1. Home
    2. /
  2. Manuals
    3. /
  3. Allied-Data
    4. /
  4. CopperJet-1616-2P
    5. /
  5. 8
Page 36 / 86 Scroll up to view Page 31 - 35
Chapter 5: Configuring the CopperJet
5.7.3.1 Configuring NAT global addresses
Global address pools allow you to create a pool of outside network addresses that is visible
outside your network. Before you can configure global addresses, you need to configure
NAT.
If you want to set up a global address pool on your existing NAT enabled interfaces:
From the
NAT Security Interfaces
table, click on the
Advanced NAT Configuration
hyperlink
for the interface that you want to add a global pool to.
Click on
Add Global Address Pool
The
Firewall Add Global Address Pool
page is displayed:
This page allows you to create a pool of network IP addresses that are visible outside your
network. Add values for the following table entries:
Interface type
; the internal address type that you want to map your
external global IP addresses to. Click on the drop-down list and select
an interface type.
Use Subnet Configuration
; there are two ways to specify a range of IP
addresses. You can either
Use Subnet Mask
(specify the subnet mask
address of the IP address) or
Use IP Address Range
(specify the first and
last IP address in the range). Click on the drop-down list and select a
method.
• Type in the
IP Address
that is visible outside the network.
Subnet Mask/IP Address 2
; the value you specify here depends on the
subnet configuration that you are using. If you chose
Use Subnet Mas
k,
type in the subnet mask of the IP address. If you chose
Use IP Address
Range
, type in the last IP address in the range of addresses that make
up the global address pool.
Once you have configured the table, click on
Add global address pool
. The table is
refreshed and the global address pool is added to your NAT configuration.
To delete a global address pool, click on the
Delete
hyperlink, then click on the
Delete
Global Address Pool
button.
5.7.3.2 Configuring NAT reserved mapping
Reserved mapping allows you to map an outside security interface or an IP address from a
global pool to an individual IP address inside the network. Mapping is based on transport
type and port number. Before you can configure reserved mapping, you need to configure
NAT. See section 0 Configuring Network Address Translation (NAT)
Page 34
Page 37 / 86
Chapter 5: Configuring the CopperJet
To set up a reserved mapping on your existing NAT enabled interfaces, go to the
Configuration
menu and select
Security
. From the
Security Interfaces
table, click on the
Advanced NAT Configuration
hyperlink for the interface that you want to add the reserved
mappings to. The
Advanced NAT Configuration:
page is displayed.
Click on the
Add Reserved Mapping
hyperlink. The
Add Reserved Mapping
page is
displayed.
This page allows you to configure your reserved mapping. Add specific values for the
following table entries.
Global IP Addres
s:
If you are mapping from a global IP address, type the
address here. If you are mapping from a security interface,
type
0.0.0
.
0
.
Internal IP Addres
s:
The IP address of an individual host inside your network.
Transport Typ
e:
Specify the transport type that you want to map from the
outside interface to the inside.
External Port Range
:
The external port range that your transport uses. Can also
be a single port as Start and End port.
Internal Port Range
:
The internal port range that your transport uses. Can also
be a single port as Start and End port.
Once you have configured the table, click on
Add reserved mappin
g. The table is refreshed
and the reserved mapping is added to your NAT configuration.
Page 35
Page 38 / 86
Chapter 5: Configuring the CopperJet
Important: Make sure the Internal IP address is in the same subnet as your
CopperJet LAN IP address.
To delete a reserved mapping, click on the
Delete
hyperlink. The
Delete Reserved Mapping
Confirmation
page is displayed. Click on the
Delete Reserved Mapping
button. The
reserved mapping is deleted.
Don’t forget to save the changes. Go to the
Configuration
menu and click on
Save config
to
save the new settings into the CopperJet.
5.7.4 Enabling Firewall
Before enabling the firewall, you must have Security enabled and you must have at least
1
internal interface or 1 external interface
configured. Be sure that the WAN and/or LAN
connection and the Security Interfaces are defined and configured.
To enable the Firewall go to the
Security State
section and select
Firewall Enabled.
Click on
Change State
to update the
Security State
section. The Firewall is now enabled on the
CopperJet.
