Firewall – Allied Telesis AR400 SERIES Software Release 2.7.1 User Manual
Page 45
Getting Started with the Graphical User Interface (GUI)
45
Software Release 2.7.1
C613-02021-00 REV F
•
Any password and authentication settings must be configured on the
neighbour as well as on this router.
■
Check that the router is passing the correct DNS information to hosts on
the LAN, if the router is a DHCP server. If the router acting as a DHCP
client as well, and therefore is passing on DNS information from another
DHCP server, check that this DHCP server is providing the router with the
correct information.
Problem
A device on the LAN or DMZ can send some traffic out, but cannot receive
traffic.
Solution
If you are using a static Standard NAT, this problem may indicate that NAT is
mapping to an invalid IP address. To check this, select Configuration > Firewall
> NAT.
Problem
Incoming traffic is sent to the wrong host.
Solution
If you are using a static Standard NAT, this problem may indicate that NAT is
mapping to a valid IP address, but which belongs to the wrong host. To correct
the IP address, select Configuration > Firewall > NAT.
Problem
Only one device on the LAN or DMZ can access the Internet.
Solution
■
If you are using a static Standard NAT, only one device from the LAN will
be able to access the Internet. If you wish to have more than one device
access the Internet, use Enhanced NAT instead (Configuration > Firewall >
NAT).
■
It is also possible that no other device has been configured with the correct
gateway.
Firewall
Diagnosis
To see information about the traffic that the firewall has denied, use the CLI
command SHOW FIREWALL EVENT=DENY
To see information about the traffic that the firewall has allowed, use the CLI
command SHOW FIREWALL EVENT=ALLOW
Problem
Legitimate traffic is not reaching your LAN or DMZ.
Solutions
■
Check that a rule exists to allow the traffic (Firewall > Configuration >
Traffic Rules)
Activating a DMZ does not provide access to servers on it. Rules must be
created for each server on the DMZ. Likewise, by default there is no access
to any devices on the private LAN.
■
If the rule exists, it may be incorrect or insufficient. Check that:
•
Rules intended to allow traffic have an action of “Allow”.
•
The firewall is processing the rules in the order you expected, and that
specific rules (e.g. allow IP address x access to FTP on the server) have
lower numbers than general rules (e.g. deny all FTP access).
•
The ports, services and protocols are correct.
•
The IP addresses the rules apply to are entered correctly, and belong to
the specified devices.
•
The rules apply to the correct days and time.