139, Policy, Protocols | Compatible Systems 5.4 manual

Chapter 8 - IntraGuard Firewall Configuration	139

Security Policy Protocol Setting Dialog Box

Security Policy Protocol Setting Dialog Box

To change the individual protocol settings, select a protocol in the Security Policies: Firewall Path Dialog Box and then click the Modify... button. The Security Policy Dialog Box will appear in the Main Window.

ϖNote: Changing the Current Security Policy will override any individually made protocol settings.

Policy

This pull-down menu allows you to set how the selected protocol’s packets will be handled on the path.

•In means that a protocol will be allowed through to the inside interface(s) of a path.

•Out means that a protocol will be allowed through to the outside inter- face(s) of a path.

•None means that a protocol will be allowed neither in nor out.

•Both means that a protocol will be allowed both in and out.

Protocols

•BGPUse defines how BGP (Border Gateway Protocol) packets will be handled on the path. BGP is the routing protocol between Internet back- bone routers.

•BSDUse defines how BSD packets will be handled on the path. BSD is the UC Berkeley remote execution and terminal session protocol. RSH, RCP, RLogin, and RExec are the protocols supported.

•CompatiViewUse defines how CompatiView packets will be handled on the path. CompatiView is Compatible System’s GUI manager. This option also defines handling for earlier versions of STAMP, Compatible System’s tunnel authentication protocol.

Image 145

Compatible Systems 5.4 manual Security Policy Protocol Setting Dialog Box, 139, Protocols

