LANCOM Reference Manual LCOS 3.50 Chapter 8: Firewall
118
Firewall
list will be carried out. If the action intends to accept the packet, then an
entry is made in the connection list, as well as for any further actions.
If no explicit Firewall rule exists for a data packet, the packet will be
accepted (’Allow-All’). That grants a backward-c ompatibility for exist-
ing installations. For maximum protection by the Stateful Inspection,
please note the section ’Set-up of an explicit "Deny All" strategy’
→page138.
The four lists obtain their information as follows:
In the host block list are all those stations listed, which are blocked for
a certain time because of a Firewall action. The list is dynamic, new entries
can be added continuously with appropriate actions of the Firewall.
Entries automatically disappear after exceeding the timeout.
In the port block list those protocols and services are filed, which are
blocked for a certain time because of a Firewall action. This list is likewise
The Firewall checks with several lists Host blocked?
Port blocke d?
Active connection?
Filter list?
Firewall / IDS / DoS / QoS
IP router
LAN bridge with “isolated mode”
Virtual LANs (VLAN)
N:N mapping
ISDN
ADSL
DSL
LAN / Switch
WLAN-1
DMZ
DSLoL
Configuration &
management:
WEBconfig, Telnet,
VPN / PPTP
DHCP client / PPP
IP module: NetBIOS, DNS,
DHCP server, RADIUS, RIP,
NTP, SNMP, SYSLOG, SMTP
IPX router
LAN interfaces
WAN interfaces
IP masquerading
VPN services
LANCAPI
connection via
LAN/Switch
WLAN-2
Filter
Filter
Filter
IPX over PPTP/
VPN
Encryption:
802.11i/WPA/WEP