4-26 Firmware User Guide
PPTP example
To enable a firewall to allow PPTP traffic, you must provision the firewall to allow inbound and outbound TCP packets specifically destined for port 1723. The source port may be dynamic, so often it is not useful to apply a compare function upon this portion of the control/negotiation packets. You must also set the firewall to allow inbound and outbound GRE packets, enabling transport of the tunnel payload.
From the Main Menu navigate to Display/Change IP Filter Set, and from the
Main |
|
| System |
|
Menu |
|
| Configuration |
|
|
|
|
|
|
Select Display/Change Input Filter.
Display/Change Input Filter screen
Filter Sets
Display/Change
Filter Set
Basic
Firewall
Source IP | Dest IP | + | |||||
|
|
|
|
| + | ||
1 | 0.0.0.0 | 0.0.0.0 | TCP | NC | =2000 | Yes No | |
2 | 0.0.0.0 | 0.0.0.0 | TCP | NC | =6000 | Yes No | |
|
|
|
|
|
| ||
|
|
|
|
| + | ||
Select Input Filter 1 and press Return. In the Change Input Filter 1 screen, set the Destination Port information as shown below.
Change Input Filter 1
Enabled:Yes
Forward:Yes
Source IP Address: | 0.0.0.0 |
Source IP Address Mask: | 0.0.0.0 |
Dest. IP Address: | 0.0.0.0 |
Dest. IP Address Mask: | 0.0.0.0 |
Protocol Type: | TCP |
Source Port Compare... | No Compare |
Source Port ID: | 0 |
Dest. Port Compare... | Equal |
Dest. Port ID: | 1723 |
Established TCP Conns. Only: | No |
Select Input Filter 2 and press Return. In the Change Input Filter 2 screen, set the Protocol Type to allow GRE as shown below.
