Chapter 8: Firewall LANCOM Reference Manual LCOS 3.50
127
Firewall
either a rule applies to the packet, for which observe further rules is not
activated.
or the list of the Firewall rules has been completely worked through with-
out applying a further rule to the packet.
To realize this aforementioned scenario it is necessary to install for each sub-
networ k a Fire wall ru le that reject s from a data ra te of 5 12 kbps up addi tional
packets of the protocols FTP and HTTP. For these rules the observe further rules
option will be activated. Defined in an additional rule for all stations of the
LAN, all packets will be rejected which exceed the 1024 kbps limit.
VPN rules
As described in section ’Default VPN rules’ →page122, a VPN rule can
receive its information about source and destination network from Firewall
rules.
By activating the option “This rule is used to create VPN rules” for a Firewall
rule, you determine that a VPN rule will be derived from this Firewall rule.
For detailed information about VPN rules please see the appropriate
VPN documentation.
Apart from this basic information, a Firewall rule answers the question when
and/or on what it should apply to and which actions should be executed:
Stations / Service: To which stations/networks and services/protocols
does the rule refer to? (→page128)
Conditions: Is the effectiveness of the rule reduced by other conditions?
(→page129)
Trigger: On exceeding of which threshold shall the rule being triggered?
(→page130)
Action: What should happen to the data packets when the condition
applies and the limit is reached? (→page130)
Further measures: Should further measures be initiated apart from the
packet action? (→page130)
Quality of Service (QoS): Are data packets of certain applications or
with the corresponding markings transferred preferentially by assurance
of special Quality of Services? (→page131)
Condition, limit, packet action and other measures form together a
so-called “action set”. Each Firewall rule can contain a number of