User guide
Table Of Contents
- 1 Security recommendations
- 2 CERTIFICATE OF CONFORMITY
- 3 Products identification
- 4 Data-sheet
- 5 Product overview
- 1 Dimensions
- 2 Connectors
- 3 Led indicators
- 4 DIP switches
- 5 Factory default push-button
- 6 Mounting the product on a DIN rail or removing it
- 7 Cooling
- 8 RS232 interface
- 9 RS485 interface
- 10 Digital input and output
- 11 Connecting the antenna
- 12 Installing the SIM card
- Set up steps
- 2 Connecting a PC to the router for configuration
- 3 Rebooting the router after parameters changes
- 4 Recovering the factory LAN IP address
- 5 Recovering the factory configuration
- 6 Restricting access to the administration server
- 7 Recovering a free access to the administration server
- 8 Factory configuration
- 9 LAN interface set up
- 10 UMTS – GSM-GPRS-3GDGE interface set up
- 11 Setting up the DynDNS service
- 12 Creating VPN connections between routers
- 13 Routing functions
- 14 Address and port translation
- 15 VRRP redundancy
- 16 Remote users connections service
- 17 Remote users connections
- 18 M2Me_Connect service
- 19 Users list
- 20 Firewall
- 21 Serial to IP gateway
- 22 USB to IP gateway
- 23 Advanced functions
- 1 Diagnostic menu
- 2 Saving the configuration to a file
- 3 Updating the firmware
- Signets Word
SET UP
20 Firewall
20.1 Overview
The firewall filters IP packets between the WAN and the LAN interface of the RAS-3G router. It is
divided in 3 particular filters :
• The remote users filters
The function of the remote users filters is to limit the IP domain an authenticated remote user can
reach when he connects to the RAS-3G router through the Internet.
The remote users filters filter the destination IP address and port number of the IP packets included
inside a PPTP or TLS or L2TP remote user connection.
Thus the IP addresses checked by the remote users filters are LAN IP addresses.
25 remote users filters can be created and assigned individually to each of the users declared in the
user list.
The source IP address of the packets is not checked by the remote users filters because the filters
apply to the remote users connections according the login and password of the remote user checked
when the remote user connection is set.
• The main filter
It filters IP packets whether carried inside one of the VPNs or outside a VPN.
The main filter checks source and destination IP addresses and the source and destination ports.
The main filter does not check the IP packets included in a remote user connection. That packets are
checked by the remote users filter.
The main filter does not check the IP packets defined in the “Port forwarding” table. That packed are directly forwarded to the
defined device (see Port forwarding
).
• The deny of service filter is made to usual attacks coming from the Internet. That filter
cannot be configured.
The firewall of the RAS-3G firewall can thus be represented by the drawing hereafter :
VPN between routers
WAN
LAN
Users
filters
Main
filter
FIRE-WALL
DoS
filter
Port
forwarding
Remote user connection
Page 66 User guide ref 9020009-01 UMTS GPRS EDGE router ref. RAS-3G