Chapter 29 - Maintaining The Router
Gauntlet Security
RX1100 owners can use the Gauntlet security appliance to restrict access to critical
assets. This section details how to activate Gauntlet and determine currently
negotiated sessions. Details and recommendations on applying the Gauntlet system
to networking may be found in texts referenced in the About This Guide section of
the user guide.
What And How Gauntlet Protects
Gauntlet protects against unauthorized access to critical assets, including the router
itself. Gauntlet allows connection from known management devices to assets behind
the firewall operating on known TCP/UDP port numbers. Gauntlet does not encrypt
communications which occur in the clear, such as sessions using the Telnet protocol.
Protocols such as SSH and HTTPS offer their own encryption and are suitable for use
with Gauntlet.
Gauntlet And The Firewall
Gauntlet integrates tightly with the firewall, opening it for communications between
vetted clients and critical assets on a demand basis. There are three steps in activating
the Gauntlet security appliance:
Step 1 of 3 - Shorewall Configuration
• Use the RX1000 Installation Guide and RuggedRouter User Guide to set up the
RX1100 and gain access to rrsetup via the console port. Use Restore a Previous
Configuration to Reload Factory Defaults. Change passwords, port IP address
information, set the hostname, and set the date, time and time zone. Do not yet
use Gauntlet Setup.
• Using Webmin: (HINT - Webmin access from CCC server validates the
network connection) visit the Shorewall Firewall menu, Network Zones sub-
menu and add the "net" and "loc" IPv4 zones. This document defines the zone
for WAN interfaces as "net" and the zone for local interfaces as "loc".
Zone ID Zone type
fw Firewall System
net IPv4
loc IPv4
• Visit the Network Interfaces sub-menu and assign interfaces to the zones. For
example, eth1 = net, eth2 = loc. Visit the Default Policies sub-menu and assign
the following policies:
Source zone Destination zone Policy
fw any ACCEPT
loc net ACCEPT
all any DROP
RuggedCom 263
To Next Page
Loading...
Need help?
General
