Table of Contents
Advertisement
Chapter 6
Security
To configure the firewall for a VPN in a DMZ, do the following:
1.
Make sure a basic firewall has been configured. For more information about configuring a firewall, refer to
Section 6.9.3, "Adding a
2.
Make sure a zone called dmz exists. For more information about managing zones, refer to
"Managing
Zones".
3.
Configure rules with the following parameter settings for the UDP, Authentication Header (AH) and
Encapsulation Security Payload (ESP) protocols:
NOTE
The IPsec protocol operations on UDP port 500, using protocols Authentication Header (AH) and
Encapsulation Security Payload (ESP) protocols. The firewall must be configured to accept this
traffic in order to allow the IPsec protocol.
Action
Accept
Accept
Accept
Accept
Accept
Accept
For more information about configuring rules, refer to
Section 6.9.8
Configuring Netfilter
To configure Netfilter, do the following:
1.
Make sure the CLI is in Configuration mode.
2.
Set the time in seconds (s) a stale TCP connection can reside in the connection tracking table by typing:
admin system tcp-est-conn-track-timeout value
Where value is a number between 300 and 432000. The default value is 432000 s, or five days.
Type commit and press Enter to save the changes, or type revert and press Enter to abort.
3.
Section 6.9.9
Managing Zones
A network zone is a collection of interfaces for which forwarding decisions are made. Common zones include:
Zone
Net
Loc
190
Firewall".
Source-Zone
Destination-Zone
Net
dmz
Net
dmz
Net
dmz
dmz
Net
dmz
Net
dmz
Net
Protocol
Ah
Esp
UDP
Ah
Esp
Udp
Section 6.9.15, "Managing
Description
The Internet
The local network
RUGGEDCOM ROX II
CLI User Guide
Section 6.9.9,
Dest-Port
—
—
500
—
—
500
Rules".
Configuring Netfilter
Hide quick links:
Advertisement
Chapters
Table of Contents
