Manuals / Brands / Computer Equipment / Network Router / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications P-312 19.1.2 Example 2 Small Office With Mail, FTP and Web Servers

1 254

Download 254 pages, 1.85 Mb

P312 Broadband Security Gateway

19-6 Examples Firewall Rules

Figure 19-5 Example 1 - Rule Summary Screen

19.1.2 Example 2 – Small Office With Mail, FTP and Web Servers

Our small office has:

i. A mail server with an IP of 192.168.10.2.

ii. Two FTP servers. We want FTP server One (IP of 192.168.10.3) to be accessible from the

Internet, but FTP server Two (192.168.10.4) may only be accessed by internal users, i.e., from the

local network.

iii. HTTP proxy server at 192.168.10.5.

We want:

i. To send alerts when there is an attack.

ii. To only allow access to the Internet from the HTTP proxy server and our mail server.

iii. To only allow FTP server One to be accessible from the Internet.

We choose to block packets

that don’t match the rules

specified below.

We want a log of

packets that match this

rule in the ACL

Default Set.

The first rule is a default rule to

allow DHCP negotiation between

the ISP and the P312. The second

rule is what we configured in the

last 2 screens. See Table 16-2 for a

detailed explanation of each field.

Click Apply in this screen when you

have finished configuring to save your

configuration back to the Prestige.

