EasyManua.ls Logo

Radware Alteon - Page 380

Radware Alteon
842 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Alteon Application Switch Operating System Application Guide
Filtering and Traffic Manipulation
380 Document ID: RDWR-ALOS-V2900_AG1302
Filtering is not limited to the few protocols and TCP or UDP applications shown in this example.
See Well-Known Application Ports, page 175 for a list of well-known applications ports.
1. Before you begin, you must be logged into the CLI as the administrator.
2. Assign an IP address to each of the network devices.
For this example, the network devices have the following IP addresses on the same IP subnet:
3. Create a default filter to deny and log unwanted traffic.
The default filter is defined as Filter 2048 in order to give it the lowest order of precedence:
Note: Because the proto parameter is not tcp or udp, the source port (sport) and destination
port (dport) values are ignored and may be excluded from the filter configuration.
4. Create a filter that allows external HTTP requests to reach the Web server.
The filter must recognize and allow TCP traffic with the Web server's destination IP address and
HTTP destination port:
Table 31: Web Cache Example Real Server IP Addresses
Network Device IP address
Local Subnet 205.177.15.0 - 205.177.15.255
Web Server 205.177.15.2
Mail Server 205.177.15.3
Domain Name Server 205.177.15.4
>> # /cfg/slb/filt 2048
(Select the default filter)
>> Filter 2048# sip any
(From any source IP addresses)
>> Filter 2048# dip any
(To any destination IP addresses)
>> Filter 2048# proto any
(For any protocols)
>> Filter 2048# action deny
(Deny matching traffic)
>> Filter 2048# name deny unwanted traffic
(Provide a descriptive name for the
filter)
>> Filter 2048# ena
(Enable the default filter)
>> Filter 2048# adv/log enable
(Log matching traffic to syslog)
>> Filter 2048# /cfg/slb/filt 1
(Select the menu for Filter 1)
>> Filter 1# sip any
(From any source IP address)
>> Filter 1# dip 205.177.15.2
(To Web server destination IP address)
>> Filter 1# dmask 255.255.255.255
(Set mask for exact destination address)
>> Filter 1# proto tcp
(For TCP protocol traffic)
>> Filter 1# sport any
(From any source port)
>> Filter 1# dport http
(To an HTTP destination port)
>> Filter 1# action allow
(Allow matching traffic to pass)

Table of Contents

Other manuals for Radware Alteon

Preview: Installation And Maintenance Guide
Installation And Maintenance Guide98 pages