Chapter 8: Firewall LANCOM Reference Manual LCOS 3.50
125
Firewall
the needed port will be opened for a short time (20 seconds) solely for the
authentication inquiry.
This behaviour of the Firewall in TCP Stealth mode can be suppressed specif-
ically with the parameter “Always mask authentication port, too“.
The activation of the option “Mask authentication port“ can lead to
considerable delays for the dispatch and receipt of e. g. e-mails or
news!
A mail or a news server, which requests any additional information from the
user with t he help of th is service , runs first into a disturbing timeout, before it
begins to deliver the mails. This service needs thus its own switch to hide and/
or to hold it “conformingly”.
The problem thereby is however that a setting, which hides all ports, but
rejects the ident port is unreasonable - alone by the fact that rejecting the
ident port would make the LANCOM visible.
The LANCOM offers now the possibility to reject ident inquiries only by mail
and news servers, and to discard those of all other PCs. For this, the ident
inquiries of the respective servers are rejected for a short time (20 seconds)
when a mail (SMTP, POP3 IMAP2) or a news server (NNTP) is calling up.
When the timeout is exceeded, the port will be hidden again.
8.3.4 Parameters of Firewall rules
In this section we describe the components of Firewall rules and the available
options to set up the different parameters.
Information regarding definition of Firewall rules with the different
kinds of configuration tools (LANconfig, WEBconfig or Telnet) can be
found in chapter ’Configuration of Firewall rules’ page14 1.
Components of a Firewall rule
A Firewall rule is at first defined by its name and some further options:
On/Off switch: Is the rule active for the Firewall?
Priority: Which is the priority of the rule? (page126)
Observe further rules: Should further Firewall rules be observed when
this rule applies to a data packet? (page126)