Table of Contents
Advertisement
Web OS 10.0 Application Guide
Configuring a Filter-Based Security Solution
Before you begin, you must be connected to the switch CLI as the administrator.
In this example, all filters are applied only to the switch port that connects to the Internet. If
intranet restrictions are required, filters can be placed on switch ports connecting to local
devices.
Also, filtering is not limited to the few protocols and TCP or UDP applications shown in this
example. See
protocols and applications.
1.
Assign an IP address to each of the network devices.
For this example, the network devices have the following IP addresses on the same IP subnet:
Table 7-4 Web Cache Example: Real Server IP Addresses
Network Device
Local Subnet
Web Server
Mail Server
Domain Name Server
2.
Create a default filter that will deny and log unwanted traffic.
The default filter is defined as Filter 224 in order to give it the lowest order of precedence:
>> # /cfg/slb/filt 224
>> Filter 224# sip any
>> Filter 224# dip any
>> Filter 224# proto any
>> Filter 224# action deny
>> Filter 224# name deny unwanted traffic (Provide a descriptive name for the
>> Filter 224# ena
>> Filter 224# adv/log enable
N
OTE
nation port (dport) values are ignored and may be excluded from the filter configuration.
n
186
Chapter 7: Filtering
Table 7-1 on page 171
IP address
205.177.15.0 - 205.177.15.255
205.177.15.2
205.177.15.3
205.177.15.4
–
Because the proto parameter is not tcp or udp, the source port (sport) and desti-
and
Table 7-2 on page 171
(Select the default filter)
(From any source IP addresses)
(To any destination IP addresses)
(For any protocols)
(Deny matching traffic)
filter)
(Enable the default filter)
(Log matching traffic to syslog)
for a list of other well-known
212777-A, February 2002
Advertisement
Table of Contents
