Manuals / Carrier Access / Computer Equipment / Network Router

Carrier Access CMG Router user manual Firewall Filters Fields, Rule Number, Action Pass/Drop

Models: CMG Router

1 296

Download 296 pages 50.58 Kb

Page 162

Profile Directory:Remote Profile

Firewall Filters

Firewall Filters Fields

Rule Number

The rule number defines the order in which the rules are applied. Once there is two or more rules created, the rule number can be changed to put them in the desired order. The Last! rule displayed, is automatically set after the first rule is defined, and states that the Adit should drop any service (incoming or outgoing) which has not been addressed in the proceeding rules.

Action: (Pass/Drop)

This column indicates the service(s) that will <Pass> or <Drop> from the local network to the remote network and vice versa. On the Firewall Filters window the following indicated Pass/ Drop:

! in this column = Drop

Blank column = Pass

Typically, rules are established with the Pass action, since the last rule (which is automatically defined by the software) Drops all services not expressly permitted by the previous rule(s). For example, if you wish to deny all transmissions except Telnet, you would create a rule indicating that Telnet has the Pass action. The Adit software would create the last rule that states the unit should Drop all other services.

Since any service that is not expressly permitted to pass will be prohibited, it is important that you thoroughly understand the security policies of your WAN before attempting to create a firewall. We suggest that only experienced Network Administrators create and maintain firewall filters. Incorrectly defined filters may compromise the security and functionality of your WAN.

5-30	CMG Router - Release 2.7

Image 162

Carrier Access CMG Router user manual Firewall Filters Fields, Rule Number, Action Pass/Drop

