Table of Contents
Advertisement
iPBX30 User Manual
9
Configuring Firewall and NAT
The iPBX30 provides built-in firewall/NAT functions, enabling you
to protect the system against denial of service (DoS) attacks and
other types of malicious accesses to your LAN while providing
Internet access sharing at the same time. You can also specify how
to monitor attempted attacks, and who should be automatically
notified.
This chapter describes how to create/modify/delete ACL (Access
Control List) rules to control the data passing through your network.
You will use firewall configuration pages to:
• Configure firewall global and DoS settings
• Create, modify, delete and view ACL rules.
When you define an ACL rule, you instruct the
iPBX30 to examine each data packet it receives to
determine whether it meets criteria set forth in the
rule. The criteria can include the network or internet
protocol it is carrying, the direction in which it is
traveling (for example, from the LAN to the Internet or
vice versa), the IP address of the sending computer,
the destination IP address, and other characteristics
of the packet data.
If the packet matches the criteria established in a
rule, the packet can either be accepted (forwarded
towards its destination), or denied (discarded),
depending on the action specified in the rule.
9.1
Firewall Overview
9.1.1 Stateful Packet Inspection
The stateful packet inspection engine in the iPBX30 maintains a
state table that is used to keep track of connection states of all the
packets passing through the firewall. The firewall will open a "hole"
to allow the packet to pass through if the state of the packet that
belongs to an already established connection matches the state
maintained by the stateful packet inspection engine. Otherwise,
the packet will be dropped. This "hole" will be closed when the
connection session terminates. No configuration is required for
Chapter 9
61
Advertisement
Table of Contents
