ELTEX ESR-3100 - Firewall Configuration Example

To Next Page

To Previous Page

ESR series service routers.ESR-Series. User manual

469

13.4.2 Firewall configuration example

Objective:

Enable message passage via ICMP between R1, R2 and ESR router.

Solution:

Create a security zone for each ESR network:

esr# configure

esr(config)# security zone LAN

esr(config-zone)# exit

esr(config)# security zone WAN

esr(config-zone)# exit

Configure network interfaces and identify their inherence to security zones:

esr(config)# interface gi1/0/2

esr(config-if-gi)# ip address 192.168.12.2/24

esr(config-if-gi)# security-zone LAN

esr(config-if-gi)# exit

esr(config)# interface gi1/0/3

esr(config-if-gi)# ip address 192.168.23.2/24

esr(config-if-gi)# security-zone WAN

esr(config-if-gi)# exit

Main Page

Table of Contents2
Introduction12
Abstract12
Target Audience12
Symbols12
Notes and Warnings13
Product Description14
Purpose14
Functions15
Interface Functions15
MAC Table Functions15
Second-Layer Functions of OSI Model16
Third-Layer Functions of OSI Model16
Traffic Tunneling Functions18
Management and Configuration Functions18
Network Security Functions19
Main Specifications20
Design36
ESR-3200 Design36
ESR-3100 Design38
ESR-1700 Design40
ESR-1511, ESR-1510 Design43
ESR-1200, ESR-1000 Design47
Design50
Design53
Design55
Design58
ESR-14VF, ESR-12VF Design60
ESR-12V Design62
Design64
Light Indication67
Delivery Package79
Installation and Connection82
Support Brackets Mounting82
Device Rack Installation83
ESR-1000, ESR-1200, ESR-1500, ESR-1511, ESR-1700, ESR-3100, ESR-3200 Power Module Installation84
Connection to Power Supply84
SFP Transceiver Installation and Removal85
Transceiver Installation85
Transceiver Removal85
Management Interfaces86
Command Line Interface (CLI)86
Types and Naming Procedure of Router Interfaces87
Types and Naming Procedure of Router Tunnels90
Initial Router Configuration91
ESR Router Factory Configuration91
Description of Factory Settings91
Router Connection and Configuration92
Connection to the Router93
Applying the Configuration Change93
Basic Router Configuration94
Firmware Update98
Updating Firmware Via System Resources98
Updating Firmware Via Bootloader100
Secondary Bootloader Update (U-Boot)101
Safe Configuration Recommendations104
General Recommendations104
Event Logging System Configuration104
Recommendations105
Warnings105
Configuration Example105
Password Usage Policy Configuration105
Recommendations106
Configuration Example106
AAA Policy Configuration106
Warnings107
Configuration Example107
Remote Management Configuration108
Recommendations108
Configuration Example108
Configuration of Protection against Network Attacks Mechanisms109
Recommendations109
Configuration Example110
Interface Management111
VLAN Configuration112
Configuration Algorithm112
Configuration Example 1. VLAN Removal from the Interface114
Configuration Example 2. Enabling VLAN Processing in Tagged Mode114
Configuration Example 3. Enabling VLAN Processing in Tagged and Untagged Modes115
LLDP Configuration116
Configuration Algorithm116
Configuration Example117
LLDP MED Configuration118
Configuration Algorithm118
Voice VLAN Configuration Example119
Sub-Interface Termination Configuration120
Configuration Algorithm121
Sub-Interface Configuration Example123
Q-In-Q Termination Configuration123
Configuration Algorithm123
Q-In-Q Configuration Example126
USB Modems Configuration126
USB Modems Configuration Algorithm126
Configuration Example129
STP/RSTP Configuration130
Spanning Tree Configuration Algorithm130
Configuration Example132
PPP through E1 Configuration133
Configuration Algorithm133
Configuration Example136
MLPPP Configuration138
Configuration Algorithm138
Configuration Example140
Bridge Configuration142
Configuration Algorithm142
Example of Bridge Configuration for VLAN and L2Tpv3 Tunnel145
Example of Bridge Configuration for VLAN147
Configuration Example of the Second VLAN Tag Adding/Removing148
Dual-Homing Configuration149
Configuration Algorithm149
Configuration Example150
Mirroring Configuration (SPAN/RSPAN)151
Configuration Algorithm151
Configuration Example152
LACP Configuration153
Configuration Algorithm153
