Manualshelf

- Enterasys Security Router User's Guide

ManualsBrandsEnterasys Networks ManualsNetwork RouterSecurity Router X-PeditionTM
401402403404405406407408409410
Configuration Examples
16-24 Configuring Security on the XSR
Multicast or broadcast filtering for routing and communications protocol filtering
Perform a trial or delayed load to check for configuration errors
Load the configuration in the firewall engine
Enable or disable the firewall:
System wide, or on
Individual interfaces or sub-interfaces
After installing the firewall, check blocked traffic in event logging for missed application rules
Use port scanning tools to ensure policies are properly implemented
Configuration Examples
The following sample configurations describe step-by-step how to set up these firewall scenarios:
XSR with firewall on page 16-24
XSR with firewall, PPPoE, and DHCP on page 16-26
XSR with firewall and VPN on page 16-27
Firewall configuration for VRRP on page 16-33.
Firewall configuration for RADIUS authentication on page 16-33.
•Simple security on page 16-34.
RPC configuration on page 16-35.
XSR with Firewall
In this scenario, the XSR acts as a router connecting a branch office to the Internet, as illustrated in
Figure 16-14. The branch office has two servers (Web and Mail) accessible from the external world
and an internal network of hosts which are protected from the external world by the firewall. The
Web and Mail servers are part of the DMZ and considered internal by the XSR. Note that some
commands have been abbreviated.
This configuration, illustrated in Figure 16-14, provides private and dmz networks with unlimited
access between each other while protecting traffic to and from the external interface only - this is
done by enabling the firewall on the external interface only. No policies are defined for traffic
between private and dmz networks. Also, all Java and ActiveX pages, IP options, IP broadcast and
multicast packets are banned.