Allied Telesis AR450S Manual de usuario descargar pdf (Pagina 13)

How to configure the AT-AR450S Firewall using the Graphical User Interface (GUI) 13

C613-16011-00 REV A

13 February 2004

You can create rules to allow and deny particular traffic flows, based on the:

■ Source IP address range.

■ Destination IP address range.

■ Destination TCP/UDP port.

■ Protocol type.

■ Day of week.

■ Time of day.

■ NAT requirements.

As noted earlier, there are four tabs on the firewall rule window, one for each traffic

direction on each policy. The method for configuring the rules is identical for each tab.

The main difference between the tabs is the range of rule numbers available for each case.

The list of available ranges for each tab is:

■ Rule Range Number for WAN to LAN is 1 to 150

■ Rule Range Number for DMZ to LAN is 151 to 220

■ Rule Range Number for LAN to WAN is 221 to 299

■ Rule Range Number for WAN to DMZ is 51 to 299

The possible operations are add, modify, and delete a firewall rule. It is not possible to

change the ID number of a rule once it has been created. This is because the rule

number governs the order in which rules are executed. It is important to plan your rule

numbering in advance, before beginning the process of creating the rules. For example, it

is better to have more specific rules at the top of the list, and more generic rules at the

end of the list.

Adding a firewall rule

Clicking on the Add button displays a window, similar to Figure 13 on page 14, in which

you can create new rule definitions. This window is similar for each of the policy/direction

combinations as follows:

■ WAN to LAN

■ LAN to WAN

■ WAN to DMZ, and

■ DMZ to LAN.

Note that the LAN to WAN and DMZ to LAN combinations don’t have port translation

options.

1 2 ... 8 9 10 11 12 13 14 15 16 17 18 19 20

Sin comentarios

Allied Telesis AR450S Manual de usuario Pagina 13