Manuals / Patton electronic / Computer Equipment / Network Card

Patton electronic 3086 manual Enabling the Firewall, Firewall Portfilters, Firewall Policies, 123

Models: 3086

1 196

Download 196 pages 1.92 Kb

Page 123

Model 3086 G.SHDSL Integrated Access Device User Guide6 • Security

Firewall Policies:

ID Name Type 1 Type 2 Validator Allow Only

-------------------------------------------------------------------

1 item0 external internal false

-------------------------------------------------------------------

ﬁfirewall delete policy item0

The firewall policy named item0 is now deleted.

Enabling the Firewall

At this point, both security and the firewall can be enabled and the network is secure. All the interfaces which have been defined are protected: all traffic blocked between the internal and external interfaces.

1.Return to the Security page.

2.Under Security State select Enabled for Security and click on Change State.

3.Then select Enabled for the Firewall and click on Change State.

The network is now secure. All the interfaces which have been defined are protected and all traffic is blocked between different the different interface types. That is, all traffic is blocked between the external and internal interfaces.

The next section describes how to configure the Firewall for allowing certain types of data transfer to occur between the PC’s on different networks.

Firewall Portfilters

Next, we configure the Firewall to permit certain types of data transfer between the PCs on the different net- works. This is done by the implementation of Firewall portfilters. Portfilters are individual rules that determine what kind of traffic can pass between two interface types.

For the Transport Type below, the different types are:

Transport Type	Abbreviation

1	ICMP
2	IGMP

3	GGP
4	IP

6	TCP
8	EGP

9	IGP
17	UDP

46	RSVP
47	GRE

89	OSPFIGP
92	MTP

Enabling the Firewall

123

Image 123

Patton electronic 3086 manual Enabling the Firewall, Firewall Portfilters, Firewall Policies, 123

Contents

Shdsl Integrated Access Device Patton Electronics Company, Inc Contents Basic Application Configurations Contents Specialized Configurations 113 Contacting Patton for assistance 143 Cable Recommendations 157 Contents Page About this guide AudienceStructure Precautions Factory default parameters Safety when working with electricityAbout this guide Typographical conventions used in this document General conventionsMouse conventions General Information Chapter contentsModel 3086 G.SHDSL IAD overview General attributesModel 3086 G.SHDSL IAD overview Protocol support Shdsl CharacteristicsEthernet TDM InterfacePPP Support ATM ProtocolsManagement Model SecurityWAN DSL Rear panel connectors and switches Power connectorConsole port outlined in red RJ-11/4 DSL line port uses pins 2 and 3 of the RJ-11 port Ethernet port outlined in greenLine port outlined in yellow Product Overview Applications Overview Product OverviewProduct Overview Internet/Extranet AccessIP/FR and TDM Access IP/FR and Voice over DSLMetro Intranet Access Quick Start Installation Hardware installation Installing the AC power cordWhat you will need Quick Start Installation Connecting network cablesIP address has now been successfully changed Web Operation and ConfigurationPC Configuration IP address Quick Start modificationModel 3086 menu structure is shown in on Model 3086 home page displays see FigureModel 3086 Menu Structure Basic Application Configurations Basic Application Configurations IPoA Routed RFC Introduction TDM Port Routed WAN Services Bridged WAN ServicesRear panel power and interface connectors Interfaces Connecting the 3086 serial port to a DTEConnecting the 3086 serial port to a DCE X.21 PortsX.21 Ports Configuring the V.35 or X.21 port via DIP switchesDIP switches location Switch Position Function Factory Default Selected Option Switch Bank S2Switch Bank S3 T1 Interface Connection T1 InterfaceDIP Switch Configuration T1 Interface ConfigurationData Rate kbps Figuration only Line Code The 3086 T1 interface uses B8ZS Web Interface ConfigurationE1 Interface Connection E1 InterfaceDescription of S2 options follows the table E1/CRC S3-8 Setting Web Interface Configuration Using the 3086 as a simple modem TDM data over DSL CLI configurationCLI configuration Wait for configuration saved message… Saving configuration… Intended DSL Data Rate Web browser configurationClear Error Counters Circuit IDIntended Serial Interface Data Rate DSL Rate Number of i BitTerminal Type TDM Plus Ethernet Traffic Central or Remote terminal Master/Slave Selecting PCM modeSelecting the DSL link speed Assigning bandwidth to serial and Ethernet portsFor 3086 a at the prompt type For 3086 B typeSelect between Annex a and Annex B To select Annex B type Circuit ID Intended Serial Interface Data Rate Interface Type Ethernet extension Hdlc Pppoh Bridged Using the 3086 in Routed or Bridged applicationsModel 3086 Remote Configuration Steps PPPoH Bridged Two stand-alone units directly connectedLeave User name and Password blank. Click on Apply Model 3086 Central Configuration Steps PPPoH Bridged Network Extension HDLC-PPPoH Routed Model 3086 Remote Configuration Steps PPPoH RoutedModel 3086 G.SHDSL Integrated Access Device User Guide Click on Configure Basic Application Configurations Model 3086 Central Configuration Steps PPPoH Routed Using the 3086 in Routed or Bridged applications Bridged application configurations to a Dslam RFC 1483 Bridged ConfigurationDslam Connections with remote CPE units Model 3086 Remote Configuration Steps RFC 1483 Bridged Model 3086 Central Configuration Steps RFC 1483 Bridged PPPoH Bridged Configuration Dslam Connections with remote CPE units Model 3086 Central Configuration Steps PPPoH Bridged Model 3086 Remote Configuration Steps PPPoA Bridged PPPoA Bridged RFC 2364 ConfigurationVPI = VCI = LLC header mode = off Hdlc header mode = off Model 3086 CentralConfiguration Steps PPPoA BridgedRouted application configurations to a Dslam Model 3086 Remote Configuration Steps RFC 1483 RoutedRFC 1483 Routed Model 3086 G.SHDSL Integrated Access Device User Guide Basic Application Configurations One IP interface was called ip1 with an IP address Model 3086 Central Configuration Steps RFC 1483 RoutedIp set interface ip1 ipaddress 192.168.100.2 Dslam Connections with remote CPE units Basic Application Configurations PPPoH Routed Ip set interface ip1 ipaddress 192.168.100.2 Dslam Connections with remote CPE units Basic Application Configurations Model 3086 Central Configuration Steps PPPoH Routed Basic Application Configurations Basic Application Configurations PPPoA Routed RFC Model 3086 Remote-Client Configuration Steps PPPoA RoutedChap User Namefred Passwoodfredspass Click on ConfigureBasic Application Configurations Dslam Connections with remote CPE units Model 3086 Central-Server Configuration Steps PPPoA Routed 100 101 102 Local IP Magic Number MRU103 104 105 106 Model 3086 Remote Configuration Steps IPoA Routed