User guide
Table Of Contents
- 1 Security recommendations
- 2 CERTIFICATE OF CONFORMITY
- 3 Products identification
- 4 Data-sheet
- 5 Product overview
- 1 Dimensions
- 2 Connectors
- 3 Led indicators
- 4 DIP switches
- 5 Factory default push-button
- 6 Mounting the product on a DIN rail or removing it
- 7 Cooling
- 8 RS232 interface
- 9 RS485 interface
- 10 Digital input and output
- 11 Connecting the antenna
- 12 Installing the SIM card
- Set up steps
- 2 Connecting a PC to the router for configuration
- 3 Rebooting the router after parameters changes
- 4 Recovering the factory LAN IP address
- 5 Recovering the factory configuration
- 6 Restricting access to the administration server
- 7 Recovering a free access to the administration server
- 8 Factory configuration
- 9 LAN interface set up
- 10 UMTS – GSM-GPRS-3GDGE interface set up
- 11 Setting up the DynDNS service
- 12 Creating VPN connections between routers
- 13 Routing functions
- 14 Address and port translation
- 15 VRRP redundancy
- 16 Remote users connections service
- 17 Remote users connections
- 18 M2Me_Connect service
- 19 Users list
- 20 Firewall
- 21 Serial to IP gateway
- 22 USB to IP gateway
- 23 Advanced functions
- 1 Diagnostic menu
- 2 Saving the configuration to a file
- 3 Updating the firmware
- Signets Word
SET UP
UMTS GPRS EDGE router ref. RAS-3G User guide ref. 9020009-01 Page 67
20.2 Main filter
The main filter applies to all the IP packets except to the ones included in remote users connections.
To recognize a TLS remote user connection, the router detects the port number.
20.2.1 Main filter Overview
• Main filter structure
For a better organisation, the main filter is divided in two tables; both having the same structure.
The “VPN” filter : It filter the packets transmitted inside the VPNs.
The “WAN” filter : It filters the packets transmitted outside the VPNs
Each of that two filters is made of
a filter policy
and
a filter table each line of which is a filter rule
• Main filter default policy
The default policy is the decision which will be applied if a packet does not match any of the rules of
the filter.
The WAN to LAN and the LAN to WAN traffic are regarded separately because the decision can be
opposite for a packet coming from the WAN or coming from the LAN :
WAN to LAN : The default policy can be “Accept” or “drop”.
LAN to WAN : The default policy can also be “Accept” or “drop”.
For instance, if the default policy assigned the WAN to LAN traffic is “drop”, it means that an IP packet
which does not match any of the rules of the main filter will be rejected.
• Main filter table
The main filter is a table, each line being a rule.
Each rule of the filter is composed a several fields which defines a particular data flow and another
field which is called the action field.
The fields which define the data flow are :
Direction (« WAN to LAN » or « LAN to WAN »),
Protocol (TCP, UDP…),
IP@ & port number, source & destination.
The Action field can take two values
Accept : To authorize the data flow to be forwarded to the router interface.
Drop : To drop the packet which matches the rule.
• How does the main filters works
When the firewall receives a packet, it checks if it matches the first rule..
If it does, the decision is applied to the packet according to the “Action” field.
If it does not, the firewall checks if it matches the second rule; and so on.
If the packet does not match any of the rules of the table, the default policy is applied to the packet (drop or reject).