Allied-Telesis AT-iMG624A Router Manual PDF (Setup & Configuration Guide)

Page 411 / 998 Scroll up to view Page 406 - 410

Firewall command reference

Firewall

4-109

iMG/RG Software Reference Manual (IPNetwork Functions)

4.3.2.0.2 FIREWALL ENABLE|DISABLE IDS

Syntax

firewall {enable | disable}

Description

This command explicitly enables/disables IDS (Intrusion Detection Service). You must

enable IDS if you want to activate the settings specified in the

security IDS

commands.

This command is nothing but an alias of the “security enable|disable IDS“

Note:

You

must

enable the Security module using the command security on in order to use IDS

If you disable IDS during a session, any configuration changes made when IDS was enabled

are not deleted - you can re-enable them later in the session.

Note:

You

must

enable the Security module using the command security on in order to use IDS

This CLI command is

case-sensitive

. You must type the command attributes exactly as

they appear in the Command Syntax section on this page. If you do not use the same

case-sensitive syntax, the command fails and the CLI displays a syntax error message

Options

The following table gives the range of values for each option that can be specified with

this command and a Default Value (if applicable).

Example

--> firewall enable IDS

See also

security enable IDS, security disable IDS

4.3.2.0.3 FIREWALL ENABLE|DISABLE BLOCKINGLOG|INTRUSIONLOG|SESSIONLOG

Syntax

firewall {enable | disable} {blockinglog|intrusionlog|ses-

sionlog}

Description

This command enables/disables the entire

Firewall

module except for the IDS portion of

the module (see the command FIREWALL ENABLE|DISABLE IDS).

When the Firewall is enabled, all IP traffic on existing security interfaces that are NOT

featured in a Firewall policy is blocked. For details on setting default policy security levels

on security interfaces, see the FIREWALL SET SECURITYLEVEL command.

If you disable the Firewall during a session, any configuration changes made when the

Firewall was enabled remain in the Firewall, so that you can re-enable them later in the

session. If you need to reboot your system but want to save the Firewall configuration

between sessions, use the SYSTEM CONFIG SAVE command.

Option

Description

Default Value

enable

Enables the IDS portion of the Security module.

Disable

disable

Disables the IDS portion of the Security module.

Page 412 / 998

Firewall

Firewall command reference

iMG/RG Software Reference Manual (IPNetwork Functions)

4-110

Options

The following table gives the range of values for each option that can be specified with

this command and a Default Value (if applicable).

Example

--> firewall enable

4.3.2.0.4 FIREWALL SET SECURITYLEVEL

Syntax

FIREWALL SET SECURITYLEVEL {NONE | HIGH | MEDIUM | LOW}

Description

This command allows you to set which security level is used by the Firewall. There are

four default security levels (none, high, medium and low) that contain different security

configuration information for each interface connection.

Selecting a security level deletes the previous security level and any policies or portfilters

set, and replaces them with the newly selected level.

The factory default setting none is not a security level. It is a blank firewall configuration

that allows you to create your own policies and portfilters, using the commands firewall

add policy and firewall add portfilter. These manually configured policies/portfilters are

stored in the im.conf file.

Explicitly setting the security level to none sets a security level that does not contain any

policies or portfilters. Note that if you create policies/portfilters and store them in the

im.conf file, then select none (or any other security level), all of your manually configured

policies/portfilters will be deleted and replaced with this level.

The userdefined option allows you to select a security configuration that you have previ-

ously created.

There are three types of interface connections:

•

Between the external interface and internal interface

•

Between the external interface and the de-militarized zone (DMZ)

•

Between the DMZ and the internal interface

You can add your own firewall portfilters to a security level by using the FIREWALL ADD

PORTFILTER command. If you then save your configuration using the SYSTEM CONFIG

CREATE/SET command, these additional filters are saved with the default level and are

restored on reboot.

Option

Description

Default Value

enable

Enables the

Firewall

module.

Disable

disable

Disables the

Firewall

module.

Page 413 / 998

Firewall command reference

Firewall

4-111

iMG/RG Software Reference Manual (IPNetwork Functions)

Options

The following tables describe the default policies enabled in the firewall for each of the

high, medium and low security levels. The tables tell you whether a certain service can be

received in or allowed out by a specific policy. (Y=yes; N=no):

TABLE 4-4

Default Policies Enabled in the Firewall - High Security

High Security Level

External< > Internal

External< >DMZ

DMZ< >Internal

Service

Port

In

Out

In

Out

In

Out

http

80

N

Y

dns

53

N

Y

N

Y

N

Y

telnet

23

N

smtp

25

N

Y

pop3

110

N

Y

nntp

119

N

real audio/video

7070

N

icmp

N/A

N

Y

N

Y

N

Y

H.323

1720

N

T.120

1503

N

SSH

22

N

Y

N

Page 414 / 998

Firewall

Firewall command reference

iMG/RG Software Reference Manual (IPNetwork Functions)

4-112

TABLE 4-5

Default Policies Enabled in the Firewall - Medium Security

TABLE 4-6

Default Policies Enabled in the Firewall - Low Security

Options

The following table gives the range of values for each option that can be specified with

this command and a Default Value (if applicable):

High Security Level

External< > Internal

External< >DMZ

DMZ< >Internal

Service

Port

In

Out

In

Out

In

Out

http

80

N

Y

dns

53

N

Y

telnet

23

N

Y

N

Y

N

Y

smtp

25

N

Y

pop3

110

N

Y

nntp

119

N

Y

real audio/video

7070

Y

N

Y

N

Y

icmp

N/A

N

Y

N

Y

N

Y

H.323

1720

N

Y

N

Y

N

Y

T.120

1503

N

Y

N

Y

N

Y

SSH

22

N

Y

N

Y

N

Y

High Security Level

External< > Internal

External< >DMZ

DMZ< >Internal

Service

Port

In

Out

In

Out

In

Out

http

80

N

Y

dns

53

Y

telnet

23

N

Y

smtp

25

N

Y

pop3

110

N

Y

nntp

119

N

real audio/video

7070

Y

N

Y

icmp

N/A

N

Y

H.323

1720

Y

T.120

1503

Y

SSH

22

Y

Page 415 / 998

Firewall command reference

Firewall

4-113

iMG/RG Software Reference Manual (IPNetwork Functions)

Example

--> firewall set securitylevel medium

4.3.2.0.5 FIREWALL STATUS

Syntax

firewall status

Description

This command displays the following information about the Firewall:

•

Firewall status (enabled or disabled)

•

Security level setting (none, high, low or medium)

•

Firewall logging status:

•

session logging (enabled or disabled)

•

blocking logging (enabled or disabled)

•

intrusion logging (enabled or disabled)

Example

--> firewall status

Firewall enabled.

Firewall security level: medium.

Firewall session logging enabled.

Option

Description

Default Value

none

The factory default setting

none

is not a security level -

it allows you to manually configure your own policies/

portfilters. Explicitly setting none sets a security level

that does not contain any policies/portfilters.

None

(factory default

setting)

high

Your system uses the high firewall security level, provid-

ing a high level of firewall security between interfaces.

medium

Your system uses the medium firewall security level, pro-

viding a medium level of firewall security between inter-

faces.

low

Your system uses the low firewall security level, provid-

ing a low level of firewall security between interfaces.

userdefined

Your system uses a security configuration that you have

previously created.

slevel

The name of the security configuration level that you

have previously created

N/A

Rate

Popular Allied-Telesis Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share