Carrier Access MSR/Adit 3K GUI Outbound Firewall Processing

4-40 Adit 3000 (Rel. 1.6) and MSR Card (Rel 2.0) GUI

Security

Firewall Implementation

Outbound Firewall Processing

The following table describes the sequence of examination of packets departing from the interface.

This firewall processing is applied after the IP stack and before passing the outbound packet down

to the layer 2 driver. If the action for matching packets at a particular step is described as PASS, no

further firewall examination is applied and the packet is passed down to the driver. If the action is

described as DROP, the packet is dropped and not passed down to the driver. Packets that do not

match the criteria at that step continue processing at the next step. Packets that are passed by the

firewall and require NAPT translation are translated before passing the packet down to the driver.

Step Test Action

1Insecure IP options: loose source route, strict source route, record route, time

stamp, or invalid IP option

DROP

2Invalid IP fragments DROP

3Match existing sessions: this matches ongoing sessions and applies NAPT

where appropriate.

PASS

4Packets generated by the firewall itself; e.g. TCP RST packets. PASS

5User configured Advanced Filtering/Output Rule Sets/Initial Rules as per filter

6User configured Advanced Filtering/Output Rule Sets/Interface Specific Rules as per filter

10 SIP and RTP local ports PASS

11 User configured Access Control (based on source) DROP

12 User configured IP/Hostname Filtering (based on destination) DROP

13 TCP Auth requests (TCP source port 113) PASS

14 Packet between DMZ interface and WAN interface PASS

15 User configured Advanced Filtering/Output Rule Sets/Final Rules as per filter

last Take default action based on user configured General Security Policy:

Maximum Security DROP

Typical Security PASS

Minimum Security PASS

Contents

Main Page P Safety Information CAUTION! NOTE: Preface Notices DANGER! CAUTION! WARNING! NOTE: TABLE OF CONTENTS Preface 1 2 Page 3 4 5 6 Glossary Index Web Based Management Overview of Supported Products Adit 3104 IP Business Gateway Adit 3200 Business Router Adit 3500 Trunk Gateway Multi-Service Router (MSR) Card (for the Adit 600 Platform) Accessing the GUI NOTE: Page Navigation Pane Icons Action Icons (for Managing Lists) Home Network Map LAN WAN Host Information Window Page Quick Setup Web Based Management Internet Connection Connection Type Page Page Page Page NOTE: Page Page Page Network Connections Page Security Web Based Management Voice over IP NOTE: WARNING! Page Page Page Page Page Advanced Page ARP Certificates Digital Certificates X.509 Certificate Format Obtaining and Loading an X.509 Certificate Page Page Page Page Page Page Page Setting the Date and Time Page Page Page DNS Static Entries Viewing the DNS Table Page Modifying an Entry in the DNS Table Dynamic DNS Using Dynamic DNS 1. Select Advanced/ Dynamic DNS. 2. Specify the Dynamic DNS operating parameters: 3. Select Apply or OK to save the configuration. Advanced IP Address Distribution (DHCP) Summary of Services NOTE: Editing DHCP Server Settings Page Page Page IPSec (IP Security) General IPSec Settings Key Management Log Settings Page Page Network Objects Page Page RADIUS Client Configuring RADIUS Remote Administration Page Restore Defaults Restoring Default Settings Routing Static Routing Page Page Page Page Page Page OSPF Field Definitions When the Open Shortest Past First (OSPF) option is enabled, the window displays additional fields: Page Page Page Scheduler Rules Page Page Simple Network Management Protocol Configuring the Adits SNMP Agent Page Page Page Page Defining an Outgoing Mail Server Technical Information Page Advanced Configuration File WARNING! Upgrade From a Local Computer Upgrading the Software Page Adding a User Page Configuring E-mail Notification for Users VLAN Configuration Page Page Page Page Page Network Connections Adit 3000 Connections Adit MSR Connections Page Preconfigured Connections Ethernet 1 Configuring Ethernet 1 Internet Protocol DNS Static Entries Network Connections NOTE: IP Address Distribution Routing Internet Connection Configuring DHCP Options Page Configuring Ethernet 2 Network Connections NOTE: IP Address Distribution Additional IP Addresses Routing Serial 1 (Adit 3000 Only) T1 1 - T1 4 (Adit 3000 Only) Configuring a T1 (1-4) T1 Configuration Network Connections Log Button See, System Monitoring/T1 Log (Adit 3000 Only) on page 5-7. Performance Button See, System Monitoring/T1 Performance (Adit 3000 Only) on page 5-10. Connections that Require Configuration Multilink Page The following are field definitions for the Configure Multilink 1 window: PPP PPP Authentication PPP Encryption NOTE: Serial (PPPoDS0) Page The following are field definitions for the Configure Serial 1 window: PPP - PPP Authentication PPP Encryption Internet Protocol DNS Static Entries Routing Internet Connection Additional IP Addresses Page Page New Connection Page Network Connections Point-to-Point Protocol over DS0 (Serial) NOTE: Page Page Multilink Point-to-Point Protocol over DS0 (Multilink) NOTE: Page Point-to-Point Tunneling Protocol (PPTP) Point-to-Point Tunneling Protocol Server (PPTP Server) Page Layer Two Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) Page OSPF Configuration on the Network Connection NOTE: Page 4. Set the OSPF interface parameters as needed: Page Page Security Page Page General Security NOTE: Security Levels Access Control Page NOTE: Modifying an Access Control Rule Page 4. Configure the Service port protocol: Page Local Servers NOTE: Adding a Local Server Security NOTE: Modifying a Local Server Security DMZ Host WARNING! Page Port Triggering Page Page Page Security Remote Administration WARNING! Configuring Remote Administration Page Adding an Address/Hostname to the Restricted List Page Advanced Filtering Input and Output Rule Sets Page Page Page Page Security NAT Bypass Adding/Modifying a NAT Bypass Rule NOTE: Security Log The following are the events and event types that are automatically recorded in the Security Log: Page Security Log Settings Security Firewall Implementation Network Connection Configuration Network Type LAN WAN Routing Mode NAPT Route Internet Connection Firewall Security Firewall Processing Sequence Inbound Firewall Processing Outbound Firewall Processing System Monitoring Page Page Page Page Page Page System Monitoring SIP Log The SIP Log displays all SIP related alarms and events. System Monitoring PRI Log The PRI Log displays all PRI related alarms and events. Page Page Page Voice Over IP WARNING! Page Dialing Parameters Digit Map FXS Digit Map Gateway IP Address VoIP Signaling Protocol UDP - User Datagram Protocol. Proxy Servers Codecs Configuring the Digit Map Page Digit Map Pattern Page Page Page Page Page Phone Settings Page Page Identification Packet Processing None - A Modem call would be treated as a normal voice call. Bypass - Causes the line to transmit in G.711 mode, with echo Static - Maintain a static average delay, through the jitter buffer. Page Page Page Phone Book Destination Page Page The following table defines the fields displayed in the Line Monitoring window: Page Page Page Identification Packet Processing more voice channels. Voice Processing Calling Features Digit Map New Entry - See Call Destination window below. Page Page Page Page The following table defines the fields displayed in the Trunk Monitoring window: Voice over IP Trunk Registration NOTE: The Trunk Registration tab displays all configured PBX phone lines. Page Page Page G Page Page Page Page Page Page Page Page Page Page Page Page Page I