: Reply Packet Names and Definitions

Field Name

Reject with

icmp-net-unreachable icmp-host-unreachable icmp-port-unreachable icmp-proto-unreachable icmp-net-prohibited icmp-host-prohibited echo-reply

tcp-reset

Definition

Reject with means that the filter will drop the input packet and send back a reply packet according to any of the reject types listed below.

ICMP network unreachable alias.

ICMP host unreachable alias.

ICMP port unreachable alias.

ICMP protocol unreachable alias.

ICMP network prohibited alias.

ICMP host prohibited alias.

Echo reply alias.

TCP RST packet alias.

NOTE: The packets are matched (using tcp flags and appropriate reject type) with the REJECT target.

Firewall configuration procedures

The following sections describe the procedures for defining packet filtering:

To add a chain:

1.Go to Network - Firewall Configuration.

2.Click Add. The Add Chain dialog box appears.

3.Enter the name of the chain to be added in the Name field.

4.Click OK. The name of the new chain appears in the list.

NOTE: Spaces are not allowed in the chain name.

5.Add one or more rules to finish, as described in To add a rule: on page 85

To edit a chain:

Perform this procedure if you wish to change the policy for a default chain.

Image 92

Avocent ACS 5000 manual Reject target, Firewall configuration procedures, To add a chain, To edit a chain

