Firewall - Symbol WS5000 Series System Reference Manual

6. The date settings of the hand-held are not current. Change the date setting of the hand-held to the
current dates.
Problem: 5 Hand-held looses ip address after some time. It shows 0.0.0.0 as IP address on renewing
the ip address.
Possible Reasons:
1. Try warm-booting the hand-held. This may be because of the problem in the hand-helds.

12.4 Firewall

WS5000, with the introduction of VPN services, acts as a device at the boundary between a public and a
private network. As such it must act not only as an encryption/decryption point but also as a gateway and a
firewall between two networks.Hence Firewall and Port Filter functionality is required, which can filter the
traffic based on a configured list of hosts. It also provides selective enable/disable of web (http or https), telnet
and ftp on the management interface.
WS5000 acts as gateway and a firewall between public and a private network in the below pattern:
• Public: Un-Trusted LAN
• Private: Trusted LAN
WS5000 provides limited stateless firewall functionality for a configurable list of peers on private and public
networks. Firewall filtering is based on the existing packet classification engine. Part of the existing packet
classification functionality allows the traffic that matches classifiers to be allowed or denied. Same
functionality is used to implement firewall filtering.
Following are the different policies applied for the packets from different type of hosts:
1. LAN 1 - This LAN object refers to all the clients configured on Ethernet 1 (ep =1 by default).
2. LAN 2 - This LAN object refers to all the wired clients (Non VPN)configured on Ethernet 2 (ep =2 by
default).
3. LAN_VPN - This LAN object refers to wired VPN clients (ep = 3, refers to virtual interface for VPN
clients).IN policy is applied before the packets from the private LAN are forwarded from the Packet
Switch to the VPN server.OUT policy is applied to the packets as the VPN server sends them to the
private LAN.
The filters can applied in any of the LAN context by attaching a network policy to the LAN object.
Filters for MU with or without VPN are applied by attaching Network Policy to the WLAN object in the appolicy
context.
4. Wired hosts without VPN - Filtering uses IN and OUT policies that are associated with a LAN
configuration object.
Note You can create any number of LAN objects but at any given instance only LAN
object can be associated with a particular Ethernet port.
Table 12.9 lists and describes the CLI commands used to manage firewall in WS5000:
Configuring the WS5100 WTLS VPN
12-19