Contents

CompatiView 5.4 Reference Guide Page Table of Contents Iii Installation and Overview VPN Ports and LAN-to-LAN Tunnels Table of Contents TCP/IP Filtering 183 Ospf CompatiView Quickstart Installation and Overview About this Manual CompatiView Installation NotesSystem Requirements for Windows Selecting IP or IPX Operation with Windows CompatiView’s Menus and Main Windows Device View Device View and the Main Window Right-Clicking in the Device View Open Config File New ConfigFile Menu Open Device Save / Restart Options Download Config to Device Dialog Box Subinterface Save To FileVPN Port Firewall Path Database Menu Database Options Dialog Box OptionsGeneral Tab Save/Restart Tab Confirmations Tab Advanced Tab Control Menu Tftp Download Download SoftwareRestart Device Statistics Menu Output WindowCompatiView Output Window WAN State EthernetSerial Statistics PPP Statistics IP Route Table Ospf ConfigurationIP Routing IPX Route Table Command Line Edit Box View menu Moving and Customizing the WindowsCustomize Window Menu CommandsCustomize Window View Dialog Box ToolbarsPage TCP/IP Routing Ethernet Dialog Box TCP/IP Routing Ethernet Configuration Dialog BoxIP Routing & Bridging IP Routing/Bridging/Off Network IP Subnet Mask IP AddressNetwork IP Broadcast Address Routing Protocol Output RIP Input RIP RIP Split Horizon Ospf IP Routing & Bridging Directed Broadcast TCP/IP Routing WAN Configuration Dialog Box TCP/IP Routing WAN Configuration Dialog Box Numbered Interface Network IP Broadcast Address Update Method RIP Split Horizon IP Routing & Bridging Options TCP/IP Routing VPN Configuration Dialog Box IP Routing/IP Bridging/IP Off IP Address Routing Protocol Update Method Ospf Bridge Logical Diagram TCP/IP Routing Bridge Configuration Dialog Box IP Routing/Off TCP/IP Routing Bridge 0 Configuration Dialog Box Network IP Subnet Mask IP Routing & Bridging Ospf IP Subinterface Dialog Box IP Connection Dialog Box IP Connection Dialog BoxIP On/IP Off IP Address IP Static Routing Dialog Box Mask DestinationGateway Redistribute via Metric Ethernet or Bridge TCP/IP Options Dialog Box Ethernet IP Options Bridge IP OptionsIP Proxy ARP UDP Forwarding Agents Dialog Box UDP Forwarding Agents Relays Server IP Address WAN IP OptionsUDP Ports/Protocols WAN IP Options Dialog Box Van Jacobson Header Compression Send IP Address Configure Request TCP/IP Routing Options RIP V2 PasswordIP Multiprotocol Precedence Dialog Box Protocol Precedence IP Route Redistribution Ospf Route Aggregation IP Route Redistribution Dialog BoxRIP to Ospf Ospf to RIP Default into OspfBGP to Ospf BGP to RIP IP Routing & Bridging IPX Routing Ethernet Configuration Dialog Box IPX Routing Ethernet Configuration Dialog BoxIPX Ethernet Frame Types IPX Routing & Bridging Seed Status per Frame Type IPX Routing/Bridging/Off SAP Update Timer RIP Update TimerNetwork Number per Frame Type Block IPX Type 20 Output Packets IPX Routing WAN Configuration Dialog Box IPX Routing WAN Configuration Dialog Box Network Number Optional Remote Node Network Number IPX Routing & Bridging Use Ethernet Port as End-Node Proxy IPX Routing VPN Configuration Dialog Box IPX Routing VPN Configuration Dialog Box IPX Routing/Bridging/Off RIP Update Timer IPX Routing Bridge Configuration Dialog Box IPX Frame Types IPX Routing Bridge 0 Configuration Dialog Box IPX Routing/Off Network Number per Frame Type AppleTalk Phase 1 Configuration AppleTalk Routing Ethernet Configuration Dialog BoxAppleTalk Routing Ethernet Configuration Dialog Box AppleTalk Routing & Bridging Phase 1 Seed Status Phase 1 Routing/Bridging/Off Phase 1 Zone Phase 1 Net #Phase 1 Node NBP Lookup Filters Filtering Phase 2 Routing/Bridging/Off AppleTalk Phase 2 ConfigurationPhase 2 Seed Status Phase 2 Zones Phase 2 Net # RangePhase 2 Default Zone Phase 2 Node AppleTalk Routing WAN Configuration Dialog Box AppleTalk Routing WAN Configuration Dialog Box AppleTalk Routing & Bridging AppleTalk On/Bridging/Off Node ZoneOptional Remote End-Node Network Number AppleTalk Routing VPN Configuration Dialog Box AppleTalk Routing VPN Configuration Dialog BoxOptional Remote End-Node Node Number Optional Remote End-Node Proxy AppleTalk On/Bridging/Off AppleTalk Zone AppleTalk Routing Bridge Configuration Dialog Box AppleTalk Routing Bridge 0 Configuration Dialog Box Phase 1 Routing/Off AppleTalk Routing & Bridging Phase 1 Net # Phase 2 Routing/Off Phase 2 Zones NBP Filtering NBP Filtering Configuration Dialog BoxNetwork