Overview, Filtering benefits, Filtering criteria – Nortel Networks WEB OS 212777 User Manual

Web OS 10.0 Application Guide

170

n

Chapter 7: Filtering

212777-A, February 2002

Overview

Alteon Web switches are used to deliver content efficiently and secure your servers from unau-
thorized intrusion, probing, and Denial-of-Service (DoS) attacks. Web OS includes extensive
filtering capabilities at the IP and TCP/UDP levels.

Filtering Benefits

Layer 3 (IP) and Layer 4 (application) filtering give the network administrator a powerful tool
with the following benefits:

n

Increased security for server networks

Filters can be configured to allow or deny traffic according to various IP address, protocol,
and Layer 4 port criteria. You can also secure your switch from further virus attacks by
allowing you to configure the switch with a list of potential offending string patterns. For
more information, see

“Layer 7 Deny Filter” on page 417

.

This gives the administrator control over the types of traffic permitted through the switch.
Any filter can be optionally configured to generate system log messages for increased
security visibility.

n

Used to map the source or destination IP addresses and ports

Generic Network Address Translation (NAT) can be used to map the source or destination
IP addresses and the ports of private network traffic to or from advertised network IP
addresses and ports.

Filtering Criteria

Up to 2048 filters can be configured on Alteon 184 and Alteon AD4 Web switches. Up to 224
filters are supported on other Alteon Web switches. Descriptive names can be used to define
filters. Each filter can be set to allow, deny, redirect, or translate traffic based on any combina-
tion of the following filter options:

n

sip

: source IP address or range (see

“IP Address Ranges” on page 178

)

n

dip

: destination IP address or range (

dip

and

dmask

)