IPoA Routed RFC107 108 109 110 Model 3086 Central Configuration Steps IPoA Routed VPI0 VCI700 WAN IP address Click on Apply111 112 Specialized Configurations Dhcp Server and Relay IP ConfigurationsRouter RIP and RIPv2 Static Route115 Specialized Configurations116 DNS Client117 DNS Relay ModeIP Configurations Security 120 Configuring the IADConfiguring the security interfaces Security121 122 Deleting a Firewall PolicyFirewall policy named item0 is now deleted Enabling the FirewallFirewall Portfilters Firewall Policies124 Security Triggers125 Scan Attack Block DurationDefault = 86400 seconds Intrusion Detection System IDS126 127 Intrusion Detection System IDS NAT Network Address Translation 130 Enabling NATGlobal address pool and reserved map NAT Network Address Translation131 132 Monitoring Status 134 Status LEDsDiagnostics Ping Software UpgradesConfiguration Procedure137 DiagnosticsOperating Local Analog Loopback LAL-Serial Port Loop Operating Remote Digital Loopback RDL-DSL LoopT1/E1 Diagnostics Network Loop138 139 T1/E1 Local Loop140 QRSS-BIT Error Rate DiagnosticsFDL statistics T1 only AlarmsT1/E1 connection Status Transceiver Status142 BIT Error Rate V.52 DiagnosticsContacting Patton for assistance Returns for credit Warranty coverageOut-of-warranty service Contact informationContacting Patton for assistance Return for credit policyRMA numbers Shipping instructionsPage Appendix a Compliance information CE Declaration of Conformity SafetyCompliance Radio and TV Interference FCC Part149 Authorized European RepresentativeFCC Part 68 Acta Statement Industry Canada Notice150 Appendix B Specifications 152 General CharacteristicsShdsl Characteristics EthernetProtocol Support Sync Serial InterfaceT1/E1 Interface 3086/RIK and RIT models only 64K/G.703 Port 3086/RIF Model154 PPP SupportATM Protocols ManagementCompliance Standard Requirements DimensionsPower and Power Supply Specifications Security156 Appendix C Cable Recommendations Foot 3 m, RJ-11/RJ-11 refer to RJ-11non-shielded port on DSL CableEthernet Cable AdapterAppendix D Physical Connectors RJ-45 non-shielded RS-232 console port EIA-561 Assuming the MDI-X switch is in the out positionRJ-45 shielded 10/100 Ethernet port RJ-11 non-shielded portSerial port 35 M/34 Connector35 DB-25 Female Connector Physical Connectors162 Power input21 DB-15 Connector E1/T1 RJ-48C Connector IEC 320 connector two prong163 Appendix E Command Line Interface CLI OperationRemote Telnet CLI TerminologyProduces a list of numbered transport objects Local VT-100 emulation165 Using the ConsoleCommand Line Interface CLI Operation ThenFollowing information is returned Administering user accountsSetting user passwords Adding new usersShdsl Commands Changing user settingsControlling login access Controlling user accessTo establish the DSL link For CPE remote unit168 169 170 Appendix F Interworking Functions Information Interworking Functions Information 173 LMI Configuration OptionsManagementType Default Value nomaintenance Frame Relay Local Management InterfaceFullReportCycle Default Value MgtAutoStart Default Value FalseT391Value Default Value T392Value Default ValueSet configuration variable CLI Configuration MethodsShow current configuration Command lmi showDE Mapping Frame Relay Service Interworking FRF.8Web Configuration Methods FRS Configuration OptionsTranslation Mode Fecn Mapping177 178 FRS NameSet variable attributes on a specified group CLI Configuration MethodCommand frs set group # variable value Show one of the eight groupsSet variable attributes on a specified channel FRS Overview Screen180 181 Group/Channel Level Configuration ScreenFRN Configuration Options Frame Relay Network Interworking FRF.5182 183 Port Level Configuration Options184 Channel Level Configuration Options185 CLI Configuration Methods for Port Level ManagementList all ports available to the system Show detailed information about a specific port186 Command frn set port# variable valueConfiguration Management of the Channel Level Variables Understanding the Channel Level ViewSet Configuration Variables associated with the Channels Command frn set port# channel # variable value187 188 Port Level Information ScreenChannel Level Information Screen Packet Information Screen189 Frame Relay Configuration Options Frame Relay CLI Configuration OptionsFrame Relay Ethernet Based Operations 191 Clear all Frame Relay TransportsDelete the specified transport List all active Frame Relay ChannelsClock Mode Serial Interface ConfigurationWeb Based Configuration of the Frame Relay Channel Configuration Variables AvailableShow current configuration settings Gain help about the Serial Interface193 194 Web Interface ConfigurationsPing commands from the CLI Interface Ping and Trace Route195 Trace Route from the CLI InterfaceDefine Usage ip traceroute Start Trace Route ip traceroute startPing and traceroute from the web interface Backup and Restore FeaturesBackup Configuration Restore Configuration