Table of Contents
Advertisement
Ubigate iBG3026 Configuration Guide
CHAPTER 23.
Firewall NAT
Overview
Security module in Ubigate iBG3026 consists of various components such as
Stateful inspection firewall, IPSec VPN, Public Key Infrastructure and Access
Control List(ACL). This chapter introduces Ubigate iBG3026's firewall and
its typical configuration.
The Ubigate iBG3026 has Smart Forwarder as a dataplane forwarding engine.
So, the forwarding of packets in security module is performed in the context
of Smart Forwarder task. The components of security module may have
control plane such as IKE(Internet Key Exchange) for VPN, SCEP for
certificate enrollment in PKI, etc. These control plane activities are performed
in the context of separate tasks such as IKES, SCEP, etc.
Whenever an IP packet in transit gets to Smart Forwarder, it checks whether
the interface on which the packet arrived is registered for security processing
or not. If registered, it is processed for security. Otherwise, it is put through
regular IP forwarding. Similarly, whenever a packet gets to the Smart
Forwarder from the local TCP/IP stack, it is checked if the outbound interface
is registered with security and if so, it is processed for security.
The firewall in security module is a Stateful inspection firewall for IPv4.
In this, packets are allowed or denied to be forwarded through the system
based on pre-defined policies. When a packet is allowed by the firewall policy,
in real time, an association with limited lifetime is created for the packet with
the combination of various fields in the packet such as Source IP, Source port,
Destination IP, Destination port, Protocol, etc. Based on the protocol type, the
association maintains a state or pseudo-state.
231
© SAMSUNG Electronics Co., Ltd.
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
