Configuring lan to wan access – Brocade Mobility 7131 Access Point Product Reference Guide (Supporting software release 4.4.0.0 and later) User Manual

212

Brocade Mobility 7131 Access Point Product Reference Guide

53-1002517-01

6

5. Click Apply to save any changes to the Firewall screen. Navigating away from the screen

without clicking the Apply button results in all changes to the screens being lost.

6. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the

settings displayed on the Firewall screen to the last saved configuration.

7. Click Logout to securely exit the Access Point applet. A prompt displays confirming the logout

before the applet is closed.

Configuring LAN to WAN Access

The Mobility 7131 Access Point LAN can be configured to communicate with the WAN side of the
Mobility 7131 Access Point. Use the Subnet Access screen to control access from the LAN1 (or
LAN2) interfaces to the WAN interface. This access level functions as an ACL in a router to
allow/deny IP addresses or subnets to access certain interfaces (or subnets belonging to those
interfaces) by creating access policies. It also functions as a filter to allow/deny access for certain
protocols such as HTTP, Telnet, FTP etc.

To configure Mobility 7131 Access Point subnet access:

1. Select Network Configuration -> Firewall -> Subnet Access from the Mobility 7131 Access Point

menu tree.

2. Refer to the Overview field to view rectangles representing subnet associations. The three

possible colors indicate the current access level, as defined, for each subnet association.

FTP Bounce Attack
Check

An FTP bounce attack uses the PORT command in FTP mode to gain access to arbitrary ports
on machines other than the originating client.

IP Unaligned
Timestamp Check

An IP unaligned timestamp attack uses a frame with the IP timestamp option, where the
timestamp is not aligned on a 32-bit boundary.

Sequence Number
Prediction Check

A sequence number prediction attack establishes a three-way TCP connection with a forged
source address. The attacker guesses the sequence number of the destination host
response.

Mime Flood Attack
Check

A MIME flood attack uses an improperly formatted MIME header in "sendmail" to cause a
buffer overflow on the destination host.

Max Header Length
(>=256)

Use the

Max Header Length

field to set the maximum allowable header length (at least

256 bytes).

Max Headers
(>=12)

Use the

Max Headers

field to set the maximum number of headers allowed (at least 12

headers).

Color

Access Type

Description

Green

Full Access

No protocol exceptions (rules) are specified. All traffic may pass between
these two areas.

Yellow

Limited Access

One or more protocol rules are specified. Specific protocols are either
enabled or disabled between these two areas. Click the table cell of
interest and look at the exceptions area in the lower half of the screen to
determine the protocols that are either allowed or denied.

Red

No Access

All protocols are denied, without exception. No traffic will pass between
these two areas.