Firewall
284
8.3
The BAT Firewall
BAT54-Rail/F..
Release
7.54
06/08
D If you want to permit a VPN dial-in to a BAT acting as VPN gateway, then
you need a Firewall rule allowing incoming communication from the client
to the local network:
D In case a VPN is not terminated by the BAT itself (e.g. a VPN Client in the
local area network, or BAT as Firewall in front of an additional VPN gate-
way), you'd have to allow IPSec and/or PPTP (for the "IPSec over PPTP"
of the VPN Client) ports additionally:
D For ISDN or V.110 dial-in (e.g. by HSCSD mobile phone) you have to al-
low the particular remote site (see also ’Configuration of remote stations’
→ page 366):
D For a network coupling you permit additionally the communication be-
tween the involved networks:
D If you operate e.g. an own web server, you selectively allow access to the
server:
D For diagnostic purposes it is helpful to allow ICMP protocols (e.g. ping):
Rule Source Destination Action Service
ALLOW_VPN_DIAL_IN remote site name Local network transmit ANY
Rule Source Destination Action Service
(target port)
ALLOW_VPN VPN Client VPN Server transmit IPSEC, PPTP
Rule Source Destination Action Service
ALLOW_DIAL_IN remote site name Local network transmit ANY
Rule Source Destination Action Service
ALLOW_LAN1_TO_LAN2 LAN1 LAN2 transmit ANY
ALLOW_LAN2_TO_LAN1 LAN2 LAN1 transmit ANY
Rule Source Destination Action Service
(target port)
ALLOW_WEBSERVER ANY Webserver transmit HTTP, HTTPS
Rule Source Destination Action Service
ALLOW_PING Local network ANY transmit ICMP
To Next Page
Loading...
