System design
20
2.1
Introduction
BAT54-Rail/F..
Release
7.54
06/08
D With IP redirect requests in the LAN are redirected to a specific computer
D The firewall (with the services “Intrusion Detection”, “Denial of Service”
and “Quality of Service”) encloses the IP router like a shield. All connec-
tions via the IP router automatically flow through the firewall as well.
D BAT devices provide either a separate LAN interface or an integrated
switch with multiple LAN interfaces as interfaces to the LAN.
D BAT Router access points resp. BAT routers with wireless modules offer
additionally one or, depending on the respective model, also two wireless
interfaces for the connection of Wireless LANs. Depending on the model
every wireless interface can build up to eight different wireless networks
(“multi SSID”).
D A DMZ interface enables for some models a ’demilitarized zone’ (DMZ),
which is also physically separated within the LAN bridge from other LAN
interfaces.
D The LAN bridge provides a protocol filter that enables blocking of dedicat-
ed protocols on the LAN. Additionally, single LAN interfaces can be sep-
arated by the “isolated mode”. Due to VLAN functions, virtual LANs may
be installed in the LAN bridge, which permit the operating of several logi-
cal networks on a physical cabling.
D Applications can communicate with different IP modules (NetBIOS, DNS,
DHCP server, RADIUS, RIP, NTP, SNMP, SYSLOG, SMTP) either via
the IP router, or directly via the LAN bridge.
D The functions “IP masquerading” and “N:N mapping” provide suitable IP
address translations between private and public IP ranges, or also be-
tween multiple private networks.
D Provided according authorization, direct access to the configuration and
management services of the devices (WEBconfig, Telnet, TFTP) is pro-
vided from the LAN and also from the WAN side. These services are pro-
tected by filters and login barring, but do not require any processing by
the firewall. Nevertheless, a direct access from WAN to LAN (or vice ver-
sa) using the internal services as a bypass for the firewall is not possible.
D The IPX router and the LANCAPI access on the WAN side only the ISDN
interface. Both modules are independent from the firewall, which controls
only data traffic through the IP router.
D The VPN services (including PPTP) enable data encryption in the Internet
and thereby enable virtual private networks over public data connections.
D Depending on the specific model, either xDSL/Cable, ADSL or ISDN are
available as different WAN interfaces.
D The DSLoL interface (DSL over LAN) is no physical WAN interface, but
more a “virtual WAN interface”. With appropriate LCOS settings, it is pos-
sible to use on some models a LAN interface as an additional xDSL/Ca-
ble interface.
To Next Page
Loading...
