Table of Contents
Advertisement
3Com Router 3000 Ethernet Family
Configuration Guide
Chapter 6 Firewall Configuration
6.1 Introduction to Firewall
In building construction, firewall is designed to prevent fire spreading from one part of
the building to another part. Network firewall serves to the similar purpose: to prevent
the Internet danger from spreading to your internal network.
On the one hand, firewall prohibits unauthorized or unauthenticated access from the
Internet to the protected network. On the other hand, firewall permits internal network
subscribers to Web access the Internet or send/receive E-mails. Firewall can also
serve as an authority control gateway for accessing the Internet, for example, to permit
specific person in an organization to access the Internet. Many firewalls now still bear
some other attributes, such as subscriber identification, information security
(encryption) processing and so on.
In addition to protecting Internet connection, a firewall can protect mainframes and
important resources (such as data) on your network as well. All accesses to the
protected data should pass the firewall, even for internal access from inside the
organization.
When subscribers of external networks access internal network resources, they pass
the firewall, so do internal network subscribers who access external network resources.
In this case, firewall plays a role like a "guard" who discards data packets that should be
prohibited.
In V 2.41, firewall mainly refers to ACL-based packet filter (referred to as ACL/packet
filter throughout this manual), application specific packet filter (ASPF, also known as
stateful firewall), and NAT. For more information about NAT, refer to the "Network
Protocol" part in this manual. The following sections in this chapter mainly introduce
ACL/packet filter and stateful firewall.
6.1.1 ACL/Packet Filter
I. ACL/Packet filter overview
The application of ACL/packet filter on the router endows the router with packet filter
function. ACL/packet filter filters IP packets. For data packet that should be forwarded
by the router, first obtain the header information of the packet, including upper layer
protocol number over IP Layer, source address, destination address, source port and
destination port of the packet, then compare with the configured ACL rule. Decide
whether to forward or discard the packet according to the comparison result.
3Com Corporation
6-1
Chapter 6 Firewall Configuration
Advertisement
Chapters
Table of Contents
Troubleshooting
