1. Home
    2. /
  2. Manuals
    3. /
  3. Nokia
    4. /
  4. IP45
    5. /
  5. 31
Page 151 / 342 Scroll up to view Page 146 - 150
Customizing the Nokia IP45 Security Platform Security Policy
Nokia IP45 Security Platform User’s Guide v4.0
151
Note
User defined rules have priority over default rules.
The IP45 device processes user defined rules in the order they appear in the rules table, such that
rule 1 is applied before rule 2 and so on.
Allow and Block Rules
The allow and block rules provide you with greater flexibility in defining and customizing your
security policy. You can allow additional inbound services that are not on the virtual servers list,
or block outbound communications for specific port ranges and protocols.
To permit incoming access from the Internet to your internal network for specific port ranges
and protocols, you must create a new allow rule. To block outgoing access from your internal
network to the Internet for specific port ranges and protocols, create a new block rule.
Note
You can specify the IP address range for the source and destination fields in Allow and
Block rule.
To create a new rule
1.
Choose Security from the main menu.
The Firewall page opens.
2.
Click the Rules tab.
3.
The Rules page opens.
4.
Click Add Rule on the Rules page to select the type of rule, to add.
5.
Select the type of rule, and click Next.
Page 152 / 342
8
Setting Up the Nokia IP45 Security Platform Security Policy
152
Nokia IP45 Security Platform User’s Guide v4.0
Firewall Rules
This section provides information about the firewall rules that you create.
Note
In IP45 Tele 8, the Allow Rules page does not contain a
VPN Only
column, and the Block
Rules page does not contain an
Also VPN
column.
Allow and Forward Rule
These rules enable you to:
±
Permit incoming access from the Internet to a specific service in your internal network.
±
Forward all such connections to a specific computer in your network.
±
Redirect the specified connections to a specific port. This option is called Port Address
Translation (PAT).
±
Assign traffic to a QoS class.
If traffic shaper is enabled for incoming traffic, then traffic shaper handles relevant connections
as specified in the bandwidth policy for the selected QoS class.
For example, if traffic shaper is enabled for incoming traffic, and you create an allow and
forward rule associating all incoming Web traffic with the Urgent QoS class, then traffic shaper
handles incoming Web traffic as specified in the bandwidth policy for the Urgent class. For
information on Traffic Shaper and QoS classes, see
“Using Traffic Shaper”
on page 127.
This option is only available in IP45 Satellite licenses only. Creating an Allow and Forward rule
is equivalent to defining a server in the Servers page.
Note
You must use
an Allow and Forward
rule to allow incoming connections if your network uses
hide NAT.
Note
You cannot specify two allow and forward rules that forward the same service to two
different destinations.
Creating an Allow and Forward rule is equivalent to defining a server in the servers page.
Note
You can specify the IP address range for the source only.
Page 153 / 342
Customizing the Nokia IP45 Security Platform Security Policy
Nokia IP45 Security Platform User’s Guide v4.0
153
Allow Rule
This rule enables you to:
±
Permit outgoing access from your internal network to a specific service on the Internet.
±
Permit incoming access from the Internet to a specific service in your internal network.
±
You can specify the IP address range for source and destination fields.
±
Assign traffic to a QoS class.
If traffic shaper is enabled for the direction of traffic specified in the rule (incoming or
outgoing), then traffic shaper handles relevant connections as specified in the bandwidth
policy for the selected QoS class.
For example, if traffic shaper is enabled for outgoing traffic, and you create an allow rule
associating all outgoing Web traffic with the Urgent QoS class, then traffic shaper handles
outgoing Web traffic as specified in the bandwidth policy for the Urgent class.
For information on Traffic Shaper and QoS classes, see
“Using Traffic Shaper”
on page 127.
This feature is available in Satellite licenses only.
Note
You cannot use an Allow rule to permit incoming traffic, if the network or VPN uses Hide
NAT. However, you can use Allow rules for static NAT IP addresses.
You can allow outgoing connections for services that are not permitted by the default security
policy.
You cannot use an allow rule to permit incoming traffic if the network or VPN uses hide NAT.
You can use allow rules for static NAT IP addresses.
Block Rule
This rule enables you to:
±
Block outgoing access from your internal network to a specific service on the Internet.
±
Block incoming access from the Internet to a specific service in your internal network.
±
You can specify the IP address range for source and destination fields.
Page 154 / 342
8
Setting Up the Nokia IP45 Security Platform Security Policy
154
Nokia IP45 Security Platform User’s Guide v4.0
6.
Complete the fields using the information in
Table 30
on page 155.
7.
Click Next.
The Destination & Source window opens.
8.
Complete the fields using information provided in
Table 30
.
The Done window opens.
Table 30
on page 155 gives more information about the firewall rule fields.
9.
Click Finish.
The new rule appears in the Firewall Rules page.
10.
If you selected rule type as Allow and Forward, to redirect the connections to a specific port,
select Standard Service or Custom Service from Service window. See step 4.
11.
Enter the values as per the information provided in
Table 30
.
Page 155 / 342
Customizing the Nokia IP45 Security Platform Security Policy
Nokia IP45 Security Platform User’s Guide v4.0
155
The following window opens:
12.
Type the values in connection source and forward to text boxes.
13.
Check the Redirect to port check box.
14.
Type the value of the port to redirect.
15.
Click Next.
The Done window opens.
16.
Click Finish.
The new firewall rule is configured.
Table 30
Firewall Rule Fields
Field
Action
Any Service
Specifies that the rule should apply to any service.
Standard
Service
Specifies that the rule should apply to a specific standard service.
You must then select the desired service from the drop-down list.
Custom
Service
Specifies that the rule should apply to a specific nonstandard
service.
The Protocol and Port Range fields are enabled. You must fill them
in.
Protocol
Select the protocol (ESP, GRE, TCP, UDP or ANY) for which the
rule should apply.
Ports
To specify the port range to which the rule applies, type the start
port number in the left text box, and the end port number in the
right text box.
Note
If you do not enter a port range, the rule applies to all ports. If you
enter only one port number, the range includes only that port
.

Rate

3.5 / 5 based on 2 votes.

Popular Nokia Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top