Filter and Firewall
Left running head:
Chapter name (automatic)
774
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
Alcatel-Lucent
P
OLICIES THAT NEED TO BE FORMULATED
• Apart from this, the DMZ has to be protected from DoS attacks.
• Checks have to be done on LAN ports for traffic from valid IP addresses.
RFC1918 addresses from the Internet have to be discarded.
• ICMP rate limiting to be applied to 2/second.
IP A
DDRESSING SCHEME
1. LAN addresses fall in 3 subnets
• 10.0.0.0/24
• 192.168.0.0/24
• 172.16.0.0/25
2. The Public IP of the link is 202.24.45.100. This is forwarded to Mail Server and
Web Server using DNAT.
Serial
Number
From To Allow
1. Trusted/LAN DMZ All services
2. Untrusted/Internet Mail server in DMZ SMTP, POP, IMAP, HTTP,
HTTPS, DNS.
3. Untrusted/Internet Web server in
DMZ
HTTP, HTTPS, DNS, FTP.
4. Trusted/LAN Internet All services
5. DMZ Internet/Untrusted SMTP, DNS
6. DMZ/Internet Trusted/LAN Nil
To Next Page
Loading...
