Manualshelf

- Enterasys Security Router User's Guide

ManualsBrandsEnterasys Networks ManualsNetwork RouterSecurity Router X-PeditionTM
401402403404405406407408409410
XSR Firewall Feature Set Functionality
XSR User’s Guide 16-17
Flooding attacks (TCP, UDP, ICMP) logs
Firewall start and restart
Failures (out of memory)
A sample Web access (port 80) permit alarm, which logs at level 4, displays:
FW: Permit: Port-2, Out TCP Con_Req, 10.10.10.10(1042) -> 192.168.1.200(80)
FW: TCP new session request. 10.10.10.10(1042) -> 192.168.1.200(80)
FW: Permit: Port-1, TCP Con_Est, 192.168.1.200(80) -> 10.10.10.10(1042)
FW: TCP connection closed 192.168.1.200(80) -> 10.10.10.10(1042)
A sample client open connection to the FTP server (port 21) alarm displays:
FW: Permit: Port-1, Out TCP Con_Req, 10.10.10.10(1056) -> 192.168.1.100(21)
FW: TCP new session request. 10.10.10.10(1056) -> 192.168.1.100(21)
FW: Permit: Port-1, TCP Con_Est, 192.168.1.100(21) -> 10.10.10.10(1056)
The IP addresses cited in firewall alarms are selected as follows:
If a syslog server is configured, alarms will contain the XSR IP address that is used to
contact the syslog server.
If no syslog server is configured, alarms will contain the IP address of the first circuit. FE1
will be checked first, then FE2, then any WAN interface until an IP address is obtained.
If no interfaces have been configured with an IP address, the hostname will be used.
Authentication
AAA services provide secure access across the firewall delineated by several levels: user, client and
session. This release supports only client authentication which verifies a remote host based on its
IP address. All firewall policy rules that specify allow-auth as the action check the source IP
address of the received packet in the auth cache before approving the session.
For the remote user, the XSR requires manual sign-on using Telnet to default port 3000 or another
configured port. The user is prompted for a user name and password, and those credentials are
checked with either an authenticating server (RADIUS) or local database on the XSR (see
Figure 16-12).
Figure 16-12 Authentication Process
Telnet server
Firewall
DMZ
Internal
Servers
Authentication server
1
2
3
4
Internet