To define the Solid Firewall rules | RAD Data comm E1/T1 guide

Chapter 4 Configuration	FCD-IPMInstallation and Operation Manual

To define the Solid Firewall rules:

1. From the Firewall Setup menu, type 2.

The Firewall Rules menu appears (see Figure 4-10).

2.From the Firewall Rules menu, type A and perform the following: Define a link on which the rule will be applied

Specify the source IP address range by defining the start and end addresses.

Specify the destination IP address range by defining the start and end addresses.

Enable the application used by the rule (user defined, Telnet, Ping, HTTP, FTP, TFTP, POP3, SMTP, SNMP, SNMP Trap, BOOTP/DHCP, DNS Client to Server, or DNS Server to Server).

If you select a user-defined application, you must specify the following parameters:

Protocol type: TCP, UPD or ICMP

Minimum and maximum port value for TCP and UDP protocols, or ICMP message type for ICMP protocol.

3.Press <Esc> and save new firewall rule values.

For example, two LANs are connected to the FCD-IPM 10BaseT ports

(see Figure 4-7). LAN 1 includes company’s Web, mail and FTP servers, which cab be accessed from the outside. Employees’ PCs sitting on LAN 2 must not be reached from the outside, but they must be allowed to access the servers. In order to grant access to LAN 1 and restrict it to LAN 2, you must set up two firewalls:

Firewall 1

Select interface – main link Select direction – inbound Define rule 1 for Web server:

Start and end source IP address – 0.0.0.0 to 255.255.255.255 Start and end destination IP address – 192.111.111.111 Protocol – HTTP.

Define rule 2 for mail server, which is identical to rule 1, except for destination IP addresses (192.111.111.112) and protocol (SMTP).

Define rule 3 for FTP server, which is identical to rule 1, except for destination IP addresses (192.111.111.113) and protocol (FTP).

Firewall 2

Select interface – LAN 2

Select direction – outbound.

4-16 Security Setup Menu

Image 64

RAD Data comm E1/T1 operation manual To define the Solid Firewall rules, Select interface LAN Select direction outbound

Contents

FCD-IPM Page FCD-IPM International Headquarters RAD Data Communications Inc Limited Warranty General Safety Instructions Please observe the following precautions Connection of AC Mains General Safety PracticesConnection of DC Mains Ports Safety Status Connection of Data and Telecommunications Cables Electromagnetic Compatibility EMC Conventions MeasuresPage Installing and Operating FCD-IPM To install FCD-IPM Quick Start Guide Contents Setup Menu ConfigurationView Menu Troubleshooting and Diagnostics FCD-IPM Main Menu Firewall Rules MenuView Menu Outline Routing Tables Menu Bridge Table Interface Routing Bridging Mode Menu 56. E1 Setup Menu 41. T1 Setup MenuWAN Economy Menu Outline Link Settings Interval Parameters Device Security Identity Overview Versions E1/T1 over fiber optic links with interfaces Backup Applications Features Physical Description Functional Description Main Link and Sublink Characteristics FCD-IPM Functional Block Diagram IO Data Channel Interfaces System Timing ConsiderationsE1 over Shdsl AWG line Time Slot Handling Integrated RouterBridging IP Router Protocols Management Management Using Dedicated Time Slot DTS Compliance ITU G.703, G.704, G.706, G.732 Diagnostics Zero SuppressionUnbalanced interface Two BNC coaxial Framing Options Type Wire unconditioned dedicated line Line Coding Impedance 135Ω Connector RJ-45 Protection ITU K.21, UL1950For direct connection to a 2-wire telephone Range Routing WAN ProtocolsTypes Interface Options Nm LED Nm laser diode Connectors Power indicator greenLink error red RED alarm red T1 only Power consumption 12W GeneralRM-34 for 19-inch Rack Supply voltage Introduction Technical Specifications Enable free airflow Site Requirements & Prerequisites Installation and Setup Package ContentsEquipment Needed Fuses Location of Internal BAL/UNBAL Jumpers E1/T1 Link Connections Interfaces and ConnectionsIO Data Channel Connections Connecting the Power AC Power ConnectionDC Power Connection Control Port Connection Installation and Setup Front Panel Indicators IndicatorsIntroduction Front Panel Indicator Functions Object Description Function Rear Panel Indicators Operating InstructionsTurning On Normal Indications Operation Connecting to the Ascii Terminal Fault IndicationsConnecting the Terminal Emulator Turning Off Password Protection To setup the terminalTo initiate the login message Press Enter several times Chapter Configuration Main Menu has the following options Quick Setup Menu To access the Quick Setup MenuMain Menu To choose an option from the Main Menu Quick Setup Parameters To configure the setup parametersTo view the options To enter new information Quick Setup Parameters Parameters Type Options Quick Setup for T1 PPP, IP Quick Setup Menu ExamplesQuick Setup Quick Setup for E1 PPP, IP + Isdn Backup, 128K, PPP, IP 3shows the Quick Setup menu for E1 Set this parameter for the WAN configuration WAN SettingsWAN Parameters PPP Default PPPRFC-1490 Set the parameters in this section for each LAN connection LAN SettingsLAN Parameters Setting up the IP Mask Isdn Settings Frame Relay SettingsIsdn Settings Dlci Number Async Settings Security SettingsTwo settings that must be made V.24 Async Settings To access the Security Setup Menu Security Setup MenuSecurity Setup options are described below Device Access Restriction Enabling Telnet AccessEnabling Snmp Access Changing Login Password Supervisor Access To set a Monitor Supervisor PasswordFrom the Main menu, select option 2, Security Setup Firewall Option Firewall To define the Solid Firewall rulesSelect interface LAN Select direction outbound Configuring Firewalls IP Address Translation NAT Firewall Rules IP Address Translation NAT Settings Transparent PAT Port Address Translation Advanced Setup Menu Setup MenuTo access the Advanced Menu Main Menu, press Advanced Menu appears refer to Figure Device Control Menu To access the Device Control menuOptions in the Device Control menu are described below Software Download Select this option to download a new software version To download a new software version via Tftp server Download from Tftp ServerSelect option 1 from the Software Download menu Upload Device Parameters to Tftp Server Xmodem via Control Port Boot ManagerTo upload device parameters Reset Options Download Device Parameters from Tftp ServerTerminal Type To download device parameters To access the View Menu View Menu Configuration 24. View Menu SHDSL+SUB O1 FXS O2 FXS Interface Connections Routing TablesSelect this option to display different routing tables Options in the Routing Tables menu are described below Bridge IP InterfacesIP Routing Details the routing interfaces information IPX Routing Select this option to display information on IPX routingIPX NET IPX Node Type Hops Ticks Ageing Interface NET RIP IPX Services IP Address Pool Dhcp Ospf Related Information Area ID Type LS-ID Orig RTR SEQ NUM AGE Cksum IP Address Prio StateF7FD To access the Shdsl Status screen StatisticsShdsl Status and Statistics Displaying the Shdsl Status Data mode Shdsl Status Screen Parameters Displaying the Shdsl Statistics Shdsl Statistics ParametersTo display statistics for specific intervals Display Description T1 Diagnostics E1/T1 DiagnosticsTo refresh or clear statistics Interval Parameters 10. Interval Parameters E1/T1 Alarms Log File Select this option to display the E1/T1 Alarms Log fileE1/T1 Alarms Interface Type Status Days Hours MIN SEC Diagnostic Tools Menu To access the Diagnostic Tools menu To ping another host 49. Ping Terminal Screen Advanced Menu, press Setup menu appears refer to Figure To access the Setup menuOptions in the Setup menu are described below Host Parameters Menu To access the Host Parameters menuHost Parameters Device ID Options in the Host Parameters menu are described belowTftp Radius Device ID Device ID Parameters IP HostCurrent NEW IP Host Parameters Default Gateway Snmp Manager Table Tftp Trivial File Transfer Protocol Tftp Parameters Radius Authentication and Billing 11. Radius Menu Radius Menu Parameters To access the Routing/Bridging menu Setup menu, press Routing/Bridging menu appearsRouting/Bridging Menu Select this option to enter FCD-IPM routing information Options in the Routing/Bridging menu are described below Interface Routing/Bridging ModePPP Interface Routing/Bridging Mode Menu Parameters Slip Cslip PPP Settings PPP SettingsThis option is only available for PPP link protocol BOD Static Stations and Nets Does not remove static entries from the routing tablesCan be defined in 4 ways see Table Static Stations and Nets 16. Router 2 set to Next Hop in FCD-IPM IP Routings Settings Interface Address IP Address Pool Setting Dhcp Routing ProtocolMaximum Transmit Unit Dhcp Relay FCD-IPM supports all these mechanisms simultaneously IP Address PoolSelect this option to define IP address information Dhcp PC Remote Access 10. IP Address Pool Settings Ospf Settings FCD-IPMNothing Static Only RIP Only Static & RIP Link 1/CH1 Interfaces Area IDLink 1/CH2 12. Ospf Areas Setup Ospf Summaries SetupNormal Stub 13. IPX Routing Settings IPX Routing SettingsIPX router RIP/SAP Mode LAN RIP/SAP Station Ageing 29. Station Aging Menu Setup menu, press Interface Parameters menu appears To access the Interface Parameters menuInterface Parameters Menu Link Settings Menu 31. Interface Parameters Answer & Originate 14. Link SettingsON, Ignore Odd Shdsl SettingsEven To configure the Shdsl parameters Shdsl Parameters15. Shdsl Parameters STU-C Shdsl Loops To access the Shdsl Loops menu16. Shdsl Loops E1/T1 Settings Loopback 38. FCD-IPM with an E1/T1 Interface T1 Features E1 Features T1 Setup Menu 17. T1 Setup ParametersO1 SUB T1 O2 SUB T1 FIX SUB T1 Time Slots Mapping T1 Time Slots Mapping Link TS1 Data LINK1TS2 Data LINK1 TS3 Loopback options are DisabledLoopback 45. Remote Analog Loopback for T1 and Sub T1 Links 48. Local Analog Loopback 49. Local Analog Loopback for T1 and Sub T1 Links T1 Link Parameters ESFB7ZS B8ZS T1 Parameters Link1 Parameters Additional Cards Parameters Voice Fix Voice O1Voice O2 VoiceFCD-IPM has optional voice capabilities Voice Parameters Bit 52. FXO Voice Interface FXO Voice Interface Ring Detection to T1 On This parameter specifies the interface type This parameter is set toVoice Interface Type Typical screen is shown in Figure Time Slots for Voice Ports Management Time Slot Number Management Host IP AddressSelect this parameter to set a unique IP address AIS E1 Setup Menu This section describes the parameters in the E1 Setup menu19. E1 Setup Parameters O1 SUB E1 Time Slots Mapping TS2 FIX SUB-VOICE TS3 FIX SUB-DATATS4 O1 Voice TS5 O1 Voice 59. Remote Analog Loopback 60. Remote Analog Loopback for E1 and Sub E1 Links Select this option to configure the parameters that follow E1 Link Parameters 20. E1 Link1 Parameters Ccitt Coding Law TX/RX GainsLaw coding for E1 links On/off hook from the E1 on Default Abcd to the E1On/off hook to the E1 on 65. FXO Voice Interface