Manuals
/
Brands
/
Computer Equipment
/
Server
/
Lancom Systems
/
Computer Equipment
/
Server
Lancom Systems
LCOS 3.50
- page 141
1
141
346
346
Download
346 pages, 5.42 Mb
Chapter 8: Firewall
LANCOM Reference Manual LCOS 3.50
141
Firewall
8.3.8
Configuration of Firewall rules
Firewall wizard
The fastest method to configure the Firewa
ll is p rovid ed by t he Fir ewall wizar d
in LANconfig:
Contents
Main
Page
Contents
Page
Page
Page
Page
Page
Page
1Preface
Page
Page
2 System design
Page
3 Configuration and management
3.1 Configuration tools and approaches
3.2 Configuration software
3.2.1 Configuration using LANconfig
Page
3.2.2 Configuration with WEBconfig
3.2.3 Configuration using Telnet
3.2.4 Configuration using SNMP
3.3 Remote configuration via Dial-Up Network
3.3.1 This is what you need for ISDN remote configuration
3.3.2 The first remote connection using Dial-Up Networking
3.3.3 The first remote connection using a PPP client and Telnet
Page
3.4 LANmonitorknow what's happening
3.4.1 Extended display options
3.4.2 Monitor Internet connection
Page
3.5 Trace informationfor advanced users
3.5.1 How to start a trace
Configuration and manage-
ment
3.5.2 Overview of the keys
3.5.3 Overview of the parameters
This parameter... ... brings up the following display for the trace:
3.5.4 Combination commands
3.5.5 Examples
3.6 Working with configuration files
3.7 New firmware with LANCOM FirmSafe
3.7.1 This is how LANCOM FirmSafe works
3.7.2 How to load new software
3.8 Command line interface
3.8.1 Command line reference
3.9 Scheduled Events
Configuration and manage-
ment
regular firmware or configuration updates
The data is stored in a table with the following layout:
Page
4 Management
4.1 N:N mapping
4.1.1 Application examples
Page
Page
Page
4.1.2 Configuration
Page
Page
4.1.3
5 Diagnosis
5.1 LANmonitorknow what's happening
5.1.1 Extended display options
5.1.2 Monitor Internet connection
5.2 Trace informationfor advanced users
5.2.1 How to start a trace
Diagnosis
5.2.2 Overview of the keys
5.2.3 Overview of the parameters
This parameter... ... brings up the following display for the trace:
5.2.4 Combination commands
Diagnosis
5.2.5 Examples
6 Security
6.1 Protection for the configuration
6.1.1 Password protection
Page
6.1.2 Login barring
6.1.3 Restriction of the access rights on the configuration
Page
Page
6.2 Protecting the ISDN connection
6.2.1 Identification control
Page
6.2.2 Callback
6.3 The security checklist
Page
Page
7 Routing and WAN connections
7.1 General information on WAN connections
7.1.1 Bridges for standard protocols
7.1.2 What happens in the case of a request from the LAN?
Page
7.2 IP routing
7.2.1 The IP routing table
Page
7.2.2 Local routing
7.2.3 Dynamic routing with IP RIP
Page
Page
Page
7.2.4 SYN/ACK speedup
7.3 The hiding placeIP masquerading (NAT, PAT)
7.3.1 Simple masquerading
Page
Page
Page
7.3.2 Inverse masquerading
7.3.3 Unmasked Internet access for server in the DMZ
7.4 N:N mapping
7.4.1 Application examples
Page
Page
Page
7.4.2 Configuration
Page
Routing and WAN
connections
use the mapped addresses of the remote side, valid on the VPN con- nection.