Contents

Main Prestige 312 Broadband Security Gateway P312 Broadband Security Gateway FCC Statement iii Federal Communications Commission (FCC) Interference Statement iv Canadian Users Information for Canadian Users Declaration of Conformity Prestige 312 Standard Standard Item Versi on Page Page viii Customer Support Customer Support Table of Contents Page Page Page Page Page Page List of Figures Page Page Page Page Page Page List Of Tables Page Page Page Preface Page Page Page Chapter 1 Getting to Know Your Prestige 1.1 The Prestige 312 Broadband Security Gateway 1.2 Features of The Prestige 312 Page 1.3 Applications for Prestige 312 1.3.1 Broadband Internet Access via Cable or xDSL Modem Page Chapter 2 Hardware Installation & Initial Setup 2.1 Front Panel LEDs and Back Panel Ports 2.1.1 Front Panel LEDs 2.2 Prestige 312 Rear Panel and Connections 2.3 Additional Installation Requirements 2.4 Housing 2.5 Power Up Your Prestige P312 Broadband Security Gateway Hardware Installation & Initial Setup 2-5 Figure 2-4 Password Screen 2.6 Navigating the SMT Interface 2-6 Hardware Installation & Initial Setup 2.6.1 Main Menu After you enter the password, the SMT displays the Prestige 312 Main Menu, as shown below. Figure 2-5 Prestige 312 Main Menu 2.6.2 System Management Terminal Interface Summary Table 2-3 Main Menu Summary 2.7 Changing the S ystem Password 2.7.1 Resetting the Prestige 2.8 General Setup 2.8.1 Dynamic DNS 2.8.2 Configuring Dynamic DNS 2.9 WAN Setup 2.10 LAN Setup 2.10.1 LAN Port Filter Setup Chapter 3 Internet Access 3.1 TCP/IP and DHCP for LAN 3.1.1 Factory LAN Defaults 3.1.2 IP Address and Subnet Mask 3.1.3 Private IP Addresses 3.1.4 RIP Setup 3.1.5 DHCP Configuration 3.1.6 IP Multicast 3.1.7 IP Alias 3.2 TCP/IP and DHCP Ethernet Setup Page 3-6 Internet Access P312 Broadband Security Gateway Internet Access 3-7 3.2.1 IP Alias Setup 3.3 Internet Access Setup 3.3.1 Ethernet Encapsulation 3.3.2 PPTP Encapsulation 3.3.3 Configuring the PPTP Client 3.3.4 PPPoE Encapsulation Page 3.4 Basic Setup Complete Page Chapter 4 Remote Node Setup 4.1 Remote Node Profile 4.1.1 Ethernet Encapsulation 4-2 Remote Node Setup Table 4-1 Fields in Menu 11.1 4.1.2 PPPoE Encapsulation 4-4 Remote Node Setup Table 4-2 Fields in Menu 11.1 (PPPoE Encapsulation Specific) 4.1.3 PPTP Encapsulation Remote Node Setup 4-5 4-6 Remote Node Setup 4.2 Editing TCP/IP Options (with Ethernet Encapsulation) 4.2.1 Editing TCP/IP Options (with PPTP Encapsulation) 4-8 Remote Node Setup 4.2.2 Editing TCP/IP Options (with PPPoE Encapsulation) 4.3 Remote Node Filter Page Page 5.1 IP Static Route Setup IP Static Route Setup 5-3 Table 5-1 IP Static Route Menu Fields Page Chapter 6 Network Address Translation (NAT) 6.1 Introduction 6.1.1 NAT Definitions 6.1.2 What NAT Does 6.1.3 How NAT works 6.1.4 NAT Mapping Types 6.1.5 SUA (Single User Account) Versus NAT 6.1.6 NAT Application 6.2 SMT Menus 6.2.1 Applying NAT in the SMT Menus Page 6.2.2 Configuring NAT 6.2.3 Address Mapping Sets and NAT Server Sets: Page Page Page Page 6.3 NAT Server Sets 6.3.1 Multiple Servers behind NAT 6.3.2 Configuring a Server behind NAT 6.4 Examples 6.4.1 Internet Access Only Page 6.4.2 Example 2 Internet Access with an Inside Server 6.4.3 Example 3 General Case Page Page Page 6.4.4 Example 4 NAT Unfriendly Application Programs 6-20 NAT Figure 6-23 Example 4 - Menu 15.1.1 - Address Mapping Rules Page Page Chapter 7 Filter Configuration 7.1 About Filtering 7.1.1 The Filter Structure of the Prestige Filters 7-3 Execute Filter Rule Filter Set Forward Drop Check Next Rule 7.2 Configuring a Filter Set Filters 7-5 Figure 7-6 NetBIOS_WAN Filter Rules Summary Figure 7-7 NetBIOS _LAN Filter Rules Summary Figure 7-8 TEL_FTP_WEB_WAN Filter Rules Summary 7-6 Filters 7.2.1 Filter Rules Summary Menu 7.2.2 Configuring a Filter Rule 7.2.3 TCP/IP Filter Rule 7-8 Filters Filters 7-9 Page Filters 7-11 Figure 7-10 Executing an IP Filter 7.2.4 Generic Filter Rule Filters 7-13 7.3 Example Filter Page 7.4 Filter Types and NAT 7.5 Firewall 7.6 Applying a Filter and Factory Defaults 7.6.1 LAN traffic 7.6.2 Remote Node Filters Chapter 8 SNMP Configuration 8.1 About SNMP 8.2 Configuring SNMP Page Chapter 9 System Information & Diagnosis 9.1 System Status System Information & Diagnosis 9-3 9.2 System Information and Console Port Speed 9.2.1 System Information 9.2.2 Console Port Speed 9.3 Log and Trace 9.3.1 Viewing Error Log 9.3.2 UNIX Syslog Page 9-8 System Information & Diagnosis 1. CDR 2. Packet triggered 3. Filter log System Information & Diagnosis 9-9 4. PPP log 5. Firewall log 9.3.3 Call-Triggering Packet 9.4 Diagnostic 9.4.1 WAN DHCP Page Chapter 10 Transferring Files 10.1 Filename