Filter and Firewall
Left running head:
Chapter name (automatic)
776
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
Alcatel-Lucent
4. Configuring the rules as per the scenario.
(i) Trusted to Internet - All services
ALU(config)# match-list Internet-access
ALU(config-match-list-Internet-access)# ip list Trust list
Untrust
(ii) Trust to DMZ-All services
ALU(config)# match-list trust-DMZ-access
ALU(config-match-list-DMZ access)# ip list Trust list DMZ
(iii) Mailserver access from the Internet
ALU(config)# match-list Internet-mail-access
ALU(config-match-list-Internet mail-access)# 1 tcp list
Untrust host 202.24.45.100 service smtp
ALU(config-match-list-Internet mail-access)# 2 tcp list
Untrust host 202.24.45.100 service pop
ALU(config-match-list-Internet mail-access)# 3 tcp list
Untrust host 202.24.45.100 service imap
ALU(config-match-list-Internet mail-access)# 4 tcp list
Untrust host 202.24.45.100 service http
ALU(config-match-list-Internet mail-access)# 5 tcp list
Untrust host 202.24.45.100 service 443
(iv) Webserver access from the internet
ALU(config)# match-list webserver-access
ALU(config-match-list-webserver-access)# 1 tcp list Untrust
host 202.24.45.100 service http
ALU(config-match-list-webserver-access)# 2 tcp list Untrust
host 202.24.45.100 service https
ALU(config-match-list-webserver-access)# 3 tcp list Untrust
host 202.24.45.100 service dns
(v) DMZ access to the Internet
ALU(config)# match-list untrust-DMZ-access
ALU(config-match-list-DMZ-access)# 1 tcp list DMZ list
Untrust service smtp
ALU(config-match-list-DMZ-access)# 2 tcp list DMZ list
Untrust service dns
ALU(config-match-list-DMZ-access)# 3 udp list DMZ list
Untrust service dns
(vi) Internet access to Trust
ALU(config)# match-list Internet-Trust
ALU(config-match-list-Internet-Trust)# ip any any
To Next Page
Loading...