Page
7.5 Configuration of remote stations
7.5.1 Name list
7.5.2 Layer list
Routing and WAN
Parameter Meaning
connections
7.6 Establishing connection with PPP
7.6.1 The protocol
Page
7.6.2 Everything o.k.? Checking the line with LCP
7.6.3 Assignment of IP addresses via PPP
Page
7.6.4 Settings in the PPP list
7.7 Extended connection for flat ratesKeep-alive
7.8 Callback functions
7.8.1 Callback for Microsoft CBCP
7.8.2 Fast callback using the LANCOM process
7.8.3 Callback with RFC 1570 (PPP LCP extensions)
7.8.4 Overview of configuration of callback function
7.9 Channel bundling with MLPPP
Page
Page
8Firewall
8.1 Threat analysis
8.1.1 The dangers
8.1.2 The ways of the perpetrators
8.1.3 The methods
8.1.4 The victims
8.2 What is a Firewall?
8.2.1 Tasks of a Firewall
8.2.2 Different types of Firewalls
Page
Page
Page
Page
Page
8.3 The LANCOM Firewall
Page
Page
Page
Page
8.3.2 Special protocols
Page
8.3.3 General settings of the Firewall
Page
Page
Page
8.3.4 Parameters of Firewall rules
Page
Page
Page
Page
Page
8.3.5 Alerting functions of the Firewall
Page
Page
8.3.6 Strategies for Firewall settings
Page
Page
8.3.7 Hints for setting the Firewall
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Packet action
Description Object ID
Limit Description Object ID
Page
8.3.9 Firewall diagnosis
Page
Page
Page
Page
Page
The table contains the following elements:
Element Element meaning
Page
8.3.10 Firewall limitations
8.4 Protection against break-in attempts: Intrusion Detection
8.4.1 Examples for break-in attempts
8.4.2 Configuration of the IDS
8.5 Protection against Denial of Service attacks
8.5.1 Examples of Denial of Service attacks
Page
Page
8.5.2 Configuration of DoS blocking
8.5.3 Configuration of ping blocking and Stealth mode
Page
9 Quality of Service
9.1 Why QoS?
9.2 Which data packets to prefer?
Page
Page
9.2.1 Guaranteed minimum bandwidths
9.2.2 Limited maximum bandwidths
9.3 The queue concept
9.3.1 Queues in transmission direction
Page
Page
9.3.2 Queues for receiving direction
9.4 Reducing the packet length
Page
9.5 QoS parameters for Voice over IP applications
Page
Page
Page
9.6 QoS in sending or receiving direction
9.7 QoS configuration
9.7.1 Evaluating ToS and DiffServ fields
Page
9.7.2 Defining minimum and maximum bandwidths
Page
9.7.3 Adjusting transfer rates for interfaces
Page
9.7.4 Sending and receiving direction
9.7.5 Reducing the packet length
Page
Page
10 Virtual LANs (VLANs)
10.1 What is a Virtual LAN?
10.2 This is how a VLAN works
10.2.1 Frame tagging
10.2.2 Conversion within the LAN interconnection
10.2.3 Application examples
Page
Page
10.3 Configuration of VLANs
10.3.1 The network table
10.3.2 The port table
10.3.3 Configuration with LANconfig
10.3.4 Configuration with WEBconfig or Telnet
Page
11 Wireless LAN WLAN
11.1 What is a Wireless LAN?
11.1.1 Standardized radio transmission by IEEE
Page
Page
11.1.2 Operation modes of Wireless LANs and base stations
Page
Page
Page
Page
Page
Page
11.2 Developments in WLAN security
11.2.1 Some basic concepts
11.2.2 WEP
Page
Page
Page
11.2.3 WEPplus
11.2.4 EAP and 802.1x
Page
Page
11.2.5 TKIP and WPA
Page
Page
Page
Page
Page
Page
11.2.6 AES and 802.11i
11.2.7 Summary
11.3 Protecting the wireless network
11.4 Configuration of WLAN parameters
11.4.1 WLAN security
Page
Page
Page
Page
Page
Page
Page
Page
11.4.2 General WLAN settings
11.4.3 The physical WLAN interfaces
Page
Page
Page
Page
Page
11.4.4 The logical WLAN interfaces
Page
Page
Page
11.4.5 Additional WLAN functions
Page
11.5 Establishing outdoor wireless networks
11.5.1 Geometrical layout of the transmission path
Page
11.5.2 Antenna power
Page
Page
11.5.3 Emitted power and maximum distance
Page
Wireless LAN WLAN
Assumed cable loss: 9 dB
AirLancer Extender O-70 (802.11b/g) Antenna gain: 8.5 dBi Assumed cable loss: 6 dB