Contents

Cyclades ACS FCC Warning Statement Canadian DOC Notice Cyclades ACS Symbols Used B L E of C on T E N T S Configuring the Console Server in Wizard Mode Vii Network Menu and Forms Appendix a Technical Specifications 143 Connectors on the Console Server Overview Accessing the Console Server and Connected Devices ACS 5000 Console Server Connectors Number Description Prerequisites for Using the Web Manager Web Manager Security AuthenticationTypes of Users Authentication Methods Supported Authentication Type Definition Services not supporting IPv6 IPv6Packet Filtering Structure of IP filtering Add rule and edit rule options ChainRule Add Rule and Edit Rule Option Definitions Filter Options Numeric protocol options TCP protocol optionsUDP protocol options Icmp protocol options Notifications, Alarms and Data Buffering Example of using facility numbersSyslog servers Prerequisites for logging to syslog servers Console Server and Power Management Configuring access to connected devicesCommon Administrator Tasks for Configuring Software Managing Users of Connected Devices Additional requirements for Server Technology IPDUs Conventions used to identify outlets Configuring power management Configuring ports for power management by authorized users Hostname Discovery Options for managing powerPower management through the web manager Cyclades ACS 5000 Installation/Administration/User Guide Mounting the console server Important Pre-installation RequirementsBasic Installation Procedures To connect devices to serial ports Making an Ethernet connectionTo rack mount the console server To connect to the console port Console server serial port pin-out information To use the wiz command to configure network parameters Turning on the console server and the connected devicesTo turn on the console server To turn on connected devices To configure for IPv4 protocol To configure for IPv6 protocol Selecting a security profile using the web manager Other Methods of Accessing the Web Manager Adding users and configuring ports using the web managerTo use a dynamic IP address to access the web manager Selecting a security profile Connecting third-party IPDUs Connecting PDUsTo use the default IP address to access the web manager To daisy-chain PDUs to the console server To log into the web manager Using the Web ManagerFeatures of Regular User Forms Form area Port access requirements ConnectConnect to the console server Connect to serial ports Connection protocols for serial ports Ipdu Power Management Outlets Manager Outlets Group Ctrl View Ipdu infoBulb Padlock PDU Power Factor Form Heading Description Example To change your password Common Features of Administrator Forms Administrator Web Manager Buttons Button name Use Try changes Click the try changes button Logging Into the Web Manager Overview of Administrative ModesWizard mode Expert mode Example of Web Manager Form in Wizard Mode Example of Web Manager Form in Expert Mode Cyclades ACS 5000 Installation/Administration/User Guide Default security profile Security ProfilePre-defined security profiles Custom security profile Http Serial port settings and security profiles To select or configure a security profile Port Profile Network SettingsTo configure the network settings Port Profile Setup Options Parameter Options Parameter Options AccessTo set parameters for all serial ports To add a user To delete a user To change a passwordData Buffering Wizard Data Buffering Field Names and Definitions Field name To configure data buffering System Log To add a syslog server To delete a syslog server Cyclades ACS 5000 Installation/Administration/User Guide Configuring the Console Server in Expert Mode Overview of menus and forms Expert Mode Screen Elements Number Description Connecting to the console server Connecting to devices connected to the serial portsApplications Menu and Forms Connect To connect to a device through a serial port Ipdu Power ManagementApplications Ipdu Power Mgmt Outlets Manager Expert Outlets Manager Icons Description ButtonPurpose OFF Third-party Ipdu information displayed To view status, lock, unlock, rename or cycle power outletsAvocent PM PDU information displayed Expert Ouatlet Groups Ctrl Information Form Heading Applications Ipdu Power Mgmt. Outlets Group CtrlApplications Ipdu Power Mgmt. View IPDUs Info PM20i/30A Applications Ipdu Power Mgmt. Configuration To view and reset Ipdu information Ipdu Power Mgmt Configuration Description Shown Element Type Applications Ipdu Power Mgmt. Software Upgrade To upgrade software on a Cyclades PM Ipdu ExpertTo upgrade software on non-Cyclades IPDUs To download Cyclades Ipdu software Expert Applications PMD Configuration Applications PMD Configuration- GeneralApplications PMD Configuration- Outlet Groups To upgrade software on a Avocent PM PDU Applications PMD Configuration Users Management To configure an outlet groupTo authorize a user for Ipdu power management To delete an outlet group Outlet entry conventions Prefix Group Expert Applications Terminal Profile Menu To create a menu for a local server terminal Click apply changes Host Settings Expert Network Menu Descriptions Menu Selection General host settings DNS ServiceDisabling and enabling IPv4 or IPv6 protocols Disabling IPv4 IPv4 settings Disabling/Enabling IPv6 IPv6 settings IPv6 Ethernet interfaces IPv6 serial interfacesIPv6 PPP interfaces Other interfaces To configure host settings Expert from the General form To configure IPv4 protocol To configure IPv6 protocol Syslog VPN Connections MYCOMPANYDOMAIN-VPN To configure VPN Click on apply changes Description To configure Snmp Example, 193.168.44.0/24 Firewall Configuration Edit button Delete buttonAdd button Edit Rules button Inverted checkboxes Target pull-down menu optionsSource or destination IP and mask Protocol Numeric protocol fields TCP protocol fieldsUDP protocol fields Expert TCP Options Fields Field/Menu Option LOG target Icmp protocol fieldsInput interface, output interface and fragments Firewall configuration procedures Reject targetTo add a chain To edit a chain To add a rule To edit a rule To define the console server’s IP address and hostname Host TableStatic Routes To configure static routes Expert Field or Menu Name Definition Cyclades ACS 5000 Installation/Administration/User Guide Security Menu and Forms Users and Groups Adding a User Adding a GroupTo delete a user or group Expert Add User Dialog Field Names and Definitions To change a user’s password Active Ports SessionsTo add a group To modify a group To view, kill or refresh active user sessions TTY Configuring authentication for console server logins To configure the console servers login authentication method To configure a TACACS+ authentication server To configure a Radius authentication serverGroup authorization on Radius Group authorization on TACACS+ To configure an Ldap authentication server To configure a Kerberos authentication server To configure Ldap authenticationGroup Authorization on Ldap Go to Security Authentication Kerberos in Expert mode To configure a NIS authentication server Security Profiles Custom security profile Serial port settings and security profiles Security certificates Certificate for Http security User configured digital certificate Certificate on ssh To enable or disable serial ports Physical Ports103 To select one or more serial ports Connection profiles Console Access Server CAS profile connection protocolsGeneral form Ports Menu and Forms Terminal Server TS profile connection protocols Bidirectional Telnet protocol Modem and power management connection protocols Connection Protocols for Modems or IPDUs Protocol Name Cyclades ACS 5000 Installation/Administration/User Guide Click apply changes To configure a power management protocol for an Ipdu To associate an alias to a serial port Access Form Menu and Fields FieldDescription AccessTo configure user access to serial ports Authentication methods and fallback mechanism To configure a serial port login authentication method Data Buffering Mode Local Destination Data Buffering Form Fields Field Name Definition To configure data buffering for serial ports Field Name Definition Multi User Expert Multi User Form Fields Field Name Definition Power Management Expert Power Management Form Fields Field Name To configure a serial port for Ipdu power management To configure a serial port for Ipmi power management Other 10 Other Form Fields Field Name Definition TCP Port To configure terminal server connection options Virtual Ports 11 New/Modify Port Dialog Box Fields Field Name Definition To cluster console servers or modify cluster configuration To assign names to slave ports in the cluster Ports Status Ports Statistics Expert Ports Hostname Discovery 14 Expert Ports Hostname Discovery Fields Cyclades ACS 5000 Installation/Administration/User Guide System Information Form InformationParameters System Information129 Information Parameters NotificationsTo view system information Email Notifications Dialog Box Fields Field Name Definition Email Notifications EntryNotifications Form Fields Field Name Definition Pager notifications entry Snmp trap notifications entry Untitled dropdown field Cold Start Serial ports alarm notification To configure a trigger for serial port alarm notificationTime/Date To set the time and date manually To configure time and date using an NTP server Setting up a customized timezone configurationTo create a custom timezone selection To use the custom option to set daylight savings time Boot Configuration Boot Configuration Form Fields Field Name Definition To configure the console server boot Select Flash or Network from the Unit boot from menu Backup Configuration Go to Administration Backup Config in Expert mode Upgrade Firmware To upgrade the console server firmware Online Help RebootTo reboot the console server To configure the local online help path Environmental Appendix a Technical Specifications143 Hardware Temperature Elevated operating ambient temperatureTemperatur Erhöhte Umgebungstemperatur im betrieb Safety precautions for operating the console server Mechanical loadingSicherer mechanischer Aufbau Circuit overloading Appendices Electrostatic Discharge ESD Precautions Working inside the console server Replacing the battery Austausch der Batterie Remplacement de la batterieArbeiten am Cyclades ACS Vorsichtsmassnahmen gegen Elektrostatische Entladung ESD Canadian DOC notice BaterìaFCC warning statement To resolve an issue Appendix C Technical Support Cyclades ACS 5000 Installation/Administration/User Guide For Technical Support