Configuration Example155
AUX Configuration156
Configuration Algorithm156
Configuration Examples158
Adapter Soldering Schemes163
Tunneling Management164
GRE Tunnel Configuration164
Configuration Algorithm164
IP-GRE Tunnel Configuration Example168
DMVPN Configuration170
Configuration Algorithm171
Configuration Example 1172
Configuration Example 2178
L2Tpv3 Tunnel Configuration184
Configuration Algorithm184
L2Tpv3 Tunnel Configuration Example186
Ipsec VPN Configuration188
Route-Based Ipsec VPN Configuration Algorithm188
Route-Based Ipsec VPN Configuration Example194
Policy-Based Ipsec VPN Configuration Algorithm198
Policy-Based Ipsec VPN Configuration Example203
Remote Access Ipsec VPN Configuration Algorithm207
Remote Access Ipsec VPN Configuration Example215
DPD Configuration Example (Dead Peer Detection)220
Tunnels Configuration221
Configuration Algorithm221
Configuration Example223
Qos Management225
Basic Qos225
Configuration Algorithm225
Configuration Example228
Advanced Qos229
Configuration Algorithm229
Configuration Example235
Routing Management237
Routing Information Advertising Policy238
Rip238
OSPF Protocol238
IS-IS Protocol239
Ibpg Protocol240
Ebpg Protocol240
Static Routes Configuration241
Configuration Algorithm241
Static Routes Configuration Example242
RIP Configuration244
Configuration Algorithm244
RIP Configuration Example249
OSFP Configuration250
Configuration Algorithm250
OSPF Configuration Example260
OSPF Stub Area Configuration Example261
Virtual Link Configuration Example261
BGP Configuration263
Configuration Algorithm263
Configuration Example274
BGP Best Route Selection Policy276
BFD Configuration278
Timers Configuration280
Configuration Algorithm281
BFD with BGP Configuration Example285
PBR Routing Policy Configuration286
Configuration Algorithm of Route-Map for BGP286
Configuration Example 1. Route-Map for BGP290
Configuration Example 2. Route-Map for BGP291
Route-Map Based on Access Control Lists (Policy-Based Routing) Configuration Algorithm291
Route-Map Based on Access Control Lists (Policy-Based Routing) Configuration Example292
VRF Configuration295
Configuration Algorithm295
Configuration Example297
Multiwan Configuration298
Configuration Algorithm298
Configuration Example301
IS-IS Configuration303
Configuration Algorithm303
Configuration Example310
MPLS Technology Management312
LDP Configuration313
Configuration Algorithm313
Configuration Example314
Configuring Session Parameters in LDP317
Algorithm for Setting Hello Holdtime and Hello Interval in the Global LDP Configuration319
Algorithm for Setting Hello Holdtime and Hello Interval for Address Family319
Algorithm for Setting Keepalive Holdtime Parameter in the Global LDP Configuration320
Algorithm for Setting Keepalive Holdtime Parameter for the Specific Neighbor320
Configuration Example320
Configuring Session Parameters in Targeted-LDP322
Algorithm for Setting Hello Holdtime, Hello Interval and Keepalive Holdtime for the LDP Process324
Algorithm for Setting Hello Holdtime, Hello Interval and Keepalive Holdtime for the Specific Neighbor324
Configuration Example325
LDP Tag Filtering Configuration326
Configuration Algorithm326
Configuration Example327
L2VPN Martini Mode Configuration328
L2VPN VPWS Configuration Algorithm328
L2VPN VPWS Configuration Example330
L2VPN VPLS Configuration Algorithm333
L2VPN VPLS Configuration Example334
L2VPN Kompella Mode Configuration339
L2VPN VPLS Configuration Algorithm339
L2VPN VPLS Configuration Example341
L3VPN Configuration356
Configuration Algorithm357
Configuration Example359
MPLS Traffic Balancing374
Configuration Example375
Operation with the Bridge Domain Within MPLS376
Assignment of MTU When Operating with MPLS378
Inter-AS Option a384
L2Vpn384
L3Vpn395
Inter-AS Option B409
L3Vpn410
MPLS over GRE423
L2Vpn423
L3Vpn430
Security Management439
AAA Configuration439
Local Authentication Configuration Algorithm440
AAA Configuration Algorithm Via RADIUS443
AAA Configuration Algorithm Via TACACS446
AAA Configuration Algorithm Via LDAP449
Example of Authentication Configuration Using Telnet Via RADIUS Server453
Command Privilege Configuration453
Configuration Algorithm454
Example of Command Privilege Configuration454
