Zone Configuration
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
781
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
14. Configuring the firewall policy to protect against the DoS attack.
ALU(config)#firewall
ALU(config-firewall)# policy prevent
ALU(config-firewall-prevent)# match any DoS attack atk1 drop
Applying this firewall policy to the trust and DMZ as an IN policy to protect the
network against the DoS attacks.
ALU(config-if Serial0/0:0)#firewall policy in prevent
EXAMPLE 2: SIMPLE ZONE CONFIGURATION IN OMNIACCESS 5740 USG
In OmniAccess 5740 USG, you can define classification for trusted/
untrusted/DMZ traffic in ACL, NAT, or DoS policies, and further apply these
policies to the interfaces:
match-list trusted
ip 10.0.0.0/24 any
match-list dmz
ip 172.16.0.0/24 any
match-list any-ip
ip any any
ip nat nat-policy
match trusted source-nat
ip filter permit-dmz-policy
match dmz permit
ip filter deny-untrusted-policy
match any-ip deny
Suppose GigabitEthernet 3/1 is facing external networks, you will need to
apply these NAT and Filter policies to this interface:
interface GigabitEthernet3/1 //Physical interface to untrusted
networks
ip nat out nat-policy //This will NAT internal traffic
ip filter out permit-dmz-policy //This will permit DMZ traffic without
translation
ip filter in deny-untrusted-policy //This will deny all untrusted
traffic originated from outside.
To Next Page
Loading...
