Table of Contents
Advertisement
Multi Service Edge Device HL950
Administrator's Guide
4.6.1.1
CONNECTION
The SECURITY CONNECTION command is used to manage firewall connection limits.
By using the SET prefix you can configure the maximum number of connections allowed through the
HL950 for the following networks:
Corporate (LAN)
!
External (WAN)
!
Self (SELF)
!
External to Self (WSELF)
!
DMZ (DMZ)
!
For detailed information about prefixes and parameters for the SECURITY CONNECTION
command, see section 6.6.4.
4.6.1.2
ACCESS
The SECURITY ACCESS command lets you define an access scheme for the HL950 system from the
internal, external and DMZ networks.
Use the SET prefix to enable/disable the following access rules:
Web Login (from LAN, WAN and DMZ) – enables HTTP configuration access from the
!
respective network interface.
Ping (from LAN, WAN and DMZ) – enables you to control whether or not ping (ICMP Echo
!
Request packets and ICMP Echo Response packets belonging to the same session) should be
allowed to be initiated from LAN, WAN, and DMZ. By disabling ping on a WAN network
interface you will deny any attacker from discovering what hosts are on your corporate
network with ping or any other ICMP Echo Request/Response based tool. It will also protect
your corporate hosts from "ping of death" and other DoS attacks that target vulnerabilities in
EN/LZT 108 5995 R3
June 2003
Figure 31
Stateful Inspection Firewall and NAT
Page 72 (159)
Advertisement
Table of Contents
