Manualshelf

User`s guide

ManualsBrandsProxicast ManualsComputer equipmentLAN-Cell 2
181182183184185186187188189190
Chapter 9 Firewall Screens
LAN-Cell 2 User’s Guide
182
9.1.1 What You Can Do in the Firewall Screens
Use the Default Rule screens (Section 9.3 on page 184) to configure general firewall
settings that apply when no specific rules have been matched.
Use the Rule Summary screens (Section 9.4 on page 186) to configure firewall rules.
Use the Anti-Probing screen (Section 9.5 on page 191) to specify which of the LAN-Cell’s
interfaces will respond to Ping requests and whether or not the LAN-Cell is to respond to
probing for unused ports.
Use the Threshold screen (Section 9.6 on page 192) to configure DoS thresholds and
actions to be taken when a threshold is reached.
Use the Service screen (Section 9.7 on page 194) to configure custom services for use in
firewall rules or view the services that are predefined in the LAN-Cell.
9.1.2 What You Need To Know About The LAN-Cell Firewall
Packet Direction
Packets have source and destination address headers. You can set what the LAN-Cell does
with packets traveling in a specific direction (including going to/coming from a VPN tunnel)
that do not match any of the firewall rules. See also Packet Direction Examples on page 200.
Asymmetrical Routes
Asymmetrical routes only apply if you have another gateway on your LAN and the firewall is
enabled. If return traffic is routed through the LAN gateway (instead of the LAN-Cell), then
the LAN-Cell may reset the ‘incomplete’ connection. When you enable asymmetrical routes,
interface to same interface traffic (for example WAN to WAN, VPN to VPN and so on) is not
checked by the firewall. See Asymmetrical Routes on page 206 for information on how to use
IP alias instead of asymmetrical routes.
9.2 Firewall Rules Example
Suppose that your company decides to block all of the LAN users from using IRC (Internet
Relay Chat) through the Internet. To do this, you would configure a LAN to WAN firewall
rule that blocks IRC traffic from any source IP address from going to any destination address.
You do not need to specify a schedule since you need the firewall rule to always be in effect.
The following figure shows the results of this rule.