Contents

CMG Router Supporting Software Version Warranty Warranty ProcedurePreface Limitation of Warranty & Limitation of Remedies Warranty Product Returns Vii Viii CMG Router Release Table of Contents Management Window Profile DirectoryRouter Card ProfileProfile DirectoryLocal Profile Profile DirectoryRemote ProfileStatistics Window Basic ConfigurationVerification Window System Reports WindowRouter Configuration Exit WindowUser Events Troubleshooting Protocol TypesGlossary Index Chapter Install Country Specific Ringer Tones InstallationInstall a Router Card OverviewManeuvering in the System Select Field FieldsScroll Field Edit FieldHelp Bar Connecting to the Router Establish a Telnet SessionSet a New Password Introduction Management Window Management Overview System Time/Login System Date and Time Level Config allows the user to view and change all screensUsers, as well as change all three passwords LevelConfig Password Auto-Logout TimerView Password Admin PasswordEnhanced Security When Telneting into the Router the following will appear Upload/Download To Setup the Router for Uploads/Downloads Management Window Upload/Download Setup Menu Fields Reboot After Load CodeConfig Upload/Download Load Defaults Software Images Choices Management Window Profile DirectoryRouter Card Profile Configuration Main MenuSelect Router Card Setup and select Enter RIP Mode Receive RIP Mode SendSelection is RIP1, RIP2, or RIP1/RIP2 Trunk WAN Trunk Setup Menu Fields WAN Link #WAN Connection Data Speed WAN Connection TypeMultilink Group Voice BW Limit %Select Security Configure and select Enter SecurityProtocol CHAP, PAP or None Security Setup Menu FieldsAuthentication by Remote User IDLocal Security Server Authentication of RemotePassword TypeSnmp SYS Contact Snmp Setup Menu FieldsSYS Name SYS LocationAccess Snmp Trap Destinations Location Select DNS Proxy Configure and select Enter DNS ProxyDNS Server DNS Proxy Setup Menu FieldsDomain Name SiteSelect Spanning Tree Protocol Configure and select Enter Spanning Tree ProtocolBridge Max Age Bridge Forward DelayBridge Hello Time Bridge PrioritySelect Network Time Protocol Configure and select Enter Network Time ProtocolSPACEBAR, select Enter Network Time Protocol Setup Menu Fields SysLog Facility SysLog Setup Menu FieldsSys Log LevelSelect DNS Resolver Configure and select Enter DNS ResolverMy Domain Name DNS Resolver Cache ContentsDNS Resolver My Node NameStatic Host List View or Modify Quality of Service Select Quality of Service Configure and select EnterQuality of Service Menu Fields Routed Voice PriorityTOS Mgcp Mgcp Setup Menu Fields Mgcp Interoperability Settings Mgcp Interoperability Menu Fields Quarantine Notification Handling Mgcp Keep-Alive TimeoutMgcp Type of Service Quarantine Event HandlingVoice Algorithm Names Algorithm Definition Voice Algorithm Name FieldsAlgorithm ID Algorithm AliasVoIP VoIP Setup Fields Call Detail RecordVoice Algorithm Settings T38 FaxVoice Algorithm Settings VoIP Algorithm FieldsSelect Voice Channels Configure and select Enter Voice ChannelsVoIP Setup Fields Profile DirectoryRouter Card Profile Signaling Type Repeat Count RFC2833 Options SignalsPayload Type Repeat IntervalSelect Dial Plan Configure and select Enter Dial PlanDial Plan Menu Fields Short Inter DigitLong Inter Digit Profile DirectoryLocal Profile Main Menu Profile Directory window Local Profile window LAN Local Profile Setup To Setup a Local Profile LAN Network Updates Local Profile Setup Menu FieldsProfile Setup for LocalUnit ProtocolLAN Default Router IP AddressSubnet Mask Setup Static Networks Profile DirectoryLocal Profile To Setup Static Networks Select Configuration Profile Directory from the Main menu,Select LAN Setup and Enter Static Networks Fields NetworkTicks MetricHops Next GatewayStatic Addresses Static MAC Address Setup Device Name Setup StaticStatic Addresses Fields MAC AddressTo Define and Enable Filters FiltersSelect Define Filter Custom Select LAN Setup -and select Enter Define Filter Forward ModeFilters Fields Filter TypeSource/Destination Filter NameDefining Custom Filters Select Define Filter Custom and EnterDefining Protocol Filters Defining Address Filters Advertise Network/Server Advertise Network Server Window Setup Advertise Network/Server FieldsSelected Items IPX Server Advertising Advertise Network/Server IPX Server Fields TypeName Dhcp Server/Client/Relay Dhcp Start IP Address Dhcp Mode ServerDomain Name NumberDomain Name Servers NetBIOS over TCP/IPLease Duration Option Type ValueDhcp Mode Relay Forward DHCP/TOOTP Requests toSet Tx Packets Broadcast Bit Dhcp Mode ClientAutomatic DNS RequestLAN Collision Threshold Collision Threshold Provisioning LAN Collision Threshold Fields To Configure Spanning Tree Spanning TreeSelect Setup Spanning Tree and select Enter Spanning Tree Fields Port PriorityPort Cost Secondary IP Address To Add a Secondary IP AddressSecondary IP Address Fields Link Speed To Set the Link SpeedLink Speed Fields Profile DirectoryLocal Profile Profile DirectoryRemote Profile LocalUnit LAN Setup Profile DirectoryRemote ProfileRemote Profile window Remote WAN Profile Profile Setup for RemoteUnit Transmission Options ModeProtocol Route Blocked Bridge