Important: Enabling the Firewall will block ALL traffic going in and out of the
CopperJet. Firewall Policies need to be configured for allowing traffic
to pass through.
5.7.5 Enabling Intrusion Detection
Before enabling Intrusion Detection, you must have Security enabled and you must have
at least
1 internal interface or 1 external interface
configured. Be sure that the WAN
and/or LAN connections and the Security Interfaces are defined and configured.
To enable Intrusion Detection, go to the
Security State
section and select
Intrusion
Detection Enabled.
Click on
Change State
to update the
Security State
section. The
Intrusion Detection is now enabled on the CopperJet.
5.7.6
Set a Security level
When you have enabled the firewall, you can set a Security Level.
Select a
Security Level
and click on
Change State
.
The
high
,
medium, low and default
levels contain default policy and port filter
configurations for each of your network interface connections, so you do not need to set
your own individual policies and port filters. If you explicitly set the level to
none
, all traffic
is blocked.
By default, no security level is set in your default configuration.
Setting a Firewall default security level automatically clears all previous Firewall settings.
5.7.7 Configuring portfilters
A portfilter is an individual rule that determines what kind of traffic can pass between two
interfaces specified in an existing policy.
To configure a portfilter:
From the
Current Firewall Policies
table, click on the
Port Filters
link for the policy that you
want to configure. The page displayed contains three
Add Filter
hyperlinks that allow you
to create three different kinds of portfilter:
Page 36
Page 39 / 86
Chapter 5: Configuring the CopperJet
For a TCP portfilter click on
Add TCP Filter
.
The
Firewall Add TCP Port Filter
page is displayed:
omplete the source/destination addresses, and the source/destination port range for the
or a non-TCP/UDP portfilter (Raw IP Filter) click on
Add Raw IP Filter.
The
Firewall Add
pecify the source/destination addresses and the IP protocol number in the relevant text
oxes. For example, for IGMP, enter protocol number 2.
he
Firewall Portfilters
page is
link assigned to
. To delete a portfilter, click on this link, then at the confirmation page, click on the
C
protocol (TCP or UDP selected from the protocol drop-down list) that you want to filter.
Use the
Direction
drop-down lists to specify whether you want to allow/block inbound
traffic, and allow/block outbound traffic. Click
Apply
. The
Firewall Port Filters
page is
displayed, containing details of the TCP/UDP port filter that you have just added.
F
Raw IP Filter
page is displayed:
S
b
Then use the
Direction
drop-down lists to specify whether you want to allow/block inbound
traffic, and allow/block outbound traffic. Click on
Apply
. T
displayed, containing details of the IP port filter that you have just added.
Each portfilter displayed in the
Firewall Port Filters
page has a
Delete
hyper
it
Delete
button. The portfilter is removed from the Firewall configuration.
Page 37
Page 40 / 86
Chapter 5: Configuring the CopperJet
5.7.8 Configuring validators
A validator allows/blocks traffic based on the source/destination IP address and netmask.
Traffic will be allowed or blocked depending on the validator configuration specified when
the policy was created.
To configure a validator:
From the
Current Firewall Policies
table, click on the
Host Validators
link for the policy that
you want to configure. The
Configure Validators
page is displayed. Click on the
Add Host
Validator
link. The
Firewall Add Host Validator
page is displayed:
1
In the
Host IP Address
text box, type the IP address that you want to
allow/block.
2
In the
Host Subnet Mask
text box, type the IP mask address. If you want to
filter a range of addresses, you can specify the mask, for example,
255.255.255.0
. If you want to filter a single IP address, use the specific IP
mask address, for example,
255.255.255.255
.
3
Click on the
Direction
drop-down list and select the direction of traffic that you
want the validator to filter.
4
Click on
Apply
. The
Configure Validators
page is displayed, containing details of
the host validator that you have just added.
5
Each portfilter displayed in the
Configure Validators
page has a
Delete Host
Validator
hyperlink assigned to it. To delete a validator, click on this link, then
at the confirmation page, click on the
Delete Host Validator
button. The
validator is removed from the Firewall configuration.
Page 38

Rate

4.5 / 5 based on 2 votes.

Popular Allied-Data Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top