Table of Contents
Advertisement
17 Security Services - Firewalling
17.1 Operation of the Firewall
What is the AST570
Firewall
How the AST570
Firewall works
218 / 300
The AST570 Firewall is a set of related programs that protects the
resources of your local network from users from other networks.
Basically, a firewall examines each network packet to determine
whether to forward it toward its destination. Firewalls work in most
cases closely together with a proxy server that makes network
requests on behalf of your local network users.
For the AST570 Firewall the AST570 acts as well as network
gateway and proxy server to contact the outside world via the DSL
line
The AST570 Firewall is in fact a packet filter: inside and outside
nodes are visible to each other at the IP level, but the firewall
filters out, i.e. blocks the passage of certain packets, based on
their header.
Packets are intercepted at certain Packet Interception Point (PIP),
called hooks, in the AST570 IP router. At this points, they are
matched against a chain, which comprises rules (at least one).
These rules determine the type of control implemented on the
packets.
Incoming and outgoing traffic is validated by comparing certain
values in the packets with configured Firewall parameters. The
parameters in a rule can be divided according to the protocol to
which they belong: a first group validates traffic on the interface
level, a second group on IP level, a third group filters on TCP , UDP
and ICMP level.
3EC 17766 AAAA TCZZA Ed. 04
Advertisement
Table of Contents
