Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
351352353354355356357358359360
326 XSR Users Guide
XSR Firewall Feature Set Functionality Chapter 13
Configuring Security on the XSR
Filtering non TCP/UDP packets - Non TCP and UDP IP packets are controlled
by a separate filtering mechanism and configured with a filter object. All non
TCP and UDP packets are dropped by default. In order to pass a particular IP
protocol packet through the firewall, you must configure a filter object for
that protocol with the correct source and destination addresses.
Application level commands - A special action option - Command Level Security
(CLS) - to filter inter-protocol actions within several protocols. The CLS
examines the message type produced by the application being filtered and
either passes or drops specific application commands. For example, FTP GETs
can be allowed but PUTs denied. These protocols are supported:
File Transfer Protocol (FTP)
Simple Mail Transport Protocol (SMTP)
Hypertext Transfer Protocol (HTTP)
Table 12 Pre-defined Services
ANY_TCP ANY_UDP AOL AuthUDP AudioCallCtrl
Bootp Bootpc Bootp_relay DNSTCP DNSUDP
Finger FTP H323 HTTP ICAClient
ICABrowse IdentD IMAP IMAPS IRC
ISAKMP
KerberosAdmTCP
KerberosAdmUDP KerberosTCP KerberosUDP
klogin L2TP LDAP Login LotusNotes
Microsoft_ds MSN NetBIOS_ns NetBIOS_tcp NetBIOS_udp
NFSTCP NFSUDP NNTP NTP_UDP PCAnywhere
POP3 POP3S PPTP Radius Radius_ACCT
RealAudio RealPlayer RealPlayerG2 RealPlayerUDP Route
SMB_TCP SMS SMTP SNMP SNMP_TRAP
SSH SSL SysLog T120 Telnet
TermServ TFTP TimeUDP ULS WhoIs
XDMCP X11