Manualshelf

Installation guide

ManualsBrandsVertical ManualsComputer equipmentWave Phone
841842843844845846847848849850
Packet filtering 30-13
Chapter 30: Understanding Wave Data Networking
Wave Global Administrator Guide
However, there are a few reasons to place a firewall between the two networks:
Increased security; while it is an extreme case, a hacker who has direct access to your ISP
could get around the discarding of your private addresses
Lessen the traffic across the WAN connection to the ISP
Consideration to your ISP by not giving them additional unnecessary traffic
Normally, however, the private intranet will use the services of a network proxy or NAT which
is located in the DMZ network, and will never communicate with the untrusted Internet directly.
Therefore, the DMZ packet filters will accommodate all of the above goals, and only those
filters are needed.
To create a firewall between the public and private networks, four cases must be prevented from
passing across the WAN. The latter two cases may seem redundant, but should be put in place
to provide maximum security.
Packets sent by a private network address going out to the public Internet
Packets sent to a private network address going out to the public Internet
Packets sent by a private network address coming in from the public Internet
Packets sent to a private network address coming in from the public Internet
These filters can be put in place by either Wave or the ISP. If this firewall is a serious concern
for your company, then the filters should be enabled on Wave; if you wish to lessen
administration, let the ISP enable the filters.
The filters listed in the following table can be put into place on the WAN connection(s), with
the filters set to receive/transmit all except listed below. Each of these filters should be added as
both input and output filters, thereby creating a total of 12 filters. You can use all of them, or
just the subset matching your private addresses. These filters are listed with the IP network
address and then the subnet mask.
Outbound and inbound filters
Direction Filter Type IP Network Address Subnet Mask
Input/Output Source 10.0.0.0 255.0.0.0
Input/Output Source 172.16.0.0 255.240.0.0
Input/Output Source 192.168.0.0 255.255.0.0
Release 2.0
September 2010