Allied Telesis AT-iMG634 - R2 User's Guide Page 407
- Page / 998
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
Overview Firewall
4-105
iMG/RG Software Reference Manual (IPNetwork Functions)
Victim Protection Block Duration: 600
Scan Detection Threshold: 5
Scan Detection Period: 10
Port Flood Detection Threshold: 10
Host Flood Detection Threshold: 20
FloodDetectPeriod : 10
Max TCP Open Handshaking Count: 5
Max PING Count: 15
Max ICMP Count: 100
4.3 Firewall
4.3.1 Overview
The AT-iMG Models security system implements a stateful Firewall providing high security by blocking certain
incoming traffic based on stateful information.
Each time outbound packets are sent from an internal host to an external host, the following information is
logged by the Firewall:
• source and destination addresses
• Port number
• Sequencing information
• Additional flags for each connection associated with that particular internal host
All inbound packets are compared against this logged information and only allowed through the Firewall if it can
be determined that they are part of an existing connection. This makes it very difficult for hackers to break
through the stateful Firewall, because they would need to know addresses, port numbers, sequencing informa-
tion and individual connection flags for an existing session to an internal host.
The firewall module manages firewall behaviour. The firewall module offers the ability to:
• Control what kind of Firewall activity is logged
• Protect the internal network using stateful firewall functionality
• Create policies
• Add validators to policies
• Add portfilters to policies
• Enable/disable and configure Intrusion Detection Settings (IDS)
In order to access firewall features, the firewall module must be enabled using the firewall enable command.
Figure 9 shows the entities involved in the firewall module and their relationships.
- Release 3-7-04 1
- Software Reference Manual 1
- Document Issue 1.4 1
- I Introduction 3
- II Intended audience 3
- V Gateway Types 7
- RX 1550 nm 8
- V.V Modular Gateways 9
- VI Supported Products 10
- RG/iMG Models 11
- VII Functional Groupings 12
- VIII Documentation Structure 13
- “ HPNA LAN Module” page 2 14
- “ CES LAN Module” page 8 14
- IX Reason for Update 15
- TABLE i-6 16
- Table of Contents 17
- List of Tables 29
- List of Figures 31
- 1. System Configuration 33
- 1.1.3 File system 37
- File system System Management 39
- System Commands 45
- TEM CONFIG LIST command 54
- 1.2 Webserver 68
- Web pages Webserver 69
- • Configuration save 70
- • Users password settings 70
- 1.3 Emergency 79
- Emergency command reference 81
- 1.4 Software update 86
- 1.4.1 Windows™ Loader 89
- 1.4.3 SwUpdate module 92
- Bootstrap 94
- Field Allowed Values 95
- Start Time 0 0, 6, 12 x x x 97
- 4, 10, 16 x x x 97
- 1.5 ZTC 106
- 1.5.1 Functional blocks 107
- 1.5.2 ZTC Client 108
- LDAP DatabaseZTC Server 110
- DHCP Server 110
- Residential Gateway 110
- ZTC Client ZTC 111
- Abort TFTP 112
- 1.5.3 ZTC command reference 113
- ZTC command reference ZTC 115
- 1.6 SNMP 116
- SNMP Entity 117
- ASQUERADE 118
- ODIFICATION OF INFORMATION 118
- ESSAGE STREAM MODIFICATION 118
- FIGURE 1-15 hmac expression 119
- • Define a notification 128
- AGENT entity is launched 131
- 1.6.6 Examples 137
- 1.6.10 MIB 142
- OID RFC1213 Implementation 143
- SNMP MIB 144
- OID Max-Access Description 147
- 1.6.10.3.1 Private traps 148
- Specific Trap 149
- Description 149
- 2. Switching 151
- Switch commands (Continued) 160
- SWITCH SHOW PORT command 164
- SWITCH SET PRIORITY command 176
- 2.3 BRIDGE 187
- Port based forwarding XXXX XX 190
- Learning X XXXX X X X X 190
- 2.3.4.1 Bridge commands 191
