In this example we want to block the outside world from accessing our private LAN and only allow access for the following services.
IP addresses of services used in this example:
DNS server IP address 63.236.211.130
Email server IP address 63.236.211.131
WWW_HTTP server IP address 63.236.211.132
Select the following router menu options:
Configuration / Applications Set-up / Firewall set-up / WAN firewall setup
You will prompted for the Remote site number or alias that you configured in this Router. You need to associate this firewall with your Remote site configuration. If you are unsure then you can find the ID or alias name of your Remote site configuration in the following menus: Configuration / Connections set-up / Remote Site set-up / Remote Site summary
Select the "Firewall" option and change it to [inbound]
Select the "Edit firewall entry " menu. You will be prompted for the Firewall filter id (1 to 128).
Enter "1" for the filter id.
Note: Filter ID 1 will be used to allow access to the local DNS server 63.136.211.130.
1. Destination addr "63.236.211.130" - Destination IP address of frame.
2. Destination mask [none] - Network mask for dest address
3. Source address [all] - Source IP address of frame.
4. Source mask [none] - Network mask for source address.
5. Protocol type [ALL] - Allow specific protocol types.
6. Source port [0] [65535] - Source port range to allow.
7. Destination port [53] [53] - Destination port range to allow.
8. Description "Manual entry" - Describe the entry.
9. Entry direction [inbound] - Direction this entry applies to.
Press the TAB key then select the "Edit firewall entry menu". You will be prompted for the Firewall filter id (1 to 128).
Enter "2" for the filter id.
Note: Filter ID 2 will be used for the same local DNS server 63.136.211.130 to allow return packets.
1. Destination addr "63.236.211.130" - Destination IP address of frame.
2. Destination mask [none] - Network mask for dest address.
3. Source address [all] - Source IP address of frame.
4. Source mask [none] - Network mask for source address.
5. Protocol type [ALL] - Allow specific protocol types.
6. Source port [53] [53] - Source port range to allow.
7. Destination port [0] [65535] - Destination port range to allow.
8. Description "Manual entry" - Describe the entry.
9. Entry direction [inbound] - Direction this entry applies to
Press the TAB key then select the "Edit firewall entry menu". You will be prompted for the Firewall filter id (1 to 128).
Enter "3" for the filter id.
Note: Filter ID 3 will be used to allow access to the EMAIL server 63.136.211.131.
1. Destination addr "63.236.211.131" - Destination IP address of frame.
2. Destination mask [none] - Network mask for dest address.
3. Source address [all] - Source IP address of frame.
4. Source mask [none] - Network mask for source address.
5. Protocol type [ALL] - Allow specific protocol types.
6. Source port [0] [65535] - Source port range to allow.
7. Destination port [25] [25] - Destination port range to allow.
8. Description "Manual entry" - Describe the entry.
9. Entry direction [inbound] - Direction this entry applies to
Press the TAB key then select the "Edit firewall entry menu". You will be prompted for the Firewall filter id (1 to 128).
Enter "4" for the filter id.
Note: Filter ID 4 will be used to allow access to the WWW_HTTP server 63.136.211.132.
1. Destination addr "63.236.211.132" - Destination IP address of frame.
2. Destination mask [none] - Network mask for dest address.
3. Source address [all] - Source IP address of frame.
4. Source mask [none] - Network mask for source address.
5. Protocol type [ALL] - Allow specific protocol types.
6. Source port [0] [65535] - Source port range to allow.
7. Destination port [80] [80] - Destination port range to allow.
8. Description "Manual entry" - Describe the entry.
9. Entry direction [inbound] - Direction this entry applies to.