Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
371372373374375376377378379380
XSR Users Guide 339
Chapter 13 Configuration Examples
Configuring Security on the XSR
Load the configuration in the firewall engine
Enable or disable the firewall:
System wide, or on
Individual interfaces or sub-interfaces
After the firewall is installed, check event logging to examine blocked
traffic for any missed applications rules
Use port scanning tools to ensure policies are properly implemented
Configuration Examples
The following sample configurations describe step-by-step how to set up
these firewall scenarios:
XSR with firewall on page 339
XSR with firewall, PPPoE, and DHCP on page 342
XSR with firewall and VPN on page 344
Firewall configuration for VRRP on page 352.
Firewall configuration for RADIUS authentication on page 352.
Simple security on page 353.
XSR with Firewall
In this scenario, the XSR acts as a router connecting a branch office to the
Internet, as illustrated in Figure 57. The branch office has two servers (Web
and Mail) accessible from the external world and an internal network of hosts
which are protected from the external world by the firewall. The Web and
Mail servers are part of the DMZ and considered internal by the XSR. Note
that some commands have been abbreviated.
This configuration, illustrated in Figure 57, provides private and dmz
networks with unlimited access between each other while protecting traffic to
and from the external interface only - this is done by enabling the firewall on
the external interface only. No policies are defined for traffic between private
and dmz networks. Also, all Java and ActiveX pages, IP options, IP broadcast
and multicast packets are banned.