LANCOM Reference Manual LCOS 3.50 Chapter 8: Firewall
122
Firewall
Please notice that the N:N mapping functions (’N:N mapping’
→page80) are only active when t he Firewall has been switched on!
Default VPN rules
A VPN rule consists, apart from some VPN specific information and among
other things, of the definition of source and destination networks. The infor-
mation about source and destination can get in principle from the IP routing
table, the TCP/IP settings (Intranet addresses and DMZ addresses), or from the
Firewall rules.
Similar to Quality of Service functions, VPN connections also use existing Fire-
wall functions in order to classify e. g. the packets according to their subnet-
works. Therefore, the Firewall is a central source for the VPN rules. It can be
defined in the Firewall whether further sources should be used for the VPN
rules or not. The according option can take on the following values:
Create automatically: With this setting, all available sources for gener-
ating VPN rules will be consulted, i.e. IP routing table, TCP/IP settings and
Firewall rules.
Specify manually: With this setting only the manually specified Firewall
rules are used as base for creating VPN rules.
For detailed information about VPN rules, please see the appropriate
VPN documentation.
Administrator email
One of the actions a Firewall can trigger is alerting of an network administra-
tor via email. The “administrator email” is the email account, to which the
alerting mails are sent to.
Fragments
Some attacks from the Internet try to outsmart the Firewall by fragmented
packets (packets split into several small units). One of the main features of a
Stateful Inspection like in the LANCOM is the ability to re-assemble frag-
mented packets in order to check afterwards the entire IP packet.
You can centrally adjust the desired behaviour of the Firewall. The following
options are available:
Filter: Fragmented packets are directly discarded by the Firewall.