Maximum distance [km] Mbps P2P P2mP
11.5.4 Transmission power reduction
12 Office communications with LANCAPI
12.1 What are the advantages of LANCAPI?
12.2 The client and server principle
12.2.1 Configuring the LANCAPI server
Page
Page
12.2.2 Installing the LANCAPI client
12.2.3 Configuration of the LANCAPI clients
12.3 How to use the LANCAPI
12.4 The LANCOM CAPI Faxmodem
Page
13 Server services for the LAN
13.1 Automatic IP address administration with DHCP
13.1.1 The DHCP server
13.1.2 DHCP'on', 'off' or 'auto'?
13.1.3 How are the addresses assigned?
Page
Page
13.2 DNS
13.2.1 What does a DNS server do?
Page
13.2.2 DNS forwarding
13.2.3 Setting up the DNS server
Page
Page
13.2.4 URL blocking
13.2.5 Dynamic DNS
13.3 Call charge management
13.3.1 Charge-based ISDN connection limits
13.3.2 Time dependent ISDN connection limit
13.3.3 Settings in the charge module
13.4 The SYSLOG module
13.4.1 Setting up the SYSLOG module
13.4.2 Example configuration with LANconfig
Server services for the LAN
shows the alignment between the internal sources of the LANCOM and the SYSLOG facilities.
Source Meaning Facility
Priority Meaning SYSLOG priority
Page
14 Virtual Private NetworksVPN
14.1 What does VPN offer?
Page
14.1.1 Private IP addresses on the Internet?
14.1.2 Secure communications via the Internet?
14.2 LANCOM VPN: an overview
14.2.1 VPN example application
14.2.2 Advantages of LANCOM VPN
14.2.3 LANCOM VPN functions
14.3 VPN connections in detail
14.3.1 LAN-LAN coupling
14.3.2 Dial-in connections (Remote Access Service)
14.4 What is LANCOM Dynamic VPN?
14.4.1 A look at IP addressing
14.4.2 This is how LANCOM Dynamic VPN works
Page
Page
Page
Page
14.5 Configuration of VPN connections
14.5.1 VPN tunnel: Connections between VPN gateways
14.5.2 Set up VPN connections with the Setup Wizard
14.5.3 Inspect VPN rules
14.5.4 Manually setting up VPN connections
Page
14.5.5 Prepare VPN network relationships
Page
Page
14.5.6 Configuration with LANconfig
Page
Page
Page
14.5.7 Configuration with WEBconfig
Page
Page
Page
14.5.8 Diagnosis of VPN connections
14.6 Specific examples of connections
Virtual Private Networks
VPN
14.6.1 Static/static
14.6.2 Dynamic/static
Entry Headquarters Branch_office
14.6.3 Static/dynamic (with LANCOM Dynamic VPN)
14.6.4 Dynamic/dynamic (with LANCOM Dynamic VPN)
14.7 How does VPN work?
14.7.1 IPSecThe basis for LANCOM VPN
14.7.2 Alternatives to IPSec
14.8 The standards behind IPSec
14.8.1 IPSec modules and their tasks
14.8.2 Security Associations numbered tunnels
14.8.3 Encryption of the packets the ESP protocol
Page
14.8.4 Authentication the AH protocol
Page
Page
14.8.5 Key management IKE
Page
15 Appendix: Overview of functions for LANCOM models and LCOS versions
800 1000 1100
I-10 821 1511 1521 1611 1621 1711 1811 1821 3050 3550
4000 4100
6000 6001 6021
16 Index