• No results found

Figure 41-1 IP Filter Rules

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Figure 41-1 IP Filter Rules"

Copied!
18
0
0

Loading.... (view fulltext now)

Download now ( 18 Page )

Full text

(1)

4

4

1

1

.

.

F

F

i

i

r

r

ew

e

wa

al

ll

l

/

/

I

IP

P

F

Fi

il

lt

te

er

r

This function allows user to enable the functionality of IP filter. Both inside and outside packets through router could be decided to allow or drop by supervisor.

Figure 41-1 IP Filter Rules

4

4

1

1

.

.

1

1

E

E

x

x

a

a

m

m

p

p

l

l

e

e

s

s

a

a

n

n

d

d

W

W

e

e

b

b

C

C

o

o

n

n

f

f

i

i

g

g

u

u

r

r

a

a

t

t

i

i

o

o

n

n

s

s

Example 1 :

Employees (192.168.33.32 ~192.168.33.64) are interdicted to surf Internet. Other employees (192.168.33.16~31) are permitted.

Figure 41-2

(2)

Figure 41-3

2. Add new rules in Pass Group.

Figure 41-4

3. Add a rule about SMTP protocol. (port 25) for 192.168.33.16~192.168.33.31.

(3)

4. Add another rule about port 53 ( DNS protocol ) , port 80 ( Http protocol ) , port 110 ( POP3 protocol ) for 192.168.33.16~192.168.33.31.

Figure 41-6

5. Finally , Add a rule in block group.

Figure 41-7

6. Beside the previous rules, other connections are forbidden.

(4)

Example 2

Only IP 220.220.220.220 is allowed to access my VNC server from Internet as well as only IP 220.220.220.221 is allowed to access my FTP server from Internet. (Other Internet hosts cannot access my internal servers).

Figure 41-9

1. Enable the Data Filter Function.

Figure 41-10

2. Add new rules in Pass Group.

(5)

3. Allow IP 220.220.220.220 to access my VNC server. (TCP port 5900)

Figure 41-12

4. Allow IP 220.220.220.221 to access my FTP server. (TCP port 21)

(6)

5. Finally , Add a rule in block group.

Figure 41-14

6. Besides the previous rules, other incoming connections are forbidden.

(7)

Example 3

Some employees (IP192.168.33.128/27) can use FTP、Mail、Web service , and some (IP 192.168.33.64/26) can only use Mail service.

Figure 41-16

1. Enable the Data Filter Function.

Figure 41-17

2. Add new rules in Pass Group.

(8)

3. Allow users with IP 192.168.33.64~192.168.33.127 to use Mail service (SMTP protocol)

Figure 41-19

4. Allow users with IP 192.168.33.64~192.168.33.127 to use Mail service(POP3 protocol)

(9)

5. Allow users with IP 192.168.33.64~192.168.33.127 to use DNS service.

Figure 41-21

6. Allow users with IP 192.168.33.128~192.168.33.159 to use FTP, SMTP, POP3, WEB and DNS Services.

(10)

Figure 41-23

7. Add a rule in block group.

Figure 41-24

8. Beside the previous rules , other connections are forbidden.

(11)

Example 4

Host with IP 192.168.33.10 cannot be accessed by the remote VPN network while hosts with IP192.168.33.5 and 192.168.33.6 can be accessed.

Figure 41-26

1. Enable the Data Filter Function.

Figure 41-27

2. Add new rules in Pass Group.

(12)

3. Allow VPN connection from 192.168.29.0 to 192.168.33.5 and 192.168.33.6.

Figure 41-29

(13)

4. Add a rule in block group.

Figure 41-31

5. Disallow VPN connection from 192.168.29.0 to 192.168.33.10.

(14)

Example 5

Some users ( 192.168.33.33 ~ 192.168.33.36 ) can surf Internet and some ( 192.168.33.16 ~ 192.168.33.31 ) can only access the remote VPN network.

Figure 41-33

1. Enable the Data Filter Function.

Figure 41-34

2. Add new rules in Pass Group.

(15)

3. Allow local network 192.168.33.0 to access remote VPN network 192.168.29.0

Figure 41-36

(16)

4. Allow users with IP 192.168.33.32~192.168.33.35 to surf Internet ( DNS protocol )

Figure 41-38

5. Allow users with IP 192.168.33.32~192.168.33.35 to surf Internet ( HTTP protocol )

(17)

6. Add a rule in block group.

Figure 41-40

7. Beside the previous rules , Other connections are forbidden.

(18)

4

4

1

1

.

.

2

2

F

F

i

i

r

r

e

e

w

w

a

a

l

l

l

l

d

d

i

i

r

r

e

e

c

c

t

t

i

i

o

o

n

n

Figure 41-42

Table 42-1 Firewall /IP Filter Direction.

WAN to LAN From Internet to Intranet, ex : VNC 、Pc Anywhere remote control

WAN to DMZ From Internet to DMZ, ex : allow Internet user to browser web server in DMZ

WAN to WAN From WAN to WAN, ex: Allow WAN1 traffic redirect to WAN2

LAN to WAN From Intranet to Internet, ex : surf Internet

LAN to DMZ From Intranet to DMZ, ex: allow some employees can access DMZ.

LAN to LAN From some security issue, we can use LAN to LAN block function to prohibited LAN1 user from visiting LAN2 resource in VLAN environment.

DMZ to WAN From DMZ to WAN, ex:allow DMZ using Internet resources. DMZ to LAN Form DMZ to LAN, ex: allow DMZ using inner Database. VPN In From remote VPN network to Vigor 3300’s VPN network,

pass/block

VPN Out From Vigor3300's VPN network to remote VPN network, pass/block

References

Download now ( PDF - 18 Page - 1.86 MB )

Related documents

LAN / WAN Technologies

Since 10 Base-5 uses a common physical cable to interconnect all the nodes, the failure of any part of the coaxial cable or any node has the ability to cause the collapse of

Cordoba in the Spanish Geographic Institute “Cartographic Notes” (1871-1900) and its rural habitat as a cartographic tool

De este modo, aunque con desigual presencia según las condiciones naturales y la densidad de pobla- miento, las “minutas” cartográficas o los “cuadernos de líneas

Causes and Diagnoses of Cervical Cancer

For the screening and diagnosis of cervical carcinoma, Papanicolaou cytologic test (Pap test), liquid-based cytologic test, colposcopy, cervicography, and HPV DNA test are

Effectiveness of VIA, Pap, and HPV DNA testing in a cervical cancer screening program in a peri-urban community in Andhra Pradesh, India.

Background: While many studies have compared the efficacy of Pap cytology, visual inspection with acetic acid (VIA) and human papillomavirus (HPV) DNA assays for the detection

Dialectical behavioural therapy for oppositional defiant disorder in adolescents: a case series

The treatment programme that the participants received was standard DBT proposed by Linehan (1993), which consists of a combination of interventions that were carried out

Use of cassava in livestock and aquaculture feeding programs

Data on chemical composition of various cassava fractions, including leaf meal concentrate, leaves (dried, fresh, ensiled), peels, and roots used in livestock feeding, is

Introduction to LAN/WAN. Application Layer (Part II)

a permanent Internet connection and the user agent runs on the same machine as the message transfer agent.. ) Case b: Reading e-mail when the receiver has

Shipping Firm Centralizes IT with Data Center Network and WAN

“With Cisco LAN and storage switching, and WAN optimization, we saved $1 million in capital expenses from our data center centralization, and maintained LAN-like