Black Box LWN602A User Manual page 114

Smartpath enterprise wireless system

Hide thumbs Also See for LWN602A:

User manual (196 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

Table of Contents

Chapter 9: Common Configuration Examples

Port Number: 4500

Service Idle Timeout: 1800

ALG Type: (leave blank)

Firewall Policy Rules

To create an IP firewall policy to control outgoing traffic, click Configuration > Advanced Configuration > Security Policies > IP

Policies > New, and enter the following:

Policy Name: guest-IP-policy-from-access

Description: Allow guests to access the public network

To add rules to permit DHCP, DNS, HTTP, HTTPS, IKE, and NAT-T to the public network while denying any type of traffic to the

internal network, enter the following (CTRL-click to select multiple services):

(Action)

Click "New."

* You do not enable logging for DHCP and DNS services because they would generate too many log entries. You enable logging

for packets that SmartPath EMS drops because of the enforcement of rules that deny traffic (Dropped Packets) and the logging of

session initiation and termination (Both) for traffic permitted by policy rules.

†Because the source for DHCPDISCOVER and DHCPREQUEST messages does not yet have an IP address and the destination is

255.255.255.255 for broadcast traffic, both the source and destination IP addresses must be set as "[-any-]".

‡Press the SHIFT key while selecting multiple contiguous services, and the CTRL key while selecting multiple contiguous or non-

contiguous services. When you click Apply, SmartPath EMS generates a separate rule for each service.

SmartPath EMS adds new rules to the bottom of the rule list, so that if you enter the rules in the order presented above, they will

already be in the correct positions, as shown in Figure 9-15. The SmartPath AP firewall checks policy rules from top to bottom and

applies the first match that it finds.

Page 114

Table 9-2. CTRL-click to select multiple services.

Source

Destination

[-any]

[-any-]*

[-any-]

10.0.0.0/8

[-any-]

172.16.0.0/12

[-any-]

192.168.0.0/16

[-any-]

724-746-5500 | blackbox.com

Service‡

Action

DHCP-Server, DNS†

Permit

[-any-]

Deny

[-any-]

Deny

[-any-]

Deny

HTTP, HTTPS,

Permit

IKE, NAT-T

[-any-]

Deny

Logging*

(Action)

Off

Click "Apply."

Dropped Packets

Click "Apply."

Dropped Packets

Click "Apply."

Dropped Packets

Click "Apply."

Both

Click "Apply."

Dropped Packets

Click "Apply."

Table of Contents

Chapters

Table of Contents

This manual is also suitable for:

Lwn602ae Lwn602ha Lwn602hae

Black Box LWN602A User Manual page 114

Chapters

Related Manuals for Black Box LWN602A

Related Products for Black Box LWN602A

This manual is also suitable for:

Table of Contents