HP OfficeConnect Firewall Series Instrukcja Użytkownika Pobierz pdf (Strona 65)

OfficeConnect VPN Firewall User’s Manual Chapter 11. Configuring Firewall/NAT Settings

11 Configuring Firewall/NAT

Settings

The OfficeConnect Gigabit VPN Firewall provides built-in firewall/NAT functions,

enabling you to protect the system against denial of service (DoS) attacks and

other types of malicious accesses to your LAN while providing Internet access

sharing at the same time. You can also specify how to monitor attempted

attacks, and who should be automatically notified.

This chapter describes how to create/modify/delete ACL (Access Control List)

rules to control the data passing through your network. You will use firewall

configuration pages to:

 Create, modify, delete and view inbound/outbound ACL rules.

 Create, modify and delete pre-defined services, IP pools, NAT pools,

application filters and Schedules to be used in inbound/outbound ACL

configurations.

 View firewall statistics.

Note: When you define an ACL rule, you instruct the OfficeConnect Gigabit VPN

Firewall to examine each data packet it receives to determine whether it meets

criteria set forth in the rule. The criteria can include the network or internet

protocol it is carrying, the direction in which it is traveling (for example, from the

LAN to the Internet or vice versa), the IP address of the sending computer, the

destination IP address, and other characteristics of the packet data.

If the packet matches the criteria established in a rule, the packet can either be

accepted (forwarded towards its destination), or denied (discarded), depending

on the action specified in the rule.

11.1 Firewall Overview

11.1.1 Stateful Packet Inspection

The stateful packet inspection engine in the OfficeConnect Gigabit VPN Firewall

maintains a state table that is used to keep track of connection states of all the

packets passing through the firewall. The firewall will open a ―hole‖ to allow the

packet to pass through if the state of the packet that belongs to an already

established connection matches the state maintained by the stateful packet

inspection engine. Otherwise, the packet will be dropped. This ―hole‖ will be

closed when the connection session terminates. No configuration is required for

stateful packet inspection and please note that the firewall service is enabled by

default.

11.1.2 DoS (Denial of Service) Protection

Both DoS protection and stateful packet inspection provide first line of defense

for your network. No configuration is required for both protections on your

network as long as firewall is enabled for the OfficeConnect Gigabit VPN Firewall.

By default, the firewall is enabled at the factory.

11.1.3 Firewall and Access Control List (ACL)

11.1.3.1 Priority Order of ACL Rule

All ACL rules have a rule ID assigned – the smaller the rule ID, the higher the

priority. Firewall monitors the traffic by extracting header information from the

packet and then either drops or forwards the packet by looking for a match in the

ACL rule table based on the header information. Note that the ACL rule checking

starts from the rule with the smallest rule ID until a match is found or all the ACL

rules are examined. If no match is found, the packet is dropped; otherwise, the

packet is either dropped or forwarded based on the action defined in the

matched ACL rule.

1 2 ... 60 61 62 63 64 65 66 67 68 69 70 ... 155 156

Komentarze do niniejszej Instrukcji

Brak uwag

HP OfficeConnect Firewall Series Instrukcja Użytkownika Strona 65

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Oprogramowanie HP OfficeConnect Firewall Series