Perle Systems 1700 User Manual

Applications

56

Configure Firewall

The P1705 & P1730 provide Firewall security for restricting access between any two

networks connected through the router. Firewalls are set-up on a per connection basis for

the LAN and remote sites. The direction of filtering is from the perspective of the router;

incoming traffic is from the network in question to the router, outgoing is from the router

to the network. The direction of filtering may be set to incoming, outgoing, both or none.

Once the direction of filtering for a connection has been set, holes may be created in the

firewall to allow specified traffic through. Normally, the LAN firewall is used for restricting

intranet traffic (connections within the corporate network) and remote site firewalls are used to

limit access from less trusted sources, such as the Internet or dial-up ISDN links.

The following diagram shows a corporate head office network, which is connected, to the

Internet with an router. There is also a branch office at a remote site connected with a

leased link. The administrator at the corporate head office wishes to set-up an IP firewall to

allow everyone on the Internet to have access to the corporate FTP and Web servers and

nothing else. The administrator also wishes to allow all of the TCP traffic from the branch

office network to have access to the head office. Anyone in the corporation may have

unrestricted access to the Internet.

Figure 2 -13 Sample Firewall Application

The following steps must be performed on the P1705 & P1730 to set-up the firewall

support as desired.

Internet

Router with

firewall enabled.

Corporate Head

Office Network

195.100.1.0

Branch Office

Network

195.100.2.0

Any other network

any IP address

Main FTP server: 195.100.1.12

Main Web server: 195.100.1.20