Manualshelf

Installation guide

ManualsBrandsMcafee ManualsOtherFIREWALL 2.1-GETTING STARTED
41424344454647484950
48
Chapter 6 Defining Layer 2 Firewalls
Defining Traffic Inspection Interfaces for Layer 2
Firewall Engines
Layer 2 Firewalls pick up passing network traffic for inspection in real time. The traffic can either
be captured for inspection through the engine’s Capture Interfaces, or it can be inspected as it
flows through the engine’s Inline Interfaces. You can define both Capture Interfaces and Inline
Interfaces for the same Layer 2 Firewall.
A Layer 2 Firewall can actively filter only traffic that attempts to pass through its Inline
Interfaces. However, it can reset traffic picked up through Capture Interfaces if you set up
specific Reset Interfaces. The Reset Interfaces can send TCP resets and ICMP “destination
unreachable” messages when the communications trigger a response. You can use a system
communications interface for sending resets if the resets are routed correctly through that
interface and there are no VLANs on the interface.
When traffic is inspected, it may be important to know the interface through which it arrives to
the Layer 2 Firewall engine. Logical Interface elements are used for this purpose. They allow you
to group together interfaces that belong to the same network segment and to identify the type of
the traffic inspection interface (Capture Interface or Inline Interface).
Defining Logical Interfaces
A Logical Interface is used in the Layer 2 Firewalls Policies and the traffic inspection process to
represent a network segment. The SMC contains one default Logical Interface. A Logical
Interface can represent any number or combination of interfaces and VLAN Interfaces. The rules
in the ready-made Layer 2 Firewall Template match all Logical Interfaces.
To define a Logical Interface
1. Select ConfigurationConfigurationSecurity Engine. The Security Engine Configuration
view opens.
2. Expand the Other Elements branch.
3. Right-click Logical Interfaces and select New Logical Interface. The Logical Interface
Properties dialog opens.
4. Enter a unique Name.
5. (Optional) If you use VLAN tagging on Inline Interfaces, select View interface as one LAN if
you do not want the Layer 2 Firewall engine to see a single connection as multiple
connections when a switch passes traffic between different VLANs.
What’s Next?
If you want to create both Capture and Inline Interfaces on the same Layer 2 Firewall, or
if you want to create Logical Interfaces to distinguish interfaces from each other,
proceed to Defining Logical Interfaces.
If you do not want to use an existing system communication interface as the Reset
Interface, define the new Reset Interfaces as instructed in Defining Reset Interfaces
(page 49).
To define Capture Interfaces, proceed to Defining Capture Interfaces (page 50).
To define Inline Interfaces, proceed to Defining Inline Interfaces (page 51).