Prestige 2602HWNLI-D7A Support Notes

In order to allow users to specify the local network IP address and port number in the filter rules with SUA connections, the TCP/IP filter function has to be executed before SUA for WAN outgoing packets and after the SUA for WAN incoming IP packets. But at the same time, the Generic filter rules must be applied at the point when the Prestige is receiving and sending the packets; i.e. the ISDN interface. So, the execution sequence has to be changed. The logic flow of the filter is shown in Figure 1 and the sequence of the logic flow for the packet from LAN to WAN is:

LAN device and protocol input filter sets.

WAN protocol call and output filter sets.

If SUA is enabled, SUA converts the source IP address from 192.168.1.33 to 203.205.115.6 and port number from 1023 to 4034.

WAN device output and call filter sets.

The sequence of the logic flow for the packet from WAN to LAN is:

WAN device input filter sets.

If SUA is enabled, SUA converts the destination IP address from 203.205.115.6 to 92.168.1.33 and port number from 4034 to 1023.

WAN protocol input filter sets.

LAN device and protocol output filter sets.

Generic and TCP/IP (and IPX) filter rules are in different filter sets. The SMT will detect and prevent the mixing of different category rules within any filter set in Menu 21. In the following example, you will receive an error message 'Protocol and device filter rules cannot be active together' if you try to activate a TCP/IP (or IPX) filter rule in a filter set that has already had one or more active Generic filter rules. You will receive the

43

All contents copyright (c) 2007 ZyXEL Communications Corporation.

Page 43
Image 43
ZyXEL Communications manual Prestige 2602HWNLI-D7A Support Notes