Law coding for E1 links On/off hook from the E1 on Out of Service Method Signaling FeedbackRing Detection to E1 on RX/TX Gains Interface Type Law Coding for E1 links Signal from the E1 on Refer to Table Typical screen is shown in Figure 67. E1 Time Slots Mapping Link1 Screen Alarms Filter Management Time Slot Number Isdn Settings MenuManagement Host IP Address Isdn has the following features 21. Dialing Mode Parameters22. Answering Mode Parameters To activate the Isdn line Choose the Isdn protocol 23. Local Number for Dialback 70. Dialback Phone Number Frame Relay Dlci Settings Link Dlci State CIR Excess Throughput Implementing Frame Relay 73. Frame Relay Options in the Advanced Menu 24. Frame Relay Link Parameters Enquiry frames in a sliding monitored events window 74. Polling Intervals 25. Frame Relay Dlci Parameters Frame Relay Dlci ParametersDlci To access the Access Control menu Access Control Security MenuSelect this option to perform security operations 78. Access Control Menu 79. External Access Security Menu 26. External Access Security Parameters Radius Device Security Identity PPP only FCD IPM Login Script Setup Security Host/Guest PPP onlyLink Host Current Script for Link Command codes are described in Table Command Code28. Command Codes 29. Example of Argument ArgumentCode to wait/send Control Sequence To access the WAN Economy menu WAN Economy Menu Filters Options in the WAN Economy menu are described below 86. Action of a Quick Filter Forwarding BlockingMultiple Filters Quick Filters To configure the broadcast control Factory default Block PropagationToggle between Block and Forward No Filters Add Filters Menu Advanced FiltersChoose Advanced Filter True-False Menus 30. Add Filters Menu TermsAdvanced Filter Parameters 31. Advanced Filter Parameters MAC NETFTP WWW Saving Filter Parameters UTPTCP Icmp Connection on Demand 91. Connection On Demand Menu You need to configure Start Connection Terminate Connection 32. Connection On Demand Parameters Following examples demonstrate how COD can be used Example 93. Any Frame Starts a Connection 94. Limiting Access to a Specific PC Spoofing 95. Manual Connection Enabled Enabled COD 33. IP/IPX Spoofing Parameters To access the Factory Default menu Factory Default OptionsFactory Default Options Setup Menu Factory Default Options General Troubleshooting E1/T1 and Voice TroubleshootingGeneral Troubleshooting E1, T1 and Voice Troubleshooting Router Connections Troubleshooting Router Connections TroubleshootingIP Connection to WAN Troubleshooting IP connection to LAN is Down Troubleshooting and Diagnostics Troubleshooting and Diagnostics Interface Signal List Female Connectors Table A-1. Interface Signal List Female Connectors DTE DTR RS-530 21 / 15-pin RS-530 RS-449/V.36 37-pin E1 over Shdsl Line Connector E1/T1 ConnectorsPin Designation Direction Function Control Cable Connector Control cable connection pinout is provided in Table A-3Table A-3. Control Cable RJ-45 to DB-9 Connection DCE RJ-45 DB-9 Isdn Connector Isdn connector pinout is provided in Table A-4Table A-5. Fiber Optic Interface Specifications Fiber Optic Interface E&M Connector FXO/FXS ConnectorTable A-6 RJ-45 E&M Connector Wiring Table A-7 Accessing Boot Manager Access via Software Download MenuTo access Boot manager via Software Download menu Preface Boot Manager Menu Rescue Load New Software Partitions StatusStep Immediately after the change Run Backup Partition Reactivate Backup PartitionErase Configuration Duplicate Active Partition Set Baud Rate Immediately after performing the change Appendix B Boot Manager Boot Manager Menu Snmp Environment Snmp PrinciplesSnmp Operations This section describes the Snmp environment Management Information Base MIB Structure MIBs Supported by the FCD-IPM Snmp Agent Management Domains Under SnmpSnmp Communities Authentication Snmp Configuration Community ConfigurationTrap Configuration Indexing Convention Snmp Traps Supported Traps Appendix D Glossary Appendix D Glossary Appendix D Glossary Appendix D Glossary DC Power Supply Connection Terminal Block Connector DC Power Supply Wire Voltage Polarity TB Plug with Captive Screws optional Excellent Good Fair Poor Very Poor Manual Name FCD-IPM Publication Number 702-200-08/03Manual as a whole What did you like about the manual? Page Difficulty in finding needed information Missing informationIllogical flow of information Style spelling, grammar, references, etcPage Page International Headquarters Headquarters