beautypg.com

Firewall configuration, Creating a firewall via ip filtering and nat, Firewall configuration -89 – Verilink 8100A (34-00237) Product Manual User Manual

Page 163: Creating a firewall via ip filtering and nat -89

background image

C o n f i g u r a t i o n

4-89

Figure 4.109

FRF.8 FECN Mapping

If you select “0”, no congestion will always be indicated, and if you select
“1”

, congestion will always be indicated.

If you select “M”, this allows bi-directional mapping of the Frame Relay
Forward Explicit Congestion Notification (FECN) to the ATM Explicit
Forward Congestion Indication (EFCI). The purpose of this is to identify in
the protocol header that the network has congestion.

Firewall Configuration

Firewall configuration (also known as IP filtering) allows you to specify a
combination of parameters the IAD uses to selectively eliminate IP traffic.

Refer to the IP Filtering Application Note contained in Appendix D.

Creating a Firewall via IP Filtering and NAT

IP Filtering, in conjunction with NAT, can provide a Firewall for securing the
local network from unwanted and possibly harmful traffic. By defining a set
of rules (IP Filtering) and open ports (NAT), you may selectively block traffic
and deny access to the local network.

IP Filtering controls IP traffic traveling through an interface by selectively
passing or discarding IP packets based on criteria expressed in the form of a
“filter.” A filter is simply a set of rules that determine whether a packet
should be passed or discarded as it crosses an interface. An interface is any
port that carries IP traffic. On the IAD, it can be one of the following:
Ethernet port, PPP connection, ATM PVC, or FR DCLI.

IP Filtering can selectively pass or discard IP packets based on one or more of
the following properties:

Protocol (IP, ICMP, TCP, and UDP)

Protocol flags (for TCP and ICMP only)

Source and/or Destination IP address

Source and/or Destination port number

For more information on defining and using a filter rule set, see IP Filtering
Application note on page D-4.

For more information, see Configure IP Filtering on page 4-49.

This manual is related to the following products:
See also other documents in the category Verilink Computer hardware: