Lancom Systems LCOS 3.50 User Manual

LANCOM Reference Manual LCOS 3.50

̈

Chapter 8: Firewall

118

Fi

rew

a

ll

list will be carried out. If the action intends to accept the packet, then an
entry is made in the connection list, as well as for any further actions.

If no explicit Firewall rule exists for a data packet, the packet will be
accepted (’Allow-All’). That grants a backward-compatibility for exist-
ing installations. For maximum protection by the Stateful Inspection,
please note the section ’Set-up of an explicit "Deny All" strategy’

→

page 138.

The four lists obtain their information as follows:

̈

In the host block list are all those stations listed, which are blocked for
a certain time because of a Firewall action. The list is dynamic, new entries
can be added continuously with appropriate actions of the Firewall.
Entries automatically disappear after exceeding the timeout.

̈

In the port block list those protocols and services are filed, which are
blocked for a certain time because of a Firewall action. This list is likewise

The Firewall checks with several lists

Host blocked?
Port blocked?
Active connection?
Filter list?

Firewall / IDS / DoS / QoS

IP router

LAN bridge

wit

h

“isol

at

ed

mo

de”

Virt

ual LANs (VL

A

N)

N:N ma

ppin

g

ISDN

ADSL

DSL

LAN / Switch

WLAN-1

DMZ

DSLoL

Configuration &
management:
WEBconfig, Telnet,

VPN / PPTP

DH

CP

cli

ent

/ PPP

IP module: NetBIOS, DNS,

DHCP server, RADIUS, RIP,

NTP, SNMP, SYSLOG, SMTP

IPX router

LAN interfaces

WAN interfaces

IP

ma

sq

ue

ra

di

ng

VPN services

LANCAPI

connection via
LAN/Switch

WLAN-2

Filter

Filter

Filter

IPX over PPTP/

VPN

Encr

yp

ti

on:

802.11i

/WP

A

/WE

P