Perle Systems IOLINK-520 2.4.3.3 - Configure Firewall

Applications

2.48 — IOLINK-520 & IOLINK-PRO Installation & Applications Guide

2.4.3.3 - Configure Firewall

The IOLINK-520 & IOLINK-PRO provide Firewall security for restricting access between

any two networks connected through the router. Firewalls are set-up on a per connection

basis for the LAN and remote sites. The direction of filtering is from the perspective of the

IOLINK router; incoming traffic is from the network in question to the IOLINK router,

outgoing is from the IOLINK router to the network. The direction of filtering may be set to

incoming, outgoing, both or none. Once the direction of filtering for a connection has been

set, holes may be created in the firewall to allow specified traffic through. Normally, the

LAN firewall is used for restricting intranet traffic (connections within the corporate network)

and remote site firewalls are used to limit access from less trusted sources, such as the Internet

or dial-up ISDN links.

The following diagram shows a corporate head office network, which is connected, to the

Internet with an IOLINK router. There is also a branch office at a remote site connected

with a leased link. The administrator at the corporate head office wishes to set-up an IP

firewall to allow everyone on the Internet to have access to the corporate FTP and Web

servers and nothing else. The administrator also wishes to allow all of the TCP traffic from

the branch office network to have access to the head office. Anyone in the corporation may

have unrestricted access to the Internet.

Figure 2 -13 Sample Firewall Application

The following steps must be performed on the IOLINK-520 & IOLINK-PRO to set-up

the firewall support as desired.

Internet

Router with

firewall enabled.

Corporate Head

Office Network

195.100.1.0

Branch Office

Network

195.100.2.0

An

y

other network

any IP address

Main FTP server: 195.100.1.12

Main Web server: 195.100.1.20

Contents

Main Page Page Export Control Notice Federal Communications Commission (FCC) Canadian Emissions Standard ICES-003 For products marked with the CE Telecommunications label, the following declaration applies: ISDN Type Approval Labels Canadian ISDN Approval Using This Manual Installation Typical Applications & How to Configure Them Introduction to Filtering Menu Trees Page Page Page Page 1 Installation Unpack the IOLINK Router Select a Site Identify the Reset Switch Identify the Connectors IOLINK-PRO IOLINK-520 Connect to the Console Make the Link Connection(s) Power Up the Bridge/Router Managing the IOLINK-520 & IOLINK-PRO Using the Menus Conventions ! ! ! Login to Bridge/Router and Enter the Required Configuration Note: ! ! ! Mandatory Configuration Identify the Status LEDs POWER LAN LINK 1/LAN 2 LINK 2 Page 2 Typical Applications & How to Configure Them 2.1 - Bridging and Routing Should You Bridge or Route? 2.1.1 - Bridging 2.1.2 - IP Routing ! ! 2.1. 2 .1 - IP Addressing 2.1.2.2 Masks 2.1.2.3 - IP Subnets Page 2.1.2.3 - IP Default Gateway 2.1.2.4 - IP Static Route ! ! ! ! ! ! ! ! 2.1.3 - IPX Routing 2.1.3.1 - Novell Servers in Both Locations 2.1.3.2 - Novell Servers in One Location Only Page Page 2.1.4 - PPP Overview 2.1.4.1 - PPP Link Configuration 2.1.4.2 - Numbered Links ! ! ! 2.1.4.3 - Unnumbered Links Page 2.2 Basic WAN Configurations 2.2.1 - Basic ISDN Connections ! ! ! ! ! ! 2.2.1.1 - PPP ISDN Manual Call Quick Connections Page 2.2.2 - Basic Frame Relay Configuration ! 2.2.2.1 - Auto Learning the Frame Relay Configuration 2.2.2.2 - Manual Configuration - LMI Type ! ! 2.2.2.3 - Quick Start Frame Relay ! ! ! 2.2.3 - Basic Leased Line Configuration ! 2.2.3.1 - Quick Start PPP Leased Line Connections ! ! ! 2.3 - Configure Remote Site Profiles Page Page 2.3.2 - Configure Remote Site Profile for Frame Relay ! ! ! Page Page 2.3.3 - Configure Remote Site Profiles for Leased Line PPP ! ! Page 2.4 Advanced Features Page Page Applications 2.38 IOLINK-520 & IOLINK-PRO Installation & Applications Guide Figure 2 -11 NAPT Configuration 2.4.3 - Security 2.4.3.1 IPSec Protocol Suite Page Page Page Page Page Page 2.4.3.2 - Configure PPP Security ! ! Page 2.4.3.3 - Configure Firewall Page Page Page Page 3 Introduction to Filtering MAC Address Filtering Pattern Filtering Popular Filters Bridge IP & Related Traffic Novell IPX Frames NetBIOS &NetBEUI (Windows For Workgroups) IP Router NetBIOS over TCP Other interesting TCP Ports Page MAIN Menu Tree LAN IPX Set-Up LAN-NAT set-up Bridge-STP Set-Up LAN Set-Up IP Address Connect Connections Set-Up BACP Set-Up Schedule Usage Set-Up 4] 8] 5] 4] 5] 4] Edit Route Edit Service 2] IPX Routing Set-Up Static Routes Static Services IPSecurity Set-Up Policy Set-up 5] SNMP Set-Up 4] 5] 6] Page Page Octet Locations B.2 IOLINK-520 & IOLINK-PRO000 Installation & Applications Guide Octet Locations on a Bridged Novell Netware Frame ETHERNET Type Codes Page Page Appendix C Servicing Information Opening of the case and changing of modules is only to be performed by qualified service personnel. WARNING ! Opening the case Identifying the Internal Components To Clear a Lost Password Changing LAN or WAN Interfaces Selecting MDI or MDI-X LAN Interface Installing the ISDN Link Modules Processor settings for the ISDN Link Modules Changing the Termination Straps on the ISDN S/T Interface Connecting to the ISDN-U Link Module Performing a Software Upgrade Page Page Appendix D Interface Pinouts Pinout Information Link Clocking Information ATL-CSU/DSU Link Module Information Switches up down Console Pinouts D.4 IOLINK-520 & IOLINK-PRO00 Installation & Applications Guide V.24 & RS232C Link Pinouts Figure D-5 RS232 Link Pinouts V.11/X.21 Link Pinouts D.6 IOLINK-520 & IOLINK-PRO00 Installation & Applications Guide RS442 & RS530 Link Pinouts Figure D-7 RS530 Link Pinouts V.35 Link Pinouts D.8 IOLINK-520 & IOLINK-PRO00 Installation & Applications Guide RS232 Null-Modem Cable Configuration Figure D-9 RS232 Null-Modem Cable Interface Pinouts IOLINK-520 & IOLINK-PRO Installation & Applications Guide D.9 V.35 Null-Modem Cable Configuration Figure D 10 V-35 Null-Modem Cable D.10 IOLINK-520 & IOLINK-PRO00 Installation & Applications Guide RS530 Null-Modem Cable Configuration Figure D-11 RS530 Null-Modem Cable Interface Pinouts IOLINK-520 & IOLINK-PRO Installation & Applications Guide D.11 RS530 To RS449 Conversion Cable Figure D-12 RS530 to RS449 Conversion Cable V.11/X.21 Null-Modem Cable Configuration Index IOLINK-520 & IOLINK-PRO Installation & Applications Guide A B BACP, 2.50 Bandwidth on Demand, 2.52 Index IOLINK-520 & IOLINK-PRO Installation & Applications Guide N O P Lifetime Warranty Limited Lifetime Warranty Policy Limited Lifetime Warranty Schedules Part 1