Manualshelf

Installation guide

ManualsBrandsMotorola ManualsComputer equipmentRFS7000 Series
41424344454647484950
Overview
1-28
Site-Site VPN — For example, a company branching office traffic to another branch office traffic with
an unsecured link between the two locations.
Remote VPN — Provides remote user ability to access company resources from outside the company
premises.
The switch supports:
IPSec termination for site to site
IPSec termination for remote access
IPSec traversal of firewall filtering
IPSec traversal of NAT
IPSec/L2TP (client to switch)
1.2.5.13 NAT
NAT (Network Address Translation) is supported for non-IPSec packets routed by the switch. The following
types of NAT are supported:
Port NAT – Port NAT (also known as NAPT) entails multiple local addresses are mapped to single
global address and a dynamic port number. The user is not required to configure any NAT IP address.
Instead, an IP address for the switch’s public interface is used to NAT packets going out from private
network and vice versa for packets entering private network.
Static NAT – Static NAT is similar to Port NAT with the only difference that it allows the user to
configure a source NAT IP address and/or destination NAT IP address to which all the packets will be
NATted to. The source NAT IP address is used when hosts on a private network are trying to access
a host on a public network. Destination NAT IP address can be used for public hosts to talk to a host
on the private network.
1.2.5.14 Firewall
A firewall protects your network from unauthorized Internet traffic. The primary function of a firewall is to let
authorized traffic pass through while unauthorized traffic gets blocked. Firewalls can be implemented in both
hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized
Internet users from accessing private networks connected to the Internet, especially Intranets. All messages
entering or leaving the Intranet pass through the firewall, which examines each message and blocks those that
do not meet the specified security criteria.
Motorola’s RFS7000 offers a hardware assisted stateful firewall that can route traffic at line rate (4 Gbps, full
duplex). Some common attacks checked by a RFS7000 supported firewall include:
LAND attack
IP Fragments overlap
TCP XMAS Scan
TCP NULL Scan
TCP FIN Scan
IP TTL zero
Misuse of TCP URG offset
Disallowing IP source route option
TCP short header