beautypg.com

Allied Telesis AR400 SERIES Software Release 2.7.1 User Manual

Page 46

background image

46

AR400 Series Router User Guide

Software Release 2.7.1

C613-02021-00 REV F

Check the NAT configuration. See “Traffic Flow and Network Address
Translation (NAT)” on page 44.

Problem

Illegitimate traffic is reaching your LAN or DMZ.

Solutions

The most likely cause of this problem is an incorrect rule. Check that:

“Allow” rules are tight enough that only the intended traffic types are
allowed through.

The firewall is processing the rules in the order you expected, and that
specific rules (e.g. deny IP address x access to FTP on the server) have
lower numbers than general rules (e.g. allow all FTP access).

Rules intended to block traffic have an action of “Deny”.

The ports, services and protocols are correct.

The IP addresses the rules apply to are entered correctly, and actually
belong to the specified devices.

The rules apply to the correct days and time.

Some traffic is allowed through the firewall, to enable the protocols to
work correctly. You can specify which ICMP traffic is allowed through on
the Firewall Policy Options page (Configuration > Firewall > Interfaces >
Policy options tab). For example, if Ping is checked on this page, ping
packets addressed to the private LAN will be allowed.

Problem

A device on your LAN or DMZ cannot access the Internet.

Solutions

The most likely cause of this problem is an incorrect outgoing rule. Check
that:

“Deny” rules are not too tight and therefore blocking more traffic than
intended.

The firewall is processing the rules in the order you expected, and that
specific rules (e.g. allow IP address x to use FTP) have lower numbers
than general rules (e.g. deny all outgoing FTP requests).

Rules intended to allow traffic have an action of “Allow”.

The rules apply to the correct IP services (by name or port number).

The IP addresses the rules apply to are entered correctly, and actually
belong to the specified devices.

The rules apply to the correct days and time.

Check that the device’s gateway address is correct.

Check the NAT configuration. See “Traffic Flow and Network Address
Translation (NAT)” on page 44.

If an IP address-based rule exists to allow traffic from this particular
device, check that the device has a permanently-assigned IP address. If the
router is assigning IP addresses as a DHCP server, you can give the
required device a permanent IP address by making it a static entry
(Configuration > DHCP Server).

See also other documents in the category Allied Telesis Computer hardware: