Example 2: Simple Zone Configuration In Oa-700 - Alcatel-Lucent OmniAccess 700 Cli Configuration Manual

14. Configuring the Firewall Policy to Protect Against the DoS Attack.
ALU(config)#firewall
ALU(config-firewall)# policy prevent
ALU(config-firewall-prevent)# match any
drop
Applying this firewall policy to the trust and DMZ as an IN policy to protect the
network against the Dos attacks.
ALU(config-if Serial0:0)#firewall policy in prevent
E 2: S
XAMPLE IMPLE
In OA-700, you can define classification for trusted/untrusted/dmz traffic in
ACL, NAT, or DoS policies, and further apply these policies to the interfaces:
Match-list trusted
Match-list dmz
Ip 148.64.4.0/24 any
Match-list any-ip
Ip nat nat-policy
Ip filter permit-dmz-policy
Ip filter deny-untrusted-policy
Suppose Gigabit Ethernet 7/1 is facing external networks, you will need to
apply these NAT and Filter policies to this interface:
Interface GigabitEthernet7/1
Ip nat out nat-policy
Ip filter out permit-dmz-policy
translation
Ip filter in deny-untrusted-policy
traffic originated from outside.
Exit
CLI Configuration Guide
Beta
Z C
ONE ONFIGURATION IN
Ip 10.1.1.0/24 any
Ip any any
Match trusted source-nat
Match dmz permit
Match any-ip deny
Alcatel-Lucent
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
DoS attack atk1
OA-700
//Physical i/f to untrusted networks
//This will NAT internal traffic
//This will permit DMZ traffic without
//This will deny all untrusted
//Done
Zone Configuration
707
Beta