HP OfficeConnect Firewall Series Instrukcja Użytkownika Strona 66
- Strona / 156
- Spis treści
- ROZWIĄZYWANIE PROBLEMÓW
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
Chapter 14 Configuring IPSec VPN OfficeConnect Gigabit VPN Firewall User’s Manual
52
11.1.3.2 Tracking Connection State
The stateful inspection engine in the firewall keeps track of the state, or progress,
of a network connection. By storing information about each connection in a state
table, OfficeConnect Gigabit VPN Firewall is able to quickly determine if a packet
passing through the firewall belongs to an already established connection. If it
does, it is passed through the firewall without going through ACL rule evaluation.
For example, an ACL rule allows outbound ICMP packet from 192.168.1.1 to
192.168.2.1. When 192.168.1.1 sends an ICMP echo request (i.e. a ping packet)
to 192.168.2.1, 192.168.2.1 will send an ICMP echo reply to 192.168.1.1. In the
OfficeConnect Gigabit VPN Firewall, you don’t need to create another inbound
ACL rule because stateful packet inspection engine will remember the
connection state and allows the ICMP echo reply to pass through the firewall
11.1.4 Default ACL Rules
The OfficeConnect Gigabit VPN Firewall supports three types of default access
rules:
Inbound Access Rules: for controlling incoming access to computers on
your LAN.
Outbound Access Rules: for controlling outbound access to external
networks for hosts on your LAN.
Self Access Rules: for controlling access to the OfficeConnect Gigabit VPN
Firewall itself.
Default Inbound Access Rules
No default inbound access rule is configured. That is, all traffic from external
hosts to the internal hosts is denied.
Default Outbound Access Rules
The default outbound access rule allows all the traffic originated from your LAN
to be forwarded to the external network using NAT.
11.2 NAT Overview
Network Address Translation allows use of a single device, such as the
OfficeConnect Gigabit VPN Firewall, to act as an agent between the Internet
(public network) and a local (private) network. This means that a NAT IP address
can represent an entire group of computers to any entity outside a network.
Network Address Translation (NAT) is a mechanism for conserving registered IP
addresses in large networks and simplifying IP addressing management tasks.
Because of the translation of IP addresses, NAT also conceals true network
address from privy eyes and provide a certain degree security to the local
network.
The NAT modes supported are static NAT, dynamic NAT, NAPT, reverse static
NAT and reverse NAPT.
11.2.1 Static (or One-to-One) NAT
Static NAT maps an internal host address to a globally valid Internet address
(one-to-one). The IP address in each packet is directly translated with a globally
valid IP contained in the mapping. Figure 11.1 illustrates the IP address mapping
relationship between the three private IP addresses and the three globally valid
IP addresses. Note that this mapping is static, i.e. the mapping will not change
over time until this mapping is manually changed by the administrator. This
means that a host will always use the same global valid IP address for all its
outgoing traffic.
- OfficeConnect 1
- Introduction 3
- List of Tables 12
- 1 Introduction 14
- 1.3.3 Special messages 15
- 2 Getting to Know the 17
- 2.4 Major Features 18
- 2.4.2 VPN 20
- 3 Quick Start Guide 23
- 3.3.1 Before you begin 26
- 3.3.2 Windows® XP PCs: 26
- 3.3.3 Windows® 2000 PCs: 26
- 3.4.2 Testing Your Setup 32
- 4 Getting Started with the 35
- 5 Configuring LAN Settings 39
- 5.2.1 What is DHCP? 40
- 5.2.2 Why use DHCP? 41
- just go to the DHCP Server 43
- 5.4 DNS 44
- 5.6 Viewing LAN Statistics 46
- 6 Configuring VLAN Settings 47
- 7 Configuring Spanning Tree 49
- 8 Configuring WAN Settings 53
- 8.3 PPTP 54
- 8.4 Dynamic IP 55
- 8.5 Static IP 56
- 8.6 Viewing WAN Statistics 57
- 9 Configuring Routes 59
- 9.3 Static Routing 60
- 9.3.2 Adding Static Routes 61
- 10 Configuring DDNS 63
- 11 Configuring Firewall/NAT 65
- 11.2 NAT Overview 66
- 11.2.3 Reverse Static NAT 67
- Enable Web 74
- Content Filter 74
- 11.6.2.3 Add a Service 79
- 11.6.2.4 Modify a Service 80
- 11.6.2.5 Delete a Service 80
- 11.6.4 Configuring Schedule 82
- 11.6.4.3 Add a Schedule 83
- 11.6.4.4 Schedule Example 84
- Policies table 85
- 12.1 Overview 89
- 13 Configuring WAN Load 93
- 14 Configuring IPSec VPN 97
- 14.2.2 Modify VPN Rules 101
- 14.2.3 Delete VPN Rules 101
- 14.2.4 Display VPN Rules 101
- 14.3.2 Modify VPN Rules 102
- 14.3.3 Delete VPN Rules 102
- 14.3.4 Display VPN Rules 103
- 2 (ISR2) 105
- 15 Configuring L2TP Server 109
- 16 Configuring PPTP Server 111
- 17 System Management 115
- 17.5 Setup Date and Time 118
- 17.7 Upgrade Firmware 119
- 17.10 Configuring Logging 120
- 17.11 Configuring SNMP 121
- 18 ALG Configuration 123
- IP Addresses, Network Masks 125
- 19.3 Subnet masks 126
- 20 Troubleshooting 129
- 20.1.1 ping 130
- 20.1.2 nslookup 131
- 21 SAFETY INFORMATION 133
- 22 OBTAINING SUPPORT FOR 135
- Contact Us 136
- 23 END USER SOFTWARE 143
- 24 Regulatory Notices 144
- 25 Glossary 145
- 26 Index 151
Powiązane produkty i podręczniki dla Oprogramowanie HP OfficeConnect Firewall Series
Oprogramowanie HP 8/20q Instrukcja Użytkownika
(108 strony)
(108 strony)
Oprogramowanie HP R4.2 Instrukcja Użytkownika
(745 strony)
(745 strony)
Oprogramowanie HP xw2x220c Podręcznik Użytkownika
(110 strony)
(110 strony)
Oprogramowanie HP A3100-24 Instrukcja Użytkownika
(157 strony)
(157 strony)
Oprogramowanie HP 3Gb Instrukcja Użytkownika
(86 strony)
(86 strony)
Oprogramowanie HP 10TB Podręcznik Użytkownika
(181 strony)
(181 strony)
Oprogramowanie HP DL380-SL Podręcznik Użytkownika
(141 strony)
(141 strony)
Oprogramowanie HP Switch 6120 Instrukcja Użytkownika
(469 strony)
(469 strony)
Oprogramowanie HP BMD00022 Instrukcja Użytkownika
(228 strony)
(228 strony)
Oprogramowanie HP SN6000 Podręcznik Użytkownika
(122 strony)
(122 strony)
© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.039 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji