Intel 9515 Saw User Manual


 
DMZ Firewall Solution for the Express Router
07-12-99 Version 1.0 9
Filter Function Settings
Src. address: 10.2.0.2
Src. port: = 80
2 Allows FTP (only passive connections)
from secure LAN to the FTP proxy
server on the DMZ (see note 1).
Two filters are required.
Action: Pass
Protocol: TCP
TCP flags: ACK
Dest. address type: All
Dest. port: >1023
Src. address type: Host
Src. address: 10.2.0.2
Src. port: = 21
3
Action: Pass
Protocol: TCP
TCP flags: ACK
Dest. address type: All
Dest. port: >1023
Src. address type: Host
Src. address: 10.2.0.2
Src. port: >1023
4 Allows incoming mail (SMTP) from
DMZ to secure LAN.
Action: Pass
Protocol: TCP
TCP flags: All
Dest. address type: Host
Dest. address: 10.5.0.1
Dest. port: = 25
Src. address type: Host
Src. address: 10.2.0.3
Src. port: > 1023
5 Allows outgoing mail (SMTP) from
secure LAN to DMZ.
Action: Pass
Protocol: TCP
TCP flags: ACK
Dest. address type: Host
Dest. address: 10.5.0.1
Dest. port: > 1023
Src. address type: Host
Src. address: 10.2.0.3
Src. port: = 25
6 Allows incoming News (NNTP) from
DMZ to secure LAN (see note 2).
Action: Pass
Protocol: TCP
TCP flags: All
Dest. address type: Host
Dest. address: 10.5.0.2
Dest. port: = 119
Src. address type: Host
Src. address: 10.2.0.4
Src. port: > 1023
7 Allows outgoing News (NTTP) to DMZ
from secure LAN.
Action: Pass
Protocol: TCP
TCP flags: ACK
Dest. address type: Host