Configuring lan to wan access – Brocade Mobility 7131N-FGR Access Point Product Reference Guide (Supporting software release 4.0.0.0-35GRN and later) User Manual

Brocade Mobility 7131N-FGR Product Reference Guide

173

53-1001947-01

Configuring firewall settings

6

5. Click Apply to save any changes to the Firewall screen. Navigating away from the screen

without clicking the Apply button results in all changes to the screens being lost.

6. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the

settings displayed on the Firewall screen to the last saved configuration.

7. Click Logout to securely exit the Access Point applet. A prompt displays confirming the logout

before the applet is closed.

Configuring LAN to WAN access

The Brocade Mobility 7131N-FGR Access Point LAN can be configured to communicate with the
WAN side of the Brocade Mobility 7131N-FGR Access Point. Use the Subnet Access screen to
control access from the LAN1 (or LAN2) interfaces to the WAN interface. This access level will
function as an ACL in a router to allow/deny certain IP addresses or subnets to access certain
interfaces (or subnets belonging to those interfaces) by creating access policies.

To configure Brocade Mobility 7131N-FGR Access Point subnet access:

1. Select Network Configuration -> Firewall -> Subnet Access from the Brocade Mobility

7131N-FGR Access Point menu tree.

2. Refer to the Overview field to view rectangles representing subnet associations. The three

possible colors indicate the current access level, as defined, for each subnet association.

SYN Flood Attack
Check

A SYN flood attack requests a connection and then fails to
promptly acknowledge a destination host's response, leaving the
destination host vulnerable to a flood of connection requests.

Source Routing Check

A source routing attack specifies an exact route for a packet's
travel through a network, while exploiting the use of an
intermediate host to gain access to a private host.

Winnuke Attack
Check

A "Win-nuking" attack uses the IP address of a destination host to
send junk packets to its receiving port.

FTP Bounce Attack
Check

An FTP bounce attack uses the PORT command in FTP mode to
gain access to arbitrary ports on machines other than the
originating client.

IP Unaligned
Timestamp Check

An IP unaligned timestamp attack uses a frame with the IP
timestamp option, where the timestamp is not aligned on a 32-bit
boundary.

Sequence Number
Prediction Check

A sequence number prediction attack establishes a three-way TCP
connection with a forged source address. The attacker guesses
the sequence number of the destination host response.

Mime Flood Attack
Check

A MIME flood attack uses an improperly formatted MIME header in
"sendmail" to cause a buffer overflow on the destination host.

Max Header Length
(>=256)

Use the Max Header Length field to set the maximum allowable
header length (at least 256 bytes).

Max Headers
(>=12)

Use the Max Headers field to set the maximum number of headers
allowed (at least 12 headers).