Allied Telesis AR450S Manual de usuario descargar pdf (Pagina 20)

20 How to configure the AT-AR450S Firewall using the Graphical User Interface (GUI)

C613-16011-00 REV A

13 February 2004

You can see these two policies conflict in their opinion as to whether traffic should be

allowed between the LAN and DMZ interfaces. The “law” in such cases of conflict is:

'If ANY of the policies state that packets between a particular pair of interfaces should be

disallowed, then they will be disallowed".

The effect of these policies is that traffic may only pass from LAN to WAN and from DMZ

to WAN. All other traffic will be disallowed.

Adding the rule shown below has the effect that the DMZ policy will allow all traffic from

LAN to DMZ.

Given that the LAN policy also allows all traffic from LAN to DMZ, and all traffic from

LAN to WAN, the two policies thereby unanimously agree that those traffic flows should

be allowed.

Hence, the default behaviour of the initial firewall configuration created by the GUI is

shown in Table 6.

Therefore, it is only necessary to create further firewall rules if the desire is to change the

behaviour of the firewall from that shown in Table 6.

For more information about the GUI, and about the Firewall, see the GUI Help, your

AR450S User Guide and Software Reference, or contact your nearest authorised Allied

Telesyn reseller or distributor.

Table 5: DMZ Policy

To To To

From

LAN - Public DMZ - Private WAN - Public

LAN - Public Not applicable Disallow Allow

DMZ - Private Allow Not applicable Allow

WAN - Public Allow Disallow Not applicable

add firewall poli="guidmz" rule=50 access=allow int=vlan1 protocol=ALL

Table 6: Default configuration policies

To To To

From

LAN DMZ WAN

LAN Not applicable Allow Allow

DMZ Disallow Not applicable Allow

WAN Disallow Disallow Not applicable

1 2 ... 15 16 17 18 19 20

Sin comentarios

Allied Telesis AR450S Manual de usuario Pagina 20