Black Box LWN602A User Manual page 113

Smartpath enterprise wireless system

Hide thumbs Also See for LWN602A:

User manual (196 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

Table of Contents

Class Number—Name

7—Network Control

6—Voice

5—Video

4—Controlled Load

3—Excellent Effort

2—Best Effort 1

1—Best Effort 2

0—Background

The rate limit for network control and voice is 0 kbps because guests are not permitted to run any applications that would

generate network control traffic or use VoIP applications. In this example, guests are expected to use cell phones or other phones

provided for them. (If you want to provide VoIP for guests, then you must enable the SIP ALG, add another rule to the firewall

policy permitting SIP traffic, and set the rate limit for voice at 128 kbps.)

Firewall Policy

You create a firewall policy that permits outgoing HTTP and HTTPS traffic from within the corporate network to the public

network but not to the corporate network itself. When applying the policy to a user profile, you apply a default action that denies

all incoming traffic and all other unspecified types of outgoing traffic.

Address Objects

To make address objects for use in firewall rules to block traffic to private IP address space in the internal network, click

Configuration > Advanced Configuration > Network Objects > IP Objects/Host Names > New, enter the following, and then click

Apply:

Network: (select)

Object Name: 10.0.0.0/8

In the IP Entry field, enter 10.0.0.0 for the IP address, 255.0.0.0 for the netmask, choose Global for the type, enter a useful

description such as Deny RFC 1918 (private addresses), and then click Apply.

To save the address and close the dialog box, click "Save."

Repeat the above to create two more address objects, one for 172.16.0.0/12 (IP address = 172.16.0.0; netmask = 255.240.0.0)

and another for 192.168.0.0/16 (IP address = 192.168.0.0; netmask = 255.255.0.0).

Custom Service

To make a custom service for NAT-T (NAT Traversal) to permit IKE traffic when traversing a NAT device, click Configuration >

Advanced Configuration > Network Objects > Network Services > New, enter the following, and then click Save:

Name: NAT-T

Description: NAT Traversal

IP Protocol: UDP (17)

Table 9-1. QoS rate limiting parameters.

Scheduling Type

Scheduling Weight

Strict

Weighted Round Robin

724-746-5500 | blackbox.com

Chapter 9: Common Configuration Examples

Weight % (Read

Policing Rate Limit

Only)

(kbps) (8-2.11a/b/g)

2000

Policing Rate Limit

(kbps) (802.11n)

2000

Page 113

Table of Contents

Chapters

Table of Contents

This manual is also suitable for:

Lwn602ae Lwn602ha Lwn602hae

Black Box LWN602A User Manual page 113

Chapters

Related Manuals for Black Box LWN602A

Related Products for Black Box LWN602A

This manual is also suitable for:

Table of Contents