Specifications

ManualsBrandsAVM ManualsSoftwareAccess Server englisch

121

122

123

124

125

126

127

128

129

130

124 AVM Access Server – Glossary

Packet types that are constantly exchanged by certain

applications in networks, and that would otherwise cause

frequent unnecessary calls in an ISDN WAN, can be filtered out.

Packet types whose destination address is in a subnetwork of the

LAN that should not be accessible from outside can be filtered out.

A filter profile consists of one or more filter rules and a default action.

Each filter rule contains several conditions and an action. If an IP pack-

et fulfills all of a rule’s conditions, then the rule is said to match the

packet. In this case, the rule’s action is applied to the packet. If no rule

in the filter profile matches the IP packet, then the default action of the

filter profile is applied to the packet.

The AVM Access Server comes with several pre-defined filter profiles,

and also allows you to define your own filter profiles.

These filtering options are not negotiated with the remote station, but

configured statically in the AVM Access Server. For details about the

pre-defined filters in the AVM Access Server, see the section “Filters”

on page 58.

Firewall

The AVM Access Server’s firewall filters are used to protect the network

against intrusion, and to select the data and services that are accessi-

ble from outside.

Firewalls are implemented using a number of different mechanisms. In

the AVM Access Server, the firewall is implemented using a multi-stage

packet filter and network address translation (NAT). The AVM Access

Server examines whether each incoming and outgoing data packet

conforms to the security rule set. Filter criteria can include the packet’s

source and destination addresses (by network address and subnet

mask), the higher-layer protocol (TCP, UDP, GRE, ESP, AH, ICMP) and the

service (FTP, DNS). These security rules are stored in global and con-

nection-specific IP filter profiles. The rules determine which action is

performed on each packet: accept, silently discard, or reject with an er-

ror message.

See also “IP masquerading” on page 129.

Forwarding

Forwarding profiles are used to allow access from the Internet or other

remote networks to specific servers in the local-area network, such as

web, e-mail or FTP servers, even though access from outside the LAN is