beautypg.com

Allied Telesis AR400 Series Router User Manual

Page 35

background image

Getting Started with the Graphical User Interface (GUI)

35

Software Release 2.5.2
C613-02034-00 REV A

Rules intended to block traffic have an action of “Deny”.

The ports, services and protocols are correct.

The IP addresses the rules apply to are entered correctly, and actually
belong to the specified devices.

The rules apply to the correct days and time.

Some traffic is allowed through the firewall, to enable the protocols to
work correctly. You can specify which ICMP traffic is allowed through on
the Firewall Policy Options page (Configuration > Firewall > Interfaces >
Policy options tab). For example, if Ping is checked on this page, ping
packets addressed to the private LAN will be allowed.

Problem

A device on your LAN or DMZ cannot access the Internet.

Solutions

The most likely cause of this problem is an incorrect outgoing rule. Check
that:

“Deny” rules are not too tight and therefore blocking more traffic than
intended.

The firewall is processing the rules in the order you expected, and that
specific rules (e.g. allow IP address x to use FTP) have lower numbers
than general rules (e.g. deny all outgoing FTP requests).

Rules intended to allow traffic have an action of “Allow”.

The rules apply to the correct IP services (by name or port number).

The IP addresses the rules apply to are entered correctly, and actually
belong to the specified devices.

The rules apply to the correct days and time.

Check that the device’s gateway address is correct.

Check the NAT configuration. See “Traffic Flow and Network Address
Translation (NAT)” on page 33.

If an IP address-based rule exists to allow traffic from this particular
device, check that the device has a permanently-assigned IP address. If the
router is assigning IP addresses as a DHCP server, you can give the
required device a permanent IP address by making it a static entry
(Configuration > DHCP Server).

Problem

A device on your LAN or DMZ can access a service on the Internet even
though it should be blocked.

Solutions

The most likely cause of this problem is an incorrect outgoing rule. Check
that:

Rules intended to block traffic have an action of “Deny”.

The firewall is processing the rules in the order you expected, and that
specific rules (e.g. block IP address x from using FTP) have lower
numbers than general rules (e.g. allow all outgoing FTP requests).

The rules apply to the correct IP services (by name or port number).

See also other documents in the category Allied Telesis Computer hardware: