Page 81 / 131
Scroll up to view Page 76 - 80
Open Example:
Oct 20 2003 09:47:56 gateway EFW: CONN: prio=1 rule=Rule_8 conn=open
connipproto=TCP connrecvif=lan connsrcip=192.168.0.10 connsrcport=3179 conndestif=wan
conndestip=64.7.210.132 conndestport=80
In this line, traffic from 192.168.0.10 on the LAN interface is connecting to 64.7.210.132 on
port 80 on the WAN side of the firewall (internet).
Another event is generated when the connection is closed. The information included in the
event is the same as in the event sent when the connection was opened, with the exception
that statistics regarding sent and received traffic is also included.
Close Example:
Oct 20 2003 09:48:05 gateway EFW: CONN: prio=1 rule=Rule_8 conn=close
connipproto=TCP connrecvif=lan connsrcip=192.168.0.10 connsrcport=3179 conndestif=wan
conndestip=64.7.210.132 conndestport=80 origsent=62 termsent=60
In this line, the connection in the other example is closed.
Page 82 / 131
82
Step by step guides
In the following guides example IPs, users, sites and passwords are used. You will have to
exchange the IP addresses and sites to your own. Passwords used in these examples are not
recommended for real life use. Passwords and keys should be chosen so that they are
impossible to guess or find out by eg a dictionary attack.
In these guides for example
Firewall->Users
will mean that
Firewall
first should be
selected from the menu at the top of the screen,
and than the
Users
button to the left of the screen.
Page 83 / 131
LAN-to-LAN VPN using IPsec
Settings for Branch office
1.
Setup interfaces,
System->Interfaces
:
WAN IP:
193.0.2.10
LAN IP:
192.168.4.1
, Subnet mask:
255.255.255.0
2.
Setup IPsec tunnel,
Firewall->VPN:
Under IPsec tunnels click
Add new
Name the tunnel
ToMainOffice
Local net:
192.168.4.0/24
PSK:
1234567890
(Note! You should use a key that is hard to guess)
Page 84 / 131
84
Retype PSK:
1234567890
Select Tunnel type:
LAN-to-LAN tunnel
Remote Net:
192.168.1.0/24
Remote Gateway:
194.0.2.20
Enable
Automatically add a route for the remote network
Click
Apply
3. Setup policies for the new tunnel,
Firewall->Policy:
Click
Global policy parameters
Enable
Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN
Click
Apply
Page 85 / 131
4. Click
Activate
and wait for the firewall to restart
Settings for Main office
1.
Setup interfaces,
System->Interfaces
:
WAN IP:
193.0.2.20
LAN IP:
192.168.1.1
, Subnet mask:
255.255.255.0
2.
Setup IPsec tunnel,
Firewall->VPN:
Under IPsec tunnels click
add new
Name the tunnel
ToBranchOffice
Local net:
192.168.1.0/24
PSK:
1234567890
(Note! You should use a key that is hard to guess)
Retype PSK:
1234567890
19216811.live