Optimize WAN Network Updates GRE TunnelEnabled with GRE Tunnel Disabled Enabled with GRE Tunnel By NetworkNAT Gateway Remote IP Tunnel Address Enabled with GRE Tunnel AllTunnel Name Encryption AlgorithmDefault Router NumberedSetup bottom of the Remote main window Security/Options Following Security/Options setup window will display Compression Security/Options FieldsSecurity Server Typical DataStatic/VPN Networks Profile DirectoryRemote Profile Select WAN Setup -on the RemoteUnit line and press Enter GRE Tunnel VPN FeaturesStatic/VPN Networks Fields EncryptTunnel data ? Encryption Algorithm not supported in this releaseStatic NAT Addresses Local IP Address NAT IP AddressNAT Bypass Subnets Press Ctrl a to add a NAT Bypass Static Addresses Static Addresses Window MAC Address Static Addresses Window IP Address Symbol Description Firewall FiltersTo Add a Firewall Filter Select Ctrl a to add an IP Firewall Rule Firewall Filters Fields Rule NumberAction Pass/Drop Service Service EstablishmentName Description Packets which match this rule Local IP Address/NetworkRemote IP Address/Network Significant BitsFilter Network/Server Filter Network /Server Filter Network/Server Fields Selected Items Filter/LearnNetwork Filter LearnTo Configure Spanning Tree Select Setup Spanning Tree and select Enter Port Priority Trunk Port WAN Connection Type PPP in Frame Relay, or Frame Relay ML QOS InterleavingML Fragment Threshold Basic Configuration Start Basic Configuration Select Yes to enter the setup program and select Enter Router Identification FieldsRIP mode to send to remotes Directions for LAN Network UpdatesRIP mode to be received from remotes Protocol remotes will use to authenticate local LocalUnitAuthentication User ID Protocol LocalUnit will use to authenticate all remotesChange the PAP Secret LocalUnit will send? WAN Interface Connections Port NumberSet Poll Interval For Frame Relay, Set Option for PVC ManagementLink Quality Monitoring Sensitivity Set Poll CounterRemote Adit Profile Profile NameOther Connection Select WAN Port NumberSubnet Mask WAN Connection TypeSnmp Configuration Snmp CommunitiesStatistics Averaging Interval Setup Complete Verification Window Ping Utility Dst Host Access PortLAN Port Tests Fields Src IP AddressResponse Window Fields Single PingContinuous Ping Timeout Count Result or Last ResultResponse Count Trace Route Src Port Trace Route Utility Start TracertDstHost SrcIP PortSize TimeoutMethod IP TosPort Monitor Trap On Port NameStart Monitor Number of bytes to display for each packetVerification Window Verification Window Statistics Window Run-Time Clear Totals Auto-UpdateRun-Time Fields Press ENTER. The Run-time Statistics window will displayWAN Packet Totals ErrorsLAN Packet Totals ReceivedThroughput to/from WAN Remote’s NameForwarded to WAN Comp. Ratio to/from WANVoIP Channel View Call Agent VoIP Channel View FieldsSlot Endpoint PrefixRsip Status Field ValueMeaning Type MeaningPriority Queue Priority Fields Priority Queue FieldsClear All Priority Traffic TypeStatistics Window System Reports Window Events To View the Event LogMessage Events FieldsTime CountAlarms Alarms Fields Networks/Servers Learned From Networks/Servers FieldsDisplay Press ENTER. The Networks/Servers listing will displayFrame Type Address Tables Address Tables Fields Flush Learned EntriesDisplays the information, listing by Port System Reports Window Exit Window Logout Reinitialize 10-4 Router Configuration Basic Setup Command DescriptionBasic VoIP Setup OverviewSet the controller to use CLI commands Command Description Fax and Modem Setup Following will configure the Fax and ModemCMG Router Release 11-7 Select Voip Configure -and select Enter Tab to Voice Algorithm Settings and select Enter 11-10 CMG Router Release 11-11 Card Maximum # of Channels configured for T.38 Reserved CMG Router Release 11-13 PPP Internet Connection and Public IP Address Routing Router in SlotCMG Router Release 11-15 Back-to-Back with PPP Boulder Router in SlotDenver Router in Slot Back-to-Back with Multi-Link PPP CMG Router Release 11-19 Back-to-Back with Frame Relay CMG Router Release 11-21 11-22 Appendix a User Events DescriptionAuthenticate Events Triggered Events Alarms User Events Appendix B Protocol Number in Firewall Filters Number Keyword Protocol ReferenceLEAF-2 Tlsp Reference SRP Ethernet Protocol Types HEXAT&T 8047 Protocol Types Protocol Types KTI Appendix C Communication Related Issues LAN Related IssuesExcessive Triggered Update Events on the Events screen LAN Related Issues Unable to access the Local LAN Router unit via Telnet Unable to access a remote unit via TelnetDiagnostics and Performance Tools Verification Ping UtilityStatistics Run-TimeSystem Reports EventsIdentify Alarm State DescriptionDisplay Alarms Clear Alarm Troubleshooting Bandwidth AlgorithmAnnex D BitChallenge Handshake Authorization Protocol Chap Command LineBridge Frame EthernetFirewall Frame relayProtocol IP HostInternet Local Area Network LANLoopback Media Access Control MAC Mbps Multilink PPPPing Protocol Point-to-Point Protocol PPPQoS Rsip Spanning Tree ProtocolTelnet Trace Route Trunk Voice over IP VoIPIndex Index CMG Router Release Index Snap RIP IPX Index SYS Index Index