Friday, September 08, 2006

Gnat box notes

sequence of setup:
Inbound tunnel - ext ip:port mapping w/ int ip:port
Remote Access filter - further narrow down from what IP to what IP; (allow any to any 25...)
IP passthru - i.e. VPN 192.168 allow all to corp subnet; (fe1 ok-> ex,fs; crm !-> ex,fs)

details:

IP Pass Through Filters

IP Pass Through Filters control access to and from IP addresses that have been specified as IP Pass Through addresses. IP Pass Through Filters are different from Remote Access and Outbound Filters in that they control both inbound and outbound access to/from the designated IP Pass Through addresses. Since IP Pass Through addresses are not translated, the GTA Firewall functions as a gateway for these addresses. IP Pass Through Filters utilize IP Pass Through addresses in the definitions, not GTA Firewall network interface addresses.

Typically, two filters are required for each different Hosts/Network IP Pass Through IP address: one for outbound access and the other for inbound access. IP Pass Through Filters are defined in the same manner as Remote Access or Outbound filters. The rules concerning filter order also apply.

If IP Pass Through hosts/networks are defined, defaulting filters will create a filter set based on the addresses defined on the Hosts/Networks screen. Since IP Pass Through hosts/networks can be defined in a variety of different combinations, the default filters will vary according to options selected. These system-generated filters can be modified to match your security requirements.

Create a Pair of Filters for a Defined IP Pass Through Host

  1. Create an empty filter definition, or edit an existing filter.

  2. An IP Pass Through address must have two filters, inbound and outbound. First create the Outbound filter. Complete the filter definition in the same manner as an Outbound filter, specifying the same source IP address as that of the IP Pass Through address. Save the filter.

  3. Create another filter for the inbound connection. Define the filter as you would a Remote Access Filter except that the destination IP address will be the IP Pass Through address, not the IP address on the GTA Firewall network interface. Save the filter.

  4. Once you have completed all the desired IP Pass Through Filters, click the Save button on the filter set to save the filters and apply them to the system.

0 Comments:

Post a Comment

<< Home