Knowledgebase
Online Technical Support
Software Upgrades: Please check our latest Download section.
Search Tip: You can increase the accuracy of your searches by using as many keywords as possible. Remove any common words such as "a", "or", "the" as they will be used in the search. Do not use any operands such as +, or quotation marks to enclose phrases.
|
Issue:
P Series router WAN firewall example to block all access from the outside world except for specific services on the private LAN.
Solution: In this example we want to block the outside world from accessing our private LAN and only allow access for the following services. IP addresses of services used in this example: DNS server IP address 63.236.211.130 Email server IP address 63.236.211.131 WWW_HTTP server IP address 63.236.211.132 Select the following router menu options: Configuration / Applications Set-up / Firewall set-up / WAN firewall setup You will prompted for the Remote site number or alias that you configured in this Router. You need to associate this firewall with your Remote site configuration. If you are unsure then you can find the ID or alias name of your Remote site configuration in the following menus: Configuration / Connections set-up / Remote Site set-up / Remote Site summary Select the "Firewall" option and change it to [inbound] Select the "Edit firewall entry " menu. You will be prompted for the Firewall filter id (1 to 128). Enter "1" for the filter id. Note: Filter ID 1 will be used to allow access to the local DNS server 63.136.211.130. 1. Destination addr "63.236.211.130" - Destination IP address of frame. Press the TAB key then select the "Edit firewall entry menu". You will be prompted for the Firewall filter id (1 to 128). Enter "2" for the filter id. Note: Filter ID 2 will be used for the same local DNS server 63.136.211.130 to allow return packets. 1. Destination addr "63.236.211.130" - Destination IP address of frame. Press the TAB key then select the "Edit firewall entry menu". You will be prompted for the Firewall filter id (1 to 128). Enter "3" for the filter id. Note: Filter ID 3 will be used to allow access to the EMAIL server 63.136.211.131. 1. Destination addr "63.236.211.131" - Destination IP address of frame. Press the TAB key then select the "Edit firewall entry menu". You will be prompted for the Firewall filter id (1 to 128). Enter "4" for the filter id. Note: Filter ID 4 will be used to allow access to the WWW_HTTP server 63.136.211.132. 1. Destination addr "63.236.211.132" - Destination IP address of frame.
2. Destination mask [none] - Network mask for dest address
3. Source address [all] - Source IP address of frame.
4. Source mask [none] - Network mask for source address.
5. Protocol type [ALL] - Allow specific protocol types.
6. Source port [0] [65535] - Source port range to allow.
7. Destination port [53] [53] - Destination port range to allow.
8. Description "Manual entry" - Describe the entry.
9. Entry direction [inbound] - Direction this entry applies to.
2. Destination mask [none] - Network mask for dest address.
3. Source address [all] - Source IP address of frame.
4. Source mask [none] - Network mask for source address.
5. Protocol type [ALL] - Allow specific protocol types.
6. Source port [53] [53] - Source port range to allow.
7. Destination port [0] [65535] - Destination port range to allow.
8. Description "Manual entry" - Describe the entry.
9. Entry direction [inbound] - Direction this entry applies to
2. Destination mask [none] - Network mask for dest address.
3. Source address [all] - Source IP address of frame.
4. Source mask [none] - Network mask for source address.
5. Protocol type [ALL] - Allow specific protocol types.
6. Source port [0] [65535] - Source port range to allow.
7. Destination port [25] [25] - Destination port range to allow.
8. Description "Manual entry" - Describe the entry.
9. Entry direction [inbound] - Direction this entry applies to
2. Destination mask [none] - Network mask for dest address.
3. Source address [all] - Source IP address of frame.
4. Source mask [none] - Network mask for source address.
5. Protocol type [ALL] - Allow specific protocol types.
6. Source port [0] [65535] - Source port range to allow.
7. Destination port [80] [80] - Destination port range to allow.
8. Description "Manual entry" - Describe the entry.
9. Entry direction [inbound] - Direction this entry applies to.