Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8108fl Redundant Switch Fabric Module
919293949596979899100
Introduction to Firewall 93
7
FIREWALL CONFIGURATION
Introduction to
Firewall
Network firewall serves to prevent the Internet danger from spreading to your
internal network.
Firewall can prohibit unauthorized or unauthenticated access from the Internet to
the protected network, and on the other hand, firewall can permit internal
network subscribers to Web access the Internet or send/receive E-mails. Firewall
can also serve as an authority control gateway for accessing the Internet, for
example, to permit the specific subscriber(s) from the internal network to access
the Internet. Besides, firewalls can also implement some other features, such as
subscriber identification, information security (encryption) processing and so on.
In addition to protecting Internet connection, a firewall can protect mainframes
and important resources (such as data) on your network as well. All accesses to
the protected data should pass the firewall, even for internal access from inside
the organization.
When users of external networks access internal network resources, they pass the
firewall, so do internal network users who access external network resources. In
this case, firewall plays a role like a "guard" who discards data packets that should
be prohibited.
Firewall mainly refers to ACL-based packet filtering (ACL/packet filtering for
short)), Application Specific packet filtering (status firewall for short) and address
translation. For address translation, refer to
“NAT Configuration”. The following
sections in this chapter mainly introduce ACL/packet filtering firewall and status
firewall.
ACL/Packet Filtering
Firewall
ACL/Packet filtering overview
The application of ACL/packet filtering on the security gateway endows the
security gateway with packet filtering function. ACL/packet filtering filters IP
packets. For data packet that should be forwarded by the security gateway, first
obtain the header information of the packet, including upper layer protocol
number over IP Layer, source address, destination address, source port and
destination port of the packet, then compare with the configured ACL rule.
Decide whether to forward or discard the packet according to the comparison
result.
Packet filtering supporting fragment filtering
ACL/packet filtering on 3Com Series Security Gateways support testing and
filtering of fragments. Packet filtering firewall tests packet type (non-fragment
packet, first fragment or non-first fragment), obtains such information as Layer3