Filters Zone Filters Phase 2 Aarp Probe Time AppleTalk Options Configuration Dialog Box Main DECnet Routing Configuration Dialog Box Main DECnet Routing Configuration Dialog BoxDECnet Routing & Bridging DECnet On Routing Timer Hello TimerArea DECnet Routing & Bridging Max Addresses DECnet Ethernet Configuration Dialog Box DECnet Routing/Bridging/Off DECnet Ethernet Configuration Dialog Box DECnet WAN Configuration Dialog Box DECnet WAN Configuration Dialog BoxDECnet On/Bridging/Off Hello Timer Add VPN Port Dialog Box Add VPN Port Dialog Box VPN Ports and LAN-to-LAN Tunnels Tunnel Partner VPN Configuration Dialog BoxPartner Address Bind To Interface IKE Key Management Dialog Box IKE Key ManagementKey Manage Transform Shared KeyPerfect Forward Secrecy Authentication IKE Configuration Dialog Box101 Encryption Authentication Method Enable AuthenticationAuthentication Secret Manual Key Management Enable Encryption Interoperability Settings Dialog Box103 Encryption Method Interoperability Settings Dialog Box Local and Peer SettingsMode Peer / Access Local / Access105 Local / Protocol Peer / Port 107 108 VPN Group Configuration Dialog Box and General Tab VPN Group Configuration Dialog BoxVPN Client Tunnels 109 VPN Group Configuration General Tab SLA Enable Client VPN Client Tunnels 111 Inactivity TimeoutMinimumVersion Exclude Local LAN VPN Group Configuration IKE Configuration Tab VPN Group Configuration IKE Configuration Tab Save Secrets VPN Client Tunnels 113 VPN Group Configuration Manual Tab VPN Group Configuration Manual Tab VPN Group Configuration IP Connection Tab VPN Group Configuration IP Connection TabVPN Client Tunnels 115 Start IP Address Assign IP Radius Local IP Net Add VPN Client Tunnels 117 Allow Connections ToAdd IP Address Dialog Box Edit VPN Config IP Filters Tab VPN Group Configuration IP Filters TabInput Filters Output Filters VPN Config IPX Connection Tab VPN Group Configuration IPX Connection TabVPN Client Tunnels 119 Local IPX Net VPN Group Configuration IPX Filters Tab VPN Group Configuration IPX Filters TabAssign IPX Radius VPN Group Configuration Rollover Tab VPN Group Configuration Rollover TabVPN Client Tunnels 121 Input Filters Alternate IntraPort Addresses VPN Group Configuration SecurID Tab VPN Group Configuration SecurID TabSecurID Required SecurID User Name VPN Group Configuration DNS Redirection Tab VPN Group Configuration Wins Tab VPN Group Configuration Wins Redirection TabAdd Local Domain Dialog Box Local Domain Name VPN User Configuration Dialog Box VPN User Configuration Dialog BoxVPN Client Tunnels 125 VPN User Dialog Box STEP/STAMP Authentication SecretName VPN Group VPN Client Tunnels 127 STEP/STAMP Encryption Secret IKE PolicyIKE Policy Global Dialog Box IPSec Gateway Dialog Box IPSec Gateway Configuration Dialog BoxIPSec Gateway VPN Client Tunnels 129 130 131 IntraGuard Firewall Configuration IntraGuard Firewall Configuration Settings FirewallPath Dialog BoxInterfaces Inside/Outside ‘AND’ Filters 133‘OR’ Filters ResetRedirects Advanced Settings Firewall Path Dialog BoxSendTCPReset Advanced Options 135 SendICMPResetSynRejectOnly ICMPtoTCPsession Current Security Policy Security Policies Firewall Path Dialog Box 137 Security Policies at a Glance Security Policy Protocol Setting Dialog Box Security Policy Protocol Setting Dialog Box139 Policy 140 141 Port/Protocol Allow Ports/Protocols Dialog BoxPort/Protocol Number 143 Firewall Logging Dialog BoxFirewall Logging Dialog Box TCP Timeouts IP TimeoutsTCP Resets Rejects 145 Icmp ResetsRedirects General Firewall Settings Dialog Box Firewall Settings Dialog BoxSYN Timer FIN Timer UDPTimeout TCPTimeoutHalfShutTimer DynamicTimerPage Bridging 149 Global Bridging Configuration Dialog Box Bridge On BridgingLearning/IEEE Spanning Tree Table Size Bridging 151 Aging Time Fwd Delay Spanning TreePriority Spanning Tree Max Age Spanning Tree Interface Configuration Dialog Box Priority Bridging 153 Bridging OnPath Cost Spanning Tree Exclude Non-Routed Protocols Link Configuration WAN Dialog Box Link Configuration WAN Dialog BoxWAN Link Protocols 155 WAN On Link Type WAN Link ProtocolsFailover Type Timers Backup PortWAN Link Protocols 157 Allow Dial Out Always Keep Link Up Allow DialDrop Link If Inactive For Dialing Method Dial-Out / Connect Script WAN Link Protocols 159Dial-back Script Script Timeout Retry Delay SettingDialing Retries / Connect Retries Backup Enable Timer Failover Timers Configuration Dialog BoxBackup