Logging and Network Attacks Protection Configuration454
Description of Attack Protection Mechanisms457
Configuration Example of Logging and Protection against Network Attacks460
Firewall Configuration461
Configuration Algorithm461
Firewall Configuration Example469
Configuration Example of Application Filtering (DPI)471
Access List (ACL) Configuration474
Configuration Algorithm474
Access List Configuration Example476
IPS/IDS Configuration477
Base Configuration Algorithm477
Configuration Algorithm for IPS/IDS Rules Autoupdate from External Sources478
Recommended Open Rule Update Source479
IPS/IDS Configuration Example with Rules Autoupdate484
Basic User Rules Configuration Algorithm485
Basic User Rules Configuration Example494
Extended User Rules Configuration Algorithm495
Extended User Rules Configuration Example496
Eltex Distribution Manager Interaction Configuration496
Basic Configuration Algorithm497
Configuration Example501
Content Filtering Service Configuration503
Basic Configuration Algorithm503
Content Filtering Rules Configuration Example508
Antispam Service Configuration511
Basic Configuration Algorithm511
Configuration Example514
Redundancy Management516
VRRP Configuration516
Configuration Algorithm516
Configuration Example 1520
Configuration Example 2521
Tracking Configuration522
Configuration Algorithm522
Configuration Example526
Firewall/Nat Failover Configuration528
Configuration Algorithm528
Configuration Example530
DHCP Failover Configuration533
Configuration Algorithm533
Configuration Example534
Remote Access Configuration539
Configuring Server for Remote Access to Corporate Network Via PPTP Protocol539
Configuration Algorithm539
Configuration Example542
Configuring Server for Remote Access to Corporate Network Via L2TP Protocol544
Configuration Algorithm544
Configuration Example547
Configuring Server for Remote Access to Corporate Network Via Openvpn Protocol549
Configuration Algorithm549
Configuration Example552
Configuring Remote Access Client Via Pppoe554
Configuration Algorithm554
Configuration Example556
Configuring Remote Access Client Via PPTP557
Configuration Algorithm557
Configuration Example559
Configuring Remote Access Client Via L2TP560
Configuration Algorithm561
Configuration Example563
Service Management565
DHCP Server Configuration565
Configuration Algorithm565
Configuration Example569
Destination NAT Configuration571
Configuration Algorithm571
Destination NAT Configuration Example573
Source NAT Configuration575
Configuration Algorithm575
Configuration Example 1579
Configuration Example 2581
Static NAT Configuration582
Configuration Algorithm582
Static NAT Configuration Example582
HTTP/HTTPS Traffic Proxying584
Configuration Algorithm584
HTTP Proxy Configuration Example587
NTP Configuration588
Configuration Algorithm588
Configuration Example590
Monitoring592
Netflow Configuration592
Configuration Algorithm592
Configuration Example594
Sflow Configuration595
Configuration Algorithm595
Configuration Example596
SNMP Configuration597
Configuration Algorithm597
Configuration Example601
Zabbix-Agent/Proxy Configuration602
Configuration Algorithm602
Zabbix-Agent Configuration Example604
Zabbix-Server Configuration Example605
Syslog Configuration608
Configuration Algorithm608
Configuration Example612
Integrity Check613
Configuration Process613
Configuration Example613
Router Configuration File Archiving613
Configuration Process614
Configuration Example614
BRAS (Broadband Remote Access Server) Management616
Configuration Algorithm616
Example of Configuration with Softwlc620
Example of Configuration Without Softwlc626
Voip Management633
SIP Profile Configuration Algorithm633
FXS/FXO Ports Configuration Algorithm634
Dial Plan Configuration Algorithm636
PBX Server Configuration Algorithm636
Registration Trunk Creation Algorithm637
Voip Configuration Example638
Dial Plan Configuration Example641
FXO Port Configuration643
Example of Voip Configuration for FXS Ports Registration on External SIP Server644
Example of Voip Configuration on Internal PBX Server645
Frequently Asked Questions648

ELTEX ESR-3100 - Firewall Configuration Example

Table of Contents

Related product manuals