LANCOM Reference Manual LCOS 3.50 Chapter 8: Firewall
132
Firewall
Firewall. The specific parameters for the different alerting types such as the
relevant email account can be set at the following places:
An example:
Let us assume a filter named 'BLOCKHTTP', which blocks all access to a HTTP
server 192.168.200.10. In case some station would try to access the server
nevertheless, the filter would block any traffic from and to this station, and
inform the administrator via SYSLOG also.
SYSLOG notifications
If the Firewall drops an appropriate packet, a SYSLOG notification is created
(see ’Setting up the SYSLOG module’ page288) as follows:
PACKET_ALERT: Dst: 192.168.200.10:80 {}, Src:
10.0.0.37:4353 {} (TCP): port filter
Ports are printed only for port-based protocols. Station names are printed, if
the LANCOM can resolve them directly (without external DNS request).
If the SYSLOG flag is set for a filter entry (%s action), then this notification
becomes more detailed. Then the filter name, the exceeded limit and the filter
action carried out are printed also. For the example above this should read as:
PACKET_ALERT: Dst: 192.168.200.10:80 {}, Src:
10.0.0.37:4353 {} (TCP): port filter
PACKET_INFO:
matched filter: BLOCKHTTP
exceeded limit: more than 0 packets transmitted or received
on a connection
actions: drop; block source address for 1 minutes; send
syslog message;
Notification by email
If the email system of the LANCOM is activated, then you can use the com-
fortable notification by email:
Configuration tool Run
LANconfig Log & Trace SMTP Account SNMP SYSLOG
WEBconfig Expert Configuration Setup SMTP SNMP Module SYSLOG
Module
Termin al/Tel net
/Setup/SMTP resp. SNMP Module or SYSLOG Module