- Bridge commands 191
- Bridge commands (Continued) 192
- ##:##:##:##:##:## 196
- Egress Interfaces: 217
- Mcast Entry Name:MCAST_1 233
- 2.4 VLAN 234
- • Untagged frames 235
- • Priority-tagged frames 235
- • VLAN-tagged frames 235
- TAG header 236
- Overview VLAN 237
- VLAN tagging X XXX X X X X X 242
- VLAN Translations XX X X X 242
- 2.4.4 VLAN command reference 243
- VLAN command reference VLAN 261
- 3.1 IGMP snooping 263
- • Fast Leave Disabled 271
- • Fast Leave Enabled 273
- • First Scenario: 275
- • Second Scenario: 275
- • Time-out interval expiring 276
- 4. IPNetwork Functions 303
- 4.1.5 Unnumbered interfaces 306
- Unnumbered interfaces IP 307
- 4.1.6 Virtual interfaces 308
- 4.1.7 Secondary IP addresses 309
- 4.1.8.2 IP CLI commands 311
- IP CLI commands 311
- IP TCP/IP command reference 312
- IP CLI commands (Continued) 312
- TCP/IP command reference IP 313
- 4.2 Security 359
- 4.2.3 Security interfaces 360
- Security interfaces Security 361
- Scan Attack Description 365
- Dos Attack Description 367
- 4.2.6 Security logging 370
- 4.3 Firewall 407
- 10 (per second) 434
- 4.4.1 Overview 436
- Internet 437
- 4.4.5 NAT command reference 439
- 4.4.5.1.1 NAT ENABLE 440
- 5. System Administration 461
- 5.1.2 DHCP server 462
- 5.1.3 DHCP client 464
- • IP address 465
- • Subnet mask 465
- • Default route (one only) 465
- 5.1.4 DHCP Relay 468
- DHCP server CLI commands 469
- command 482
- DHCPFORCERENEW message to 510
- (e.g 192.168.102.3) 540
- 5.2 Domain name system - DNS 543
- 5.2.1 DNS Relay 544
- 5.2.2 DNS Client 544
- 5.3 SNTP 553
- 5.3.3 SNTP command reference 554
- SNTP command reference SNTP 555
- SNTP SNTP command reference 558
- 6. Voice Service 565
- 6.1.2 Piggyback 566
- 6.1.3 Wildcard 567
- 6.1.4 Heartbeat 567
- 6.1.5 Call Agent Failover 568
- Variable Description 572
- 6.2 VoIP SIP 580
- • A Soft Phone 581
- SIP IP Phone 582
- SIP Server 582
- (or Digital Phone) 582
- • Wildcard 587
- • Subrange 587
- • Position 587
- Option Description 596
- VOIP SIP USER LIST command 615
- VOIP SIP FDB LIST XXXXX X XXX 618
- VOIP SIP FDB SHOW XXXXX X XXX 618
- 6.3 VoIP phone ports 623
- 6.3.1 Port configuration 624
- Codec Notes 628
- • ntt-cw 633
- Commands for VoIP EP 640
- • on VAD enabled 674
- • off VAD disabled 674
- LOGUE LIST command 678
- 6.4.1 QoS 684
- 6.4.2 Media 684
- 6.4.3 DTMF-RELAY 685
- --> voip media show 693
- 7. Quality of Service 697
- • 14 bytes Ethernet header 704
- • Priority Queuing 707
- • WF2Q+ (WF2Qplus) 707
- 1. Scheduler profiles 708
- 7.1.4 ATM QoS Feature 711
- FIGURE 7-6 The ADSL Driver 712
- • Transmit scheduling 713
- • Queue depth limiting 713
- 00000000001 729
- Meter command reference QOS 739
- 7.2.1 Overview 756
- L2filter commands 758
- 8. ADSL Port 771
- 8.2.1 Overview 772
- 8.3 Port a1 775
- Possible values are: 785
- 8.4 Bridge 806
- VID 1 (tagged) a 807
- VID 1 (untagged) 807
- VID 1 (tagged) 807
- 8.4.2 Multiple VLAN support 808
- 8.5 Transports 819
- 8.6 Ethernet 828
- 8.7 PPPoE 832
- PPPoE Overview PPPoE 833
- PPPoE PPPoE command reference 838
- PPPoE command reference PPPoE 839
- 8.8 PPPoA 884
- PPPOA Command 885
- 8.9 RFC1483 921
- 9. Wireless 939
- (single PVC - multi VLANS) 940
- port wireless counters 963
- Possible values: 967
- --> port wireless show 970
- 9.1.6.3 WPA Commands 973
- 10. LAN Module Management 975
- 10.2 HPNA LAN Module 976
- 10.3 HPNA Command Reference 977
- 10.4 CES LAN Module 982
- 10.5.1 Overview 983
- CES commands 984
- 2 and PSPAN-2) 996
Related products and manuals for Gateways/controllers Allied Telesis AT-iMG634 - R2
(2 pages)© 2020, manymanuals.com. All rights reserved. | 1.893 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals