Neoware Firewall User Manual Introduction & CHAPTER 1 Installation This chapter introduces Neoware Firewall and describes the installation procedure. What is Neoware Firewall? Neoware Firewall is a utility to assist in the configuration of IP security policies to protect your thin client by establishing a local firewall.
Introduction & Installation not require the Windows Firewall, and Neoware Firewall can func- tionally replace the Windows Firewall for incoming traffic. Installation Procedure Neoware thin clients may have Neoware Firewall already installed. If you need to re-install it, the standard snap-in installation proce- dure applies.
Neoware Firewall User Manual Configuring Neoware CHAPTER 2 Firewall This chapter describes how to configure Neoware Firewall to provide the level of protection required for your thin client. Introduction Neoware Firewall is disabled by default. If you are using ezUpdate and have configured your FTP server to use passive data connec- tions, you will need to configure Neoware Firewall for passive FTP before enabling it.
Configuring Neoware Firewall Starting the Configuration Utility Neoware Firewall is configured using a utility that is accessed from the Start menu. To run the utility, select Start > All Programs > Neoware Firewall Configuration Utility. The utility will display an introductory screen then a dialog listing all the currently defined firewall filters.
Configuring Neoware Firewall Currently Defined Firewall Filters The main dialog of the Neoware Firewall configuration utility shows a list of all the currently defined firewall filters, together with some descriptive information. Neoware Firewall provides a default set of predefined firewall filters so that you can use the firewall immediately.
Configuring Neoware Firewall Changing the Filter To change the assignment of a filter: Assignment Click the check box next to any of the listed filters to change its status (assigned or unassigned). Click the Save button to make the changed setting take immedi- ate effect.
Configuring Neoware Firewall Adding a New Filter To add a new firewall filter, click the Add button to display the Add a Filter dialog. This dialog enables you to enter all the necessary information for your filter. You must enter a name for your filter in the Filter Name field, and specify the Filter Action by selecting either Permit traffic or Block traffic.
Page 12
Configuring Neoware Firewall To add a rule, click the Add button (in the Add a Filter dialog) to display the Add a Rule dialog. In this dialog, enter a Rule Name, provide a Description, and spec- ify the rule details. After adding a rule, click OK to save the current settings to that rule.
Configuring Neoware Firewall Saving & Applying the Firewall Configuration When you have finished making changes to the firewall configura- tion, click the Save button in the main Neoware Firewall Configu- ration Utility dialog to save the settings and make the new security policy take effect.
Neoware Firewall User Manual Exporting a Neoware CHAPTER 3 Firewall Configuration This chapter describes how to export a Neoware Firewall configu- ration to other thin clients. Introduction Once you have defined and saved your security policy configura- tion, you may also want to apply the same configuration to other thin clients.
Exporting a Neoware Firewall Configuration A dialog will be displayed asking you to specify a name and destina- tion directory for the export (IP Security Template) file. Clicking Save will create an executable batch file which you can send to other thin clients, either manually or by using Neoware’s ezRemote Manager.
Page 17
Exporting a Neoware Firewall Configuration Apply the exported template batch file on the target thin client. Overwrite the MFWC.DAT file on the target thin client with the MFWC.DAT file from the source of the exported batch file. Exporting Displayed Data...
Page 18
Exporting a Neoware Firewall Configuration Exporting Displayed Data...
Page 19
Neoware Firewall User Manual Default Neoware APPENDIX A Firewall Rules This appendix lists and describes the default set of rules provided with Neoware Firewall. This appendix describes all the standard filters provided with Neoware Firewall, and their default settings. Each filter description includes the rules and settings associated with them.
Page 20
Default Neoware Firewall Rules Applications \ System Assigned: Yes Action: Permit Ports required for specific applications and services. Rule Name: BootPS\DHCP Allows DHCP requests/renewals. UDP protocol, any source port, destination port 67, source address my IP address, destination address any IP address, mirrored. Rule Name: DNS (TCP) Allows connections to DNS servers via TCP.
Page 21
Default Neoware Firewall Rules Rule Name: ICA Allows connections to Terminal Servers via ICA. TCP protocol, any source port, destination port 1494, source address my IP address, destination address any IP address, mirrored. Rule Name: ICA Browser Allows locating Citrix ICA servers. UDP protocol, any source port, destination port 1604, source address my IP address, destination address any IP address, mirrored.
Page 22
Default Neoware Firewall Rules Rule Name: RDP Allows connections to terminal servers via RDP. TCP protocol, any source port, destination port 3389, source address my IP address, destination address any IP address, mirrored. Rule Name: SSH Allows Secure Shell remote logons to hosts. TCP protocol, any source port, destination port 22, source address my IP address, desti- nation address any IP address, mirrored.
Page 23
Default Neoware Firewall Rules File Sharing Assigned: Yes Action: Permit Ports required to allow sharing files across the network. Rule Name: Epmap Inbound DCE Endpoint Resolution. TCP protocol, any source port, destina- tion port 135, source address any IP address, destination address my IP address, mirrored.
Page 24
Default Neoware Firewall Rules Rule Name: Netbios-ns Outbound Netbios Name Service. UDP protocol, any source port, destination port 137, source address my IP address, destination address any IP address, mirrored. Rule Name: Netbios-ssn Inbound Netbios Session Service. TCP protocol, any source port, destination port 139, source address any IP address, destination address my IP address, mirrored.
Page 25
Default Neoware Firewall Rules ICMP Assigned: Yes Action: Permit Allows Inbound and Outbound ICMP traffic. Rule Name: ICMP Inbound Allows Inbound ICMP traffic. ICMP protocol, any source port, any destination port, source address any IP address, destination address my IP address, not mirrored. Rule Name: ICMP Outbound Allows Outbound ICMP traffic.
Page 26
Default Neoware Firewall Rules Rule Name: 40003 MMS Agent. TCP protocol, any source port, destination port 40000, source address my IP address, destination address any IP address, mirrored. Neoware Management Assigned: Yes Action: Permit Ports required by Neoware ezRemote Manager. Rule Name: ezRM Locate Allus units to be located with ezRemote Manager.
Neoware Firewall User Manual Index adding a filter editing a filter adding rules exporting a configuration All Inbound Traffic filter exporting displayed data All Oubound Traffic filter ezUpdate Applications System filter assign filter 5, 6 File Sharing filter assigning a configuration filter adding batch file...
Page 28
Index Grid Center filter passive FTP ICMP filter removing a filter installation procedure rules introduction adding IP security template file defining MFWC.DAT file saving a configuration MMS filter starting configuration utility Neoware Management filter Windows Firewall...