User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000

371

372

373

374

375

376

377

378

379

380

340 XSR User’s Guide

Configuration Examples Chapter 13

Configuring Security on the XSR

Figure 57 XSR with Firewall Topology

Begin by configuring network objects for private, dmz and Mgmt networks:

XSR(config)#ip firewall network dmz 220.150.2.16 mask

255.255.255.240 internal

XSR(config)#ip firewall network private 220.150.2.32 mask

255.255.255.240 internal

XSR(config)#ip firewall network Mgmt 220.150.2.35 mask

255.255.255.255 internal

Log only critical events:

XSR(config)#ip firewall logging event-threshold 2

Allow ICMP traffic to pass between private, dmz and EXTERNAL networks:

XSR(config)#ip firewall filter okICMP private ANY_EXTERNAL

protocol-id 1

XSR(config)#ip firewall filter ICMP1 dmz ANY_EXTERNAL protocol-id 1

XSR(config)#ip firewall filter ICMP2 ANY_EXTERNAL dmz protocol-id 1

Set policies between the dmz, external and Mgmt networks. Note that policy

objects and names are case-sensitive and you must cite network names exactly:

XSR(config)#ip firewall policy exttodmzhttp ANY_EXTERNAL dmz HTTP

allow bidirectional

Mail server

(SMTP)

206.12.44.16/28

XSR

Frame Relay

Web server

220.150.2.18

220.150.2.19

FE2

FE1

220.150.2.32/28

220.150.2.37

220.150.2.36

220.150.2.35

Internet

220.150.2.16/28

220.150.2.17

DMZ

Internal

(HTTP)