Virtual Private Networks (VPNs)
PPTP example
To enable a firewall to allow PPTP traffic, you must provision the firewall to allow inbound and outbound TCP packets specifically destined for port 1723. The source port may be dynamic, so often it is not useful to apply a compare function upon this portion of the control/negotiation packets. You must also set the firewall to allow inbound and outbound GRE packets, enabling transport of the tunnel payload.
From the Main Menu navigate to Display/Change IP Filter Set, and from the
Main |
|
| System |
|
Menu |
|
| Configuration |
|
|
|
|
|
|
Select Display/Change Input Filter.
Display/Change Input Filter screen
Filter Sets
IP Filter
Sets
Display/Change
IP Filter Set
Basic
Firewall
Source IP | Dest IP | |||||
|
|
|
| + | ||
1 | 0.0.0.0 | 0.0.0.0 | TCP | NC | =1723 | Yes Yes |
2 | 0.0.0.0 | 0.0.0.0 | GRE | Yes Yes | ||
|
|
|
|
|
For Input Filter 1 set the Destination Port information as shown below.
Change Input Filter 1
Enabled:Yes
Forward:Yes
Source IP Address: | 0.0.0.0 |
Source IP Address Mask: | 0.0.0.0 |
Dest. IP Address: | 0.0.0.0 |
Dest. IP Address Mask: | 0.0.0.0 |
Protocol Type: | TCP |
Source Port Compare... | No Compare |
Source Port ID: | 0 |
Dest. Port Compare... | Equal |
Dest. Port ID: | 1723 |
Established TCP Conns. Only: | No |