conventions 10.1.1 Firmware Development 10.2 Backup Configuration 10.3 Restore Configuration 10.4 Upload Firmware 10.4.1 Uploading the Router Firmware 10.4.2 Uploading Router Configuration File 10.5 TFTP File Transfer 10.5.1 Example TFTP Command 10.6 FTP File Transfer 10.6.1 Using the FTP command from the DOS Prompt Page Page Chapter 11 System Maintenance & Information 11.1 Command Interpreter Mode 11.2 Call Control Support 11.2.1 Budget Management 11.2.2 Call History 11.3 Time and Date Setting 11.3.1 How often does the Prestige update the time? System Maintenance & Information 11-5 Figure 11-6 System Maintenance Time and Date Setting Table 11-3 Time and Date Setting Fields 11.4 Remote Management Setup 11.5 Boot Commands 11-8 System Maintenance & Information Figure 11-9 Boot Module Commands Chapter 12 Telnet Configuration and Capabilities 12.1 About Telnet Configuration 12.2 Telnet Under NAT 12.3 Telnet Capabilities 12.3.1 Single Administrator 12.4 Telnet Under the Firewall Page Chapter 13 What is a Firewall 13.1 Types of Firewalls 13.1.1 Packet Filtering Firewalls 13.1.2 Application-level Firewalls 13.1.3 Stateful Inspection firewalls 13.2 Introduction to ZyXELs Firewall 13.3 Denial of Service 13.3.1 Basics 13.3.2 Types of DoS attacks Page 13.4 Stateful Inspection 13.4.1 Stateful Inspection Process 13.4.2 Stateful Inspection & the Prestige 13.4.3 TCP Security 13.4.4 UDP/ICMP Security 13.4.5 Upper Layer Protocols 13.5 Guidelines For Enhancing Securit y With Your Firewall 13.5.1 Security In General Page Page Chapter 14 Introducing the Prestige Firewall 14.1 SMT Menus 14.1.1 View Firewall Log 14.1.2 Attack Types Page Page Introducing the Prestige Firewall 14-5 Table 14-4 View Firewall Log 14.2 The Big Picture Filtering, Firewall and NAT 14.3 Packet Filtering Vs Firewall 14.3.1 Packet Filtering: 14.3.2 Firewall: Page Chapter 15 Introducing the Prestige Web Configurator 15.1 Web Configurator Login and Welcome Screens Page 15.3 E-Mail 15.3.1 What are Alerts? 15.3.2 What are Logs? Introducing the Prestige Web Configurator 15-5 Table 15-1 E-Mail 15.3.3 SMTP Error Messages 15.3.4 Example E-Mail Log 15.4 Attack Alert 15.4.1 Threshold Values: 15.4.2 Half-Open Sessions Page P312 Broadband Security Gateway 15-10 Introducing the Prestige Web Configurator Table 15-3 Attack Alert Introducing the Prestige Web Configurator 15-11 Page Chapter 16 Creating Custom Rules 16.1 Rules Overview 16.2 Rule Logic Overview 16.2.1 Rule Checklist 16.2.2 Security Ramifications 16.2.3 Key Fields For Configuring Rules 16.3 Connection Direction 16.4 Services Supported Creating Custom Rules 16-5 Table 16-1 Services Supported 16.5 Rule Summary Creating Custom Rules 16-7 Table 16-2 Firewall Rules Summary First Screen Table 16-1 16.5.1 Creating/Editing Firewall Rules Page P312 Broadband Security Gateway 16-10 Creating Custom Rules 16.5.2 Source & Destination Addresses Page 16.6 Timeout 16.6.1 Factors Influencing Choices for Timeout Values: Page P312 Broadband Security Gateway 16-14 Creating Custom Rules Table 16-5 Timeout Menu Page 17.2 Creating/Editing A Custom Port Page P312 Broadband Security Gateway 17-4 Custom Ports Table 17-2 Creating/Editing A Custom Port Page P312 Broadband Security Gateway 18-2 Logs Table 18-1 Log Screen Page Page Chapter 19 Example Firewall Rules 19.1 Examples 19.1.1 Example 1 - Firewall Rule To Allow Web Service From The Internet Page Page Page Page 19.1.2 Example 2 Small Office With Mail, FTP and Web Servers Page Page Page Page 19.1.3 Example 3: DHCP Negotiation and Syslog Connection from the Internet Page Page Page Chapter 20 Content Filtering 20.1 Restrict Web Features 20.1.1 ActiveX 20.1.2 Java 20.1.3 Cookies 20.2 Blocking URLs 20.3 Content Filteri ng Using the Web Configurator Page Page Page Chapter 21 Troubleshooting 21.1 Problems Starting Up the Prestige 21-2 Troubleshooting 21.2 Problems with the LAN Interface Table 21-2 Troubleshooting the LAN Interface 21.3 Problems with the WAN interface Table 21-3 Troubleshooting the WAN interface Troubleshooting 21-3 21.4 Problems with Internet Access Table 21-4 Troubleshooting Internet Access 21.5 Problems with the Firewall Page Appendix A PPPoE Page Appendix B PPTP Page Hardware Specifications I Appendix C Hardware Specifications Pin1 Pin 6 Pin 9 Appendix D Important Safety Instructions CLI Commands K Appendix E Firewall CLI Commands LCLI Commands CLI Commands M NCLI Commands CLI Commands O P Power Adapter Specifications Appendix F Power Adapter Specs Power Adapter Specifications Q RGlossary Glossary of Terms Glossary S TGlossary Glossary U VGlossary Glossary W XGlossary Glossary Y ZGlossary Glossary AA Page Index CC Index A B C D F G H I J L M N O P S T U V W X Z