User`s guide
Chapter 9 Firewall Screens
LAN-Cell 2 User’s Guide
201
By default, the LAN-Cell drops packets traveling in the following directions.
See Chapter 3 on page 53 for information about packets traveling to or from the VPN tunnels.
To VPN Packet Direction
The LAN-Cell can apply firewall rules to traffic before encrypting it to send through a VPN
tunnel. To VPN means traffic that comes in through the selected “from” interface and goes out
through any of the LAN-Cell’s VPN tunnels. For example, From LAN To VPN specifies the
traffic that is coming from the LAN and going out through any of the LAN-Cell’s VPN
tunnels.
•WAN to LAN
• CELL to LAN
These rules specify which computers connected on a remote WAN or
CELL connection can access which computers or services on the
LAN. For example, you may create rules to:
• Allow certain types of traffic, such as Lotus Notes database
synchronization, from specific hosts on the Internet to specific
hosts on the LAN.
• Allow public access to a Web server on your protected network.
You could also block certain IP addresses from accessing it.
" You also need to configure NAT port forwarding
(or full featured NAT address mapping rules) to
allow computers on the WAN to access devices
on the LAN. See Section 13.4.1 on page 296 for
an example.
•WAN to WAN
• CELl to CELL
By default the LAN-Cell stops computers connected to WAN or CELL
from using the LAN-Cell as a gateway to communicate with other
computers on the WAN. By default, the LAN-Cell does accept traffic
from the WAN or CELL interfaces destined for one of the LAN-Cell’s
default Remote Management ports, to establish a VPN connection, or
to pass VPN_NAT and BootP packets.
" If you change the default Remote Management
ports, you also need to configure the firewall
rules WAN-to-WAN/LAN-Cell and/or CELL-to-
CELL/LAN-Cell to allow traffic to flow to the new
management ports.