RUGGEDCOM ROX II
User Guide
Chapter 5
Setup and Configuration
Managing Zones 375
2. Make sure a basic firewall has been configured. For more information about configuring a firewall, refer to
Section 5.17.3, “Adding a Firewall”.
3. Change the mode to Edit Private or Edit Exclusive.
4. Navigate to security » firewall » fwconfig and select the firewall to configure.
5. Make sure a zone called dmz exists. For more information about managing zones, refer to Section 5.17.8,
“Managing Zones”.
6. Configure rules with the following parameter settings for the UDP, Authentication Header (AH) and
Encapsulation Security Payload (ESP) protocols:
NOTE
The IPsec protocol operations on UDP port 500, using protocols Authentication Header (AH) and
Encapsulation Security Payload (ESP) protocols. The firewall must be configured to accept this
traffic in order to allow the IPsec protocol.
Table: Example
Action Source-Zone Destination-Zone Protocol Dest-Port
Accept Net dmz Ah —
Accept Net dmz Esp —
Accept Net dmz UDP 500
Accept dmz Net Ah —
Accept dmz Net Esp —
Accept dmz Net Udp 500
For more information about configuring rules, refer to Section 5.17.14, “Managing Rules”.
Section 5.17.8
Managing Zones
A network zone is a collection of interfaces for which forwarding decisions are made. Common zones include:
Table: Example
Zone Description
Net The Internet
Loc The local network
DMZ Demilitarized zone
Fw The firewall itself
Vpn1 IPsec connections on w1ppp
Vpn2 IPsec connections on w2ppp
New zones may be defined as needed. For example, if each Ethernet interface is part of the local network zone,
disabling traffic from the Internet zone to the local network zone would disable traffic to all Ethernet interfaces. If
access to the Internet is required for some Ethernet interfaces, but not others, a new zone may be required for
those interfaces.
To Next Page
Loading...
