HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 196
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
ProCurve Secure Router OS Firewall—Protecting the Internal, Trusted Network
Overview
Firewall Feature
OSI Layer
packet-filtering
Network (3)
circuit-level
Session (5)
gateway
4-8
A stateful-inspection firewall, like that on the ProCurve Secure Router, can
analyze Application Layer data without having to act as a proxy server.
Instead, the firewall monitors sessions between hosts in the trusted and
untrusted networks. When it determines that a session between an untrusted
and trusted host is valid and allows the session to be established, the firewall
uses algorithms to process the Application Layer data for packets associated
with the session. When new packets associated with the session arrive, the
stateful-inspection firewall compares the bit patterns of new packets to the
bit patterns stored for previously authorized packets. The firewall can then
determine whether the new packets are a valid part of the session.
The Secure Router OS firewall incorporates several ALGs to allow select
applications to punch through the firewall. For example, some applications
may send traffic on one port and receive it on another, behavior that the
firewall would usually consider suspicious. When an ALG is enabled on the
Secure Router OS firewall, the firewall tracks connections made by the
application and permits this special behavior.
See "Configuring ALGs" on page 4-18 for information on how to
configure ALGs.
Table 4-1 summarizes the features of the Secure Router OS Firewall and
directs you to the section of the guide that details configuring that feature.
Table 4-1.
Secure Router OS Firewall
Function
• screens all incoming
packets based on source
and destination IP
addresses and port
numbers
• discards traffic not allowed
by the router's access
policy
• checks that TCP and UDP
packets have valid flags
and logical sequence
numbers
• discards packets with
patterns associated with
attacks
• acts as a proxy server (not
supported on the ProCurve
Secure Router)
ProCurve Secure
See
Router Configuration
Chapter 5: Applying
configure ACLs and
Access Control to
ACPs
Router Interfaces
• enable attack
• "Configuring
checks
• configure NAT to
provide some of
•
the same services
as a proxy server
Attack Checking"
on page 4-14
Chapter 5:
Applying
Access Control
to Router
Interfaces
Advertisement
Chapters
Table of Contents
Troubleshooting