Disable Timer Backup Init Timer Frame Relay Configuration Dialog Box Frame Relay Configuration Dialog BoxMaintenance Protocol Home Dlci WAN Link Protocols 163 Polling Frequency Dlci Database Dialog Box Dlci Database Configuration Dialog Box Dlci Entry Dialog Box Dlci # WAN Link Protocols 165AppleTalk Address Chap Configuration Dialog Box Chap Configuration Dialog BoxIPX Address DECnet Address WAN Link Protocols 167 Request Chap AuthenticationRespond to Chap Challenges PAP Configuration Dialog Box PAP Configuration Dialog BoxSecret WAN Link Protocols 169 Request PAP AuthenticationRespond to PAP Requests Smds Dialog Box PasswordSmds Dialog Box Station Address WAN Link Protocols 171 IP Multicast PPP Options Dialog BoxPPP Options Dialog Box Sequenced Predictor Compression PPP Link Quality Configuration Dialog BoxEcho Packets On LCP Options Configuration Dialog Box LCP Options Configuration Dialog BoxWAN Link Protocols 173 Frequency in Seconds Echo Packets Address/Control Compression Multilink PPP Dialog BoxProtocol Compression WAN Link Protocols 175 EnableMppp Bundle Name Linked Ports MPQual WAN Chat Script Editor Dialog BoxWAN Chat Script Editor Dialog Box Chat Script Editor Dialog Box Buttons & Controls WAN Link Protocols 177Chat Script Rules and Syntax 178 WAN Link Protocols 179 Chat Script Examples To connect to an Internet Service Provider using a modem WAN Link Protocols 181 User Authentication Database Dialog Box Remote Name Password/SecretInterfaces Dial-back Chat TCP/IP Filtering 183 Main TCP/IP Filtering Dialog BoxRoute Filters Button Packet Filters Button TCP/IP Filtering TCP/IP Filter Editor WindowBlock IP Source Routing Log Rejected Source-Routed Packets TCP/IP Route Filter Rules Basic IP Route Filter Rules and Syntax IP Route Filter Rule Modifiers TCP/IP Filtering 187 IP Route Filter Rule Options IP Route Filter Rule Notification TCP/IP Packet Filter RulesIP Route Filter Rule Examples Basic IP Packet Filter Rules and Syntax TCP/IP Filtering 189 IP Packet Filter Rule Operators and Port Names TCP Ports TCP/IP Filtering 191 IP Packet Filter Rule Modifiers Icmp Types UDP TCP/IP Filtering 193 Simple IP Packet Filter Rule Examples IP Packet Filter Rule Notification IP Packet Filter Rule Set Examples TCP/IP Filtering 195 TCP/IP Packet Filtering Bridge Dialog Box Interface TCP/IP Packet Filtering Configuration Dialog Box Main IPX Filtering Dialog Box Main IPX Filtering Configuration Dialog BoxIPX Filtering 197 IPX Route Filters IPX Filtering IPX Filter Editor WindowIPX Filter Editor Window Filter Editor Window Buttons and Controls IPX Filtering 199 IPX Packet Filter RulesBasic IPX Packet Filter Rules and Syntax IPX Packet Filter Options IPX Packet Filter Rule Notification IPX Filtering 201 IPX Packet Filter Rule Examples IPX Route Filter Rules IPX Filtering 203 Basic IPX Route Filter Rules and Syntax IPX Route Filter Rule Modifiers IPX Route Filter Rule Options IPX Filtering 205 IPX SAP Filter RulesIPX Route Filter Rule Notification IPX Route Filter Rule Examples IPX SAP Filter Options Basic IPX SAP Filter Rules and Syntax IPX Filtering 207 IPX SAP Filter Rule Notification IPX SAP Filter Rule ModifiersIPX SAP Filter Rule Examples IPX Filtering 209 Interface IPX Packet Filtering Configuration Dialog Box 210 AppleTalk Filtering 211 Main AppleTalk Filtering Editor WindowMain AppleTalk Filter Editor Window AppleTalk Filtering AppleTalk Packet Filter RulesGeneral Packet Filtering Get Zone List AppleTalk Filtering 213Routing Filters Rtmp Basic AppleTalk Filter Rules and Syntax 214 AppleTalk Filtering 215 AppleTalk Get Zone List Filter Rule Set Examples Simple AppleTalk Packet Filter Rule ExamplesAppleTalk Rtmp Filter Rule Set Examples AppleTalk Filtering 217 Interface AppleTalk Filtering Configuration Dialog BoxInput Rtmp Filters Zone List Filters Output Rtmp FiltersInput Packet Filters Output Packet Filters Physical RS-232 Configuration WAN Dialog Box Physical RS-232 Configuration WAN Dialog BoxGeneral 219 Async/Sync Baud Rate Tx Clock Internal Sync OnlyFlow Control Async Only General 221 Physical T1 WAN Configuration Dialog BoxClock Scheme Framing Fractional T1 EnabledLine Encoding Start Channel & Number of Channels Channel Data Rate General 223 Contiguous Channels or Alternate ChannelsInvert Data PRM Transmit Tx Clock Internal Physical V.35 Configuration WAN Dialog Box General 225 Physical DS3 Configuration WAN Dialog Box System Configuration Dialog Box System Configuration Dialog BoxBandwidth