Digi TransPort WR31 User Manual page 712
Hide thumbs
Also See for TransPort WR31:
- Technical support (26 pages) ,
- User manual (9 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
Configure security settings
UDP example
pass in
pass out
pass out on ppp 1 proto udp from any to 156.15.0.0/16 port=1234
inspect-state oos ppp 1 300 t=10 c=2 d=2
The first two rules simply configure the router to allow any type of packets to be transmitted or
received (the default action of the firewall is to block all traffic).
The third rule is more complex:
It configures the stateful inspection engine to watch for UDP packets (with any source address)
▪
being routed via the PPP 1 interface to any address that begins with 156.15 on port 1234.
If a hit occurs on this rule, but the router does not detect a reply within 10 seconds (as specified
▪
by the t= parameter), it increments an internal counter.
When this counter reaches the value set by the c= parameter, the stateful inspection engine
▪
marks the PPP 1 interface (and therefore any routes using it), as being out of service for 300
seconds.
Similarly, if this counter matches the d= parameter, the stateful inspection engine deactivates
▪
PPP 1.
The stateful inspection engine marks any routes that use PPP 1 as out of service AND
▪
deactivates PPP 1 if no reply is detected within 10 seconds for two packets in a row.
Routes come back into service when either the specified timeout expires or if there are no other
▪
routes with a higher metric in service.
PPP interfaces re-activate when the routes using them are back in service and there is a packet
▪
to route and the AODI mode parameter is set to On.
TCP example
pass out log break end on ppp 3 proto tcp from any to 192.168.0.1
flags S!A inspect-state oos 30 t=10 c=2 d=2
pass in
pass out
This rule specifically traces attempts to open a TCP connection on PPP 3 to the 192.168.0.1 IP
▪
address and if it fails within 10 seconds twice in a row, will cause the PPP 3 interface to be
flagged as out of service (such as its metric will be set to 16), for 30 seconds.
The optional d=2 entry also deactivates the PPP link. Deactivating the link can be useful in
▪
scenarios where renegotiating the PPP connection is likely to resolve the problem.
If a matching route with a higher metric is defined, the router uses it while PPP 3 routes are out
▪
of service, thus providing a powerful route backup mechanism.
Digi TransPort WR Routers User Guide
Firewall
707
- Quick Links:
- Transport Wr31
- Log in to the Device
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
