Multitech RF760 User's Guide Page 18
- Page / 189
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
Chapter 1 – Product Description, Features, and Overview
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 18
The great advantage of a network layer firewall is its independence of both the operating system and the
applications running on the machine.
In more complex network layer firewall implementations, the packet filtering process includes the interpretation of
the packet payload. The status of every current connection is analyzed and recorded. This process is called stateful
inspection.
The packet filter records the state of every connection and lets only those packets pass that meet the current
connection criteria. This is especially useful for establishing connections from a protected network to an unprotected
network.
If a system establishes a connection to a protected network, the Stateful Inspection Packet Filter lets a host’s
answer packet pass back into the protected network. If the original connection is closed, no system from the
unprotected network can send packets into the protected network any longer – unless you explicitly allow it.
Well Known Ports are controlled and assigned by the IANA, and on most systems, can only be used by system (or
root) processes or by programs run by privileged users. Ports are used in TCP (RFC793) to name the ends of
logical connections which carry long term conversations; and, typically, these same port assignments are used with
UDP (RFC768). The assigned ports are in the range 0-1023. IETF RFC 1700 provides a list of the well-known port
number assignments. IETF RFCs are available on the Internet from a number of sources.
Application Layer Gateways: Proxies
A second significant type of firewall is the application layer gateway. It is responsible for buffering connections
between exterior systems and your system. Here, the packets aren’t directly passed on, but a sort of translation
takes place, with the gateway acting as an intermediary stop and translator.
The application gateway buffering processes are called proxy servers, or, for short‚ proxies. Every proxy can offer
further security features for its designed task. Proxies generally offer a wide range of security and protocol options.
Each proxy serves only one or a few application protocols, allowing high-level security and extensive logging and
analysis of the protocol’s usage.
Examples of existing proxies are:
• The SMTP proxy - Responsible for email distribution and virus checking.
• The HTTP proxy - Supporting Java, JavaScript, ActiveX-Filter, and ad banner filtering.
• The SOCKS proxy (the generic circuit-level proxy) - Supporting applications such as FTP clients, ICQ,
IRC, or streaming media.
Application level gateways offer the advantage of physical and logical separation of the protected and unprotected
networks. They make sure that no packet is allowed to flow directly between networks, resulting in higher security.
Protection Mechanisms
Further mechanisms ensure added security. Specifically, the use of private IP addresses in combination with
Network Address Translation (NAT) in the form of:
• Masquerading
• Source NAT (SNAT)
• Destination NAT (DNAT)
These allow a whole network to hide behind one or a few IP addresses, preventing the identification of your network
topology from the outside.
With these protection mechanisms in place, Internet connectivity remains available, but it is no longer possible to
identify individual machines from the outside.
By using Destination NAT (DNAT), it is still possible to place servers within the protected network/DMZ and make
them available for an assigned service.
In the sample graphic above, a user with the IP 5.4.3.2, port 1111 sends a request to the Web server in the DMZ.
Of course, the user knows only the external IP (1.1.1.1, port 80). Using DNAT, the RouteFinder now changes the
external IP address to 10.10.10.99, port 80 and sends the request to the Web server. The Web server then sends
the answer with its IP address (10.10.10.99, port 80) and the user’s IP. The RouteFinder recognizes the packet by
the user address, and it then changes the internal IP (10.10.10.99, port 80) into the external IP address (1.1.1.1,
port 80).
