Chapter 6
Security
RUGGEDCOM ROX II
CLI User Guide
190 Configuring Netfilter
To configure the firewall for a VPN in a DMZ, do the following:
1. Make sure a basic firewall has been configured. For more information about configuring a firewall, refer to
Section6.9.3, “Adding a Firewall”.
2. Make sure a zone called dmz exists. For more information about managing zones, refer to Section6.9.9,
“Managing Zones”.
3. Configure rules with the following parameter settings for the UDP, Authentication Header (AH) and
Encapsulation Security Payload (ESP) protocols:
NOTE
The IPsec protocol operations on UDP port 500, using protocols Authentication Header (AH) and
Encapsulation Security Payload (ESP) protocols. The firewall must be configured to accept this
traffic in order to allow the IPsec protocol.
Action Source-Zone Destination-Zone Protocol Dest-Port
Accept Net dmz Ah —
Accept Net dmz Esp —
Accept Net dmz UDP 500
Accept dmz Net Ah —
Accept dmz Net Esp —
Accept dmz Net Udp 500
For more information about configuring rules, refer to Section6.9.15, “Managing Rules”.
Section6.9.8
Configuring Netfilter
To configure Netfilter, do the following:
1. Make sure the CLI is in Configuration mode.
2. Set the time in seconds (s) a stale TCP connection can reside in the connection tracking table by typing:
admin system tcp-est-conn-track-timeout value
Where value is a number between 300 and 432000. The default value is 432000 s, or five days.
3. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Section6.9.9
Managing Zones
A network zone is a collection of interfaces for which forwarding decisions are made. Common zones include:
Zone Description
Net The Internet
Loc The local network
To Next Page
Loading...
Need help?
General