Allocation Enable Password Confirm PasswordConfirm Enable Password General 227 Snmp System Info Configuration Dialog Box Snmp ConfigurationName of Administrator and How to Contact Administrative Name Snmp Enabled Advanced Snmp Configuration Dialog BoxSets Enabled Traps Enabled Snmp Community Strings Configuration Dialog Box Snmp Community Strings Configuration Dialog BoxCommunity String General 231 Access Snmp Traps Configuration Dialog BoxSnmp Traps Dialog Box Host IP Address Domain Name Server Dialog Box Domain Name Server DNS Dialog BoxPrimary DNS Server Secondary DNS Server Search Order Time Server Dialog Box Time Server Configuration Dialog BoxGeneral 233 Add TCP/IP DNS Server Protocol Backup IP AddressOffset from Server Radius Configuration Dialog Box Radius Configuration Dialog BoxGeneral 235 Accounting Authentication PortAccounting Port VPN Real IP Address PAP Authentication Secret VPN AuthenticationGeneral 237 VPN Tunnel Secret VPN Group Info Secondary Server IP Address Use Secret in ChecksumSecondary Server Retries Enable SecurID SecurID Configuration Dialog BoxGeneral 239 Port Timeout Backup Server NAT Configuration Dialog Box New Button Modify Button NAT Configuration Dialog BoxGeneral 241 External Range Internal RangePassThru Range Addresses UDP Timeout General 243 TCP TimeoutTCP Syn Timeout TCP Fin Timeout NAT Range Dialog Box NAT Range Dialog Box General 245 NAT Mapping Dialog BoxNAT Mapping Dialog Box NAT Range Dialog Box NAT Mapping Translation Pair Examples Internal IP address Logging Configuration Dialog Box Logging Configuration Dialog BoxGeneral 247 Logging On Syslogd On Send Log to Aux PortIP Address Syslogd On Only File Syslogd On Only Ldap Server Dialog Box Ldap ConfigurationGeneral 249 Ldap Server Dialog Box Enable Ldap Ldap Config NamePrimary Server Primary Password Add Ldap Server Dialog Box Base General 251 Secondary Server Secondary Password Ldap Authentication Dialog Box Ldap Authentication Dialog BoxEnable Ldap Authentication Secondary Server Secondary Password General 253 Primary Server Primary PasswordVPN Group Attribute VPN Shared Secret Attribute 254 Ospf 255 Ospf Dialog BoxOspf Dialog Box Ospf Ospf EnabledArea ID Cost Ospf Area Add Ospf Area Dialog Box Ospf Area Dialog Box Enable Stub Area Ospf Authentication TypeStub Default Cost Ospf 259 Ospf Area Name Net Range Dialog Box Ospf Virtual Link Ospf 261 Enable Virtual LinkOspf Virtual Link Dialog Box Add Ospf Virtual Link Dialog Box Ospf Packet Authentication Key Virtual Transit DelayTransit Area Virtual Retransmission BGP 263 Enable BGPBGP General Dialog Box BGP General Dialog Box BGP BGP Aggregates Dialog BoxBGP Local Preference Use IPR Filters BGP Peer Configs Dialog Box BGP Peer Configs Dialog BoxBGP 265 Add BGP Aggregate Dialog Box Enable Ebgp Multihop BGP Peer Config NameInput Route Map Output Route Map IP Loopback Dialog Box IP Loopback BGP Peers Dialog BoxBGP Peers Dialog Box Add BGP Peer Dialog Box BGP 269 BGP Route Maps Editor Dialog Box BGP Route Map Editor Dialog Box Buttons & Controls BGP Route Maps Dialog Box BGP 271 BGP Route Mapping RulesEnter Data Dialog Box Action Options/Output Modifiers Direction Options/Input Modifiers BGP 273 Special Communities BGP Networks Dialog Box BGP NetworksBGP Network Dialog Box BGP 275 Subnet Mask 276 IP Addresses Appendices 277 Chart 2 Standard IP Subnets Chart 1 IP Address ClassesAppendices Subnet Masks Appendices 279 Chart 3 Subnetted Class C Host RangesBroadcast Addresses Assigning an IP address Chart 4 Broadcast Address ExamplesAssigning a Subnet Mask Assigning a Broadcast Address Appendices 281 Static Routes & Routing Protocols IPXIPX Routing Basics 282 Appendices 283 Service Advertising ProtocolClient Machine Addressing AppleTalk Routing Basics AppleTalk Non-extended and Extended AppleTalk Networks Appendices 285Seeding a Network Segment Zones Probing Bridging Router AutoconfigurationAppendices 287 Bridging Basics Spanning Tree Bridging Transparent Bridging Appendices 289 Multiport Bridges/Switches and Bridge GroupsSimple Bridging Example Bridge Groups on a Multiport Router Appendices 291 Frame RelayVirtual Circuits Addressing Local Management Interface LMI Local & Global DLCIsEncapsulation and Fragmentation Network/Protocol Addressing and Virtual Interfaces Frame Relay Example Appendices 293Frame Relay Example Page Index 295 Symbols Index Index 297 IPX TCP/IP Index 299 See also, TCP/IP Index 301 NAT RIP Index 303 UDP Index 305 Dlci Radius Index 307