DMZ Firewall Solution for the Express Router
07-12-99 Version 1.0 22
Filter Function Settings
Src. address type: All
Src. port: All
2 Prevents tunnel packets from entering
the DMZ network
Action: Discard
Protocol: TCP
Dest. address type: All
Dest port: Tunnel
Src. address type: All
Src. port: All
3 Prevents RSVP packets from entering
the DMZ network/router. Three
separate filters are required.
Action: Discard
Protocol: RSVP
Dest. address type: All
Dest. port : All
Src. address type: All
Src. port : All
4 Action: Discard
Protocol: UDP
Dest. address type: All
Dest. port : 1698
Src. address type: All
Src. port : All
5 Action: Discard
Protocol: UDP
Dest. address type: All
Dest. port : 1699
Src. address type: All
Src. port : All
6 Prevents BootP updates from entering
the DMZ network/router.
Action: Discard
Protocol: UDP
Dest. address type: All
Dest. port: 67
Src. address type: All
Src. port: All
7 Prevents Syslog updates from entering
the DMZ network/router
Action: Discard
Protocol: UDP
Dest. address type: All
Dest. port: 514
Scr. address type: All
Src. port : All
8
Discards all packets that fake the IP
address of the router on LAN1 as these
packets are allowed to pass the Tx filter
on LAN1
Action: Discard
Protocol: UDP
Dest. address type: All
Dest. port: All
Scr. address type: Host
Src. address: <LAN1 IP address>
Src. port : All