- RF760/660/600VPN 1
- Internet Security Appliance 1
- User Guide 1
- Contents 3
- Features, and Overview 7
- Feature Highlights 8
- Ship Kit Contents 9
- License Keys 10
- Safety Warnings 11
- RouteFinder Front Panels 12
- RF600VPN 13
- RouteFinder Back Panels 14
- Specifications 15
- Power & Physical 16
- Description 16
- RF760VPN RF660VPN RF600VPN 16
- The Firewall 17
- Protection Mechanisms 18
- Typical Applications 20
- Chapter 2 – Installation 21
- Planning the Network 22
- Installation Overview 23
- RouteFinder VPN 24
- Sub-Menu 27
- Menus and Sub-Menus 27
- Chapter 3 – Configuration 28
- Second Configuration Step 29
- The Wizard Setup Screen 30
- Set Packet Filters 33
- Set VPN IPSec Protocol 34
- Configuring Site B 35
- Using DNAT and Aliasing 37
- Tunneling 38
- Important Settings 39
- Menu Bar 42
- Administration 43
- System Logging 44
- System Time 44
- SNMP Agent – Community Name 44
- Administration > SSH 45
- SNTP Client 46
- SNTP Server Address 46
- Click Save 49
- Intrusion Detection 51
- Network Intrusion Detection 51
- Administration > Tools 52
- Trace Route 53
- TCP Connect 53
- Prerequisite 55
- RADIUS Prerequisite 56
- SAM Prerequisite 57
- Administration > Restart 58
- Administration > Shutdown 58
- Networks & Services 59
- Add Services 61
- Notes About Protocols 62
- About the Screen 63
- Add Network Group 63
- Add Service Group 64
- Proxy > HTTP Proxy 66
- Add Custom URL List 69
- Proxy > SMTP Proxy 71
- SMTP SPAM Filtering 74
- Proxy > POP3 Proxy 77
- POP3 SPAM Protection 78
- POP3 SPAM Filtering 78
- Proxy > SOCKS Proxy 80
- Proxy > DNS Proxy 82
- Network Setup 83
- Network Setup > Interface 84
- Network Cards 85
- IP Aliases 85
- Network Setup > PPP 86
- Network Setup > PPPoE 87
- Dynamic DNS Settings 89
- Network Setup > Routes 90
- Masquerading 91
- Network Setup > SNAT 92
- Network Setup > DNAT 93
- DHCP Server 94
- Tracking 95
- System Update Server 96
- Virus Update Server 96
- Update Services 97
- System Update - Livelog 97
- Virus Update - Livelog 97
- Tracking > Backup 98
- CVS Settings 100
- Examples 100
- Packet Filters 101
- System Defined Rules 102
- Packet Filters > ICMP 103
- Packet Filters > Advanced 104
- Enable/Disable Logging 105
- VPN > IPSec 106
- Add an IKE Connection 107
- Add a Manual Connection 109
- VPN > x.509 Certificates 111
- VPN > IPSec Bridging 111
- VPN > PPTP 112
- PPTP Settings 113
- User Authentication 113
- Wizard Setup 114
- Packet Filter Rule 115
- Modem Settings 115
- Password Settings 115
- Save or Cancel 115
- Statistics & Logs 116
- Uptime 117
- Statistics and Logs 118
- Networks 118
- Network Connections 119
- Interfaces 120
- SMTP Proxy 121
- Self Monitor 123
- Packet Filter 125
- Port Scans 126
- HTTP Access 127
- Methods 130
- Authentication Setup 131
- Chapter 8 – Frequently Asked 133
- Questions (FAQs) 133
- Chapter 9 – Troubleshooting 139
- 1. Abstract 142
- II. Inbound Access Log 143
- III. Outbound Access Log 145
- VII. Admin Port Access Log 147
- VIII. Startup History Log 147
- IX. User Log 147
- X. Fragmented Dropped Log 147
- XI. ICMP Information 148
- What Is a Rescue Kernel? 149
- Before You Start 149
- ISO Image Directions 149
- External Server 150
- External FTP Server 151
- Software Add-ons, Overnight 153
- Replacement 153
- Top Cover Removal 154
- RF660VPN Processor Upgrade 154
- Software Add-ons 156
- CD-ROM Drive Adapter Pin Out 157
- Housekeeping 158
- Monitoring 158
- Updating 159
- Technical Support Contacts 161
- GNU GENERAL PUBLIC LICENSE 168
- ANY REMEDY HEREUNDER 172
- Support 173
- Limited Warranty 174
- Limitation of Liability 174
- Glossary 176
Related products and manuals for Gateways/controllers Multitech RF760
(23 pages)© 2020, manymanuals.com. All rights reserved. | 0.214 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals