Managing Zones - Siemens RX1500 User Manual

RUGGEDCOM ROX II
User Guide
2. Make sure a basic firewall has been configured. For more information about configuring a firewall, refer to
Section 5.17.3, "Adding a
3. Change the mode to Edit Private or Edit Exclusive.
Navigate to security » firewall » fwconfig and select the firewall to configure.
4.
5. Make sure a zone called dmz exists. For more information about managing zones, refer to
"Managing Zones".
6. Configure rules with the following parameter settings for the UDP, Authentication Header (AH) and
Encapsulation Security Payload (ESP) protocols:
NOTE
The IPsec protocol operations on UDP port 500, using protocols Authentication Header (AH) and
Encapsulation Security Payload (ESP) protocols. The firewall must be configured to accept this
traffic in order to allow the IPsec protocol.
Table: Example
Action
Accept
Accept
Accept
Accept
Accept
Accept
For more information about configuring rules, refer to
Section 5.17.8

Managing Zones

A network zone is a collection of interfaces for which forwarding decisions are made. Common zones include:
Table: Example
Zone
Net
Loc
DMZ
Fw
Vpn1
Vpn2
New zones may be defined as needed. For example, if each Ethernet interface is part of the local network zone,
disabling traffic from the Internet zone to the local network zone would disable traffic to all Ethernet interfaces. If
access to the Internet is required for some Ethernet interfaces, but not others, a new zone may be required for
those interfaces.
Managing Zones
Firewall".
Source-Zone Destination-Zone
Net dmz
Net dmz
Net dmz
dmz Net
dmz Net
dmz Net
Protocol
Ah
Esp
UDP
Ah
Esp
Udp
Section 5.17.14, "Managing
Description
The Internet
The local network
Demilitarized zone
The firewall itself
IPsec connections on w1ppp
IPsec connections on w2ppp
Chapter 5
Setup and Configuration
Section 5.17.8,
Dest-Port
—
—
500
—
—
500
Rules".
375