3 Firewall Configuration
About This Chapter
The attack defense system protects an internal network against attacks from external networks;
therefore, firewalls are generally deployed between the internal and external networks to prevent
attacks.
3.1 Firewall Overview
A firewall discards unwanted packets and protects the systems and key resources on the internal
network.
3.2 Firewall Features Supported by the AR1200-S
The firewall features supported by the AR1200-S include ACL-based packet filtering, blacklist,
whitelist, application specific packet filter (ASPF), port mapping, virtual firewall, attack defense,
traffic statistics and monitoring, and logs.
3.3 Configuring Zones
All the security policies of the firewall are enforced based on zones.
3.4 Configuring the Packet Filtering Firewall
The packet filtering firewall filters packets by using an ACL.
3.5 Configuring the Blacklist
You can manually add entries to the blacklist or configure a dynamic blacklist. If you choose
the dynamic blacklist, enable IP address scanning and port scanning defense on the attack defense
module of the AR1200-S. When the AR1200-S detects that the connection rate of an IP address
or a port exceeds the threshold, the AR1200-S considers that a scanning attack occurs, and adds
the source IP address to the blacklist. All the packets from this source IP address are then filtered
out.
3.6 Configuring the Whitelist
Whitelists are applicable to networks where devices send valid service packets that resemble IP
address or port scanning attack packets. Whitelists prevent these devices from being added to
the blacklist.
3.7 Configuring ASPF
The ASPF function can detect sessions that attempt to traverse the application layer and deny
the undesired packets. In addition, ASPF enables application protocols that cannot traverse
firewalls to function properly.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security 3 Firewall Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
42
To Next Page
Loading...
