Chapter 5
Setup and Configuration
6.
Associate an interface with each zone. For more information about associating interfaces with zones, refer to
Section 5.17.9.3, "Associating an Interface with a
7.
Set the default policies for traffic control between zones. Make sure the policies are as restrictive as possible.
For more information about configuring policies, refer to
8.
Configure the network address translation (NAT), masquerading or static network address translation (SNAT)
settings. For more information about configuring NAT settings, refer to
Address Translation
refer to
Section 5.17.13, "Managing Masquerade and SNAT
9.
If hosts on the network must accept sessions from the Internet, configure the firewall to support Destination
Network Address Translation (DNAT). For more information about configuring hosts, refer to
"Managing
Hosts".
10. If required, configure rules that override the default policies. For more information about configuring rules,
refer to
Section 5.17.14, "Managing
11. If required, configure support for a VPN. For more information, refer to:
•
Section 5.17.6, "Configuring the Firewall for a VPN"
•
Section 5.17.7, "Configuring the Firewall for a VPN in a DMZ"
12. Validate the configuration. For more information about validating a firewall configuration, refer to
Section 5.17.15, "Validating a Firewall
13. Enable the firewall. For more information, refer to
14. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Section 5.17.4
Deleting a Firewall
To delete a firewall, do the following:
1.
Make sure the CLI is in Configuration mode.
2.
Delete the firewall by typing:
no security firewall fwconfig firewall
Where:
• firewall is the name of the firewall
Type commit and press Enter to save the changes, or type revert and press Enter to abort.
3.
Section 5.17.5
Working with Multiple Firewall Configurations
RUGGEDCOM ROX II allows users to create multiple firewall configurations and work with one configuration
while another is active.
To set one configuration as the working configuration and another as the active configuration, do the following:
1.
Make sure the CLI is in Configuration mode.
2.
Specify the work configuration by typing:
272
Settings". For more information about configuring masquerading and/or SNAT settings,
Rules".
Configuration".
Zone".
Section 5.17.11, "Managing
Section 5.17.12, "Managing Network
Settings".
Section 5.17.16, "Enabling/Disabling a
RUGGEDCOM ROX II
CLI User Guide
Policies".
Section 5.17.10,
Firewall".
Deleting a Firewall