EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #347 background imageLoading...
Page #347 background image
334
Configuring firewall
Overview
A firewall blocks unauthorized Internet access to a protected network while allowing internal network
users to access the Internet through WWW, or to send and receive e-mails. A firewall can also be
used to control access to the Internet, for example, to permit only specific hosts within the
organization to access the Internet. Many of today's firewalls offer additional features, such as
identity authentication and encryption.
Another application of firewall is to protect the mainframe and important resources (such as data) on
internal networks. Any access to protected data is filtered by the firewall, even if the access is
initiated by a user within the internal network.
The device mainly implements three categories of firewalls:
• ACL based packet filter
• Application Specific Packet Filter (ASPF)
• Address translation
This chapter focuses on ACL packet-filter firewall and ASPF. For more information about address
translation, see HPE FlexNetwork MSR Router Series Comware 5 Layer 3—IP Service
Configuration Guide.
ACL based packet-filter
An ACL packet-filter implements IP packet specific filtering.
Before an IP packet can be forwarded, the firewall obtains the header information of the packet,
including the following:
• Number of the upper layer protocol carried by the IP layer
• Source address
• Destination address
• Source port number
• Destination port number
The firewall compares the head information against the preset ACL rules and processes the packet
based on the comparison result.
Support for fragment filtering
An ACL based packet-filter firewall supports fragment inspection and filtering by checking packet
type, Layer 3 information, and upper layer information:
• Packet type—Non-fragmented packet, first fragment, or non-first fragment.
• Layer 3 information of the packet—Checked against basic ACL rules, and advanced ACL
rules without information above Layer 3.
• Upper layer Information—Checked against advanced ACL rules containing information above
Layer 3.
The information of Layer 3 and above carried in each first fragment is recorded by packet-filter
firewalls that are configured with advanced ACL rules providing for exact match. When subsequent
fragments arrive, the firewall uses saved information to implement exact match with each match
condition of an ACL rule. For more information about ACL, see HPE FlexNetwork MSR Router
Series Comware 5 ACL and QoS Configuration Guide.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals