Table of Contents
Advertisement
820
Viewing and changing the status of Firewall Filters
Stateful Packet Filters
Business Communications Manager supports stateful packet filtering for IP protocols. Stateful
packet filters monitor active sessions and record session information such as IP addresses and port
numbers. They maintain state information for each flow (TCP, UDP or ICMP). Stateful filters use
the state information to determine if a packet is responding to an earlier request that has been
validated by the rule set. If the packet is in response to a previous request, the packet is treated in
the same manner. It will either be blocked or allowed though.
Stateful packet filters protect your network against Internet attacks such as source spoofing, where
an attacker pretends to be a trusted user by using an IP address that is within the accepted range of
IP addresses of your internal network. Business Communications Manager stateful packet filtering
validates that addresses coming from outside the network are valid outside addresses. Stateful
packet filters also protect your network from a denial-of-service attack, where an attacker tries to
block valid users from accessing a resource or a server.
Stateful filtering supports TCP, UDP, IP, and ICMP. Stateful filtering supports the following
applications: H.323, FTP, HTTP, POP3, Telnet, SMTP, DNS, DHCP, TFTP, GOPHER, FINGER,
NNTP, NetBios, POP2, RPC, SNMP and SUNNFS.
IP Firewall filters and NAT
When you use NAT and IP Firewall filters, there are two interactions you need to be aware of.
•
On inbound traffic, the NAT rules are applied before the IP Firewall Filter rules.
•
On outbound traffic, the IP Firewall Filter rules are applied before the NAT rules.
Viewing and changing the status of Firewall Filters
1
On the navigation tree, click the Services key and click the Policy Management key.
2
Click the IP Firewall Filters heading.
The Firewall Filters Summary screen appears. The Summary screen attributes are:
Table 258 IP Firewall Filters Summary
Attribute
Description
Description
Shows a description of Firewall Filters.
Version
Shows the version number of the subsystem.
Status
Shows the status of Firewall Filters. This box also provides commands to enable or disable
Firewall Filters.
Possible values:
When the status is Enabled, the state of all of the traffic is monitored. Rules can then be set for
each of the interfaces, as necessary.
The default value is:
3
Press the Tab key to save your settings.
N0008589 3.3
Disabled
Enabled
,
Disabled.
Advertisement
Table of Contents
