• Advertisement

cisco SA540

Linksys, Netgear, sonicwall, ect. Webbase configurations for firewalls. Web filting traffic shaping.

cisco SA540

Postby Guest » Tue Jun 23, 2009 6:03 pm

Hi,

 

how do you enable deny ip any any and allow icmp?i tried with deny from wan to lan, but the internet stops working.

 

is there a telnet feature with this product?

 

thank you

Guest
 

Advertisement

Re:cisco SA540

Postby Guest » Tue Jun 23, 2009 6:12 pm

Web GUI for this product only.

 

Go to Firewall: IPV4 rules and Firewall: Attacks to configure

 

Firewall
Ipv4 Firewall Rules
A firewall is a security mechanism to selectively block or allow certain types of traffic in accordance with rules specified by network administrators. Use this window to view and manage the firewall rules that control traffic to and from your network.
Select Rules: Lets you display firewall rules. By default, this window displays the rules from all zones to all zones.
From Zone: Specifies the source of the traffic to control: ALL, LAN, WAN, or DMZ.
To Zone: Specifies the destination of the traffic to control: ALL, LAN, WAN, or DMZ.
Display Rules: Displays the firewall rules defined for the source and destination zones in the List of Available Firewall Rules table
List of Available Firewall Rules: This table displays all firewall rules for this device and allows you to perform several operations on these rules.
Status: Displays the status of the firewall rule (Enabled or Disabled).
From Zone: Specifies the source zone of the traffic controlled by this firewall rule (LAN, WAN, or DMZ).      
To Zone: Specifies the destination zone of the traffic controlled by this firewall rule (LAN, WAN, or DMZ).
Service: The service controlled by this firewall rule. The name usually indicates the type of traffic the rule covers, such as FTP, SSH, telnet, and ping. You can add services not already in the list on the Firewall > Services window.
Action: The action the firewall takes if the rule is enabled.
  »Block Always: Blocks selected service at all times.
  »Enable Always: Allows data matching the  selected service to pass through at all times.
  »Block by schedule: Works in conjunction with a schedule defined on the Firewall > Schedules window. Blocks the selected service during the time interval defined by the schedule.
  »Allow by schedule: Works in conjunction with a schedule defined on the Firewall > Schedules window. Allows the selected service to pass through during the time interval defined by the schedule.
Source Hosts: The hosts that originate the traffic for this firewall rule (Any, Single, or Range).
Destination Hosts:  The hosts that receive the traffic for this firewall rule (Any, Single, or Range).
Local Server:The IP address and port number of the system hosting the server in the secure zone (LAN). For example, if a system with an IP address of 192.168.1.100 on the LAN side is running a telnet server on port 2000, then this table displays 192.168.10.100:2000. If the telnet server is running on the default port (port 23), then the table will display only the IP address.
Internet Destination: The WAN port that is the destination for the traffic.
Log: Specifies whether the packets for this rule are logged(Always or Never).
Edit: Opens the Firewall Rule Configuration page to edit the selected rule.
The following buttons allow you to manage the firewall rules listed in the table: 
(Check Box At First Column Header): Selects all the firewall rules in the table.
Delete: Deletes the selected firewall rules.
Enable: Enables the selected firewall rules.
Disable: Disables the selected firewall rules.
Add: Opens the Firewall Rule Configuration page to add a new rule.
Move: Opens the Move Firewall Rule window where you can reorder rules within a security zone.

 

 

Firewall
Attack Checks
This page allows you to specify whether or not the security appliance is protected against common attacks from the LAN and WAN networks.
The various types of attack checks are defined below. Select the check box for each security measure that you want to enable. Enable the required security measures.
WAN Security Checks:
Block Ping to WAN interface: To configure the security appliance to block response to an ICMP Echo (ping) request on the WAN interface, check this box. This setting wen unchecked is used as a diagnostic tool for connectivity problems. Cisco recommends enabling this feature at other times to prevent discovery of the security appliance via a ping.
Note: This setting is overridden by Optional Port > WAN Mode settings that ping specified addresses for failure detection, and by firewall rules that direct ping requests to specified IP addresses on the LAN.
Enable Stealth Mode: If Stealth Mode is enabled, the security appliance will not respond to port scans from the WAN. This feature makes the network less susceptible to discovery and attacks.
Block TCP Flood: If this option is enabled, the security appliance will drop all invalid TCP packets . This feature protects the network from a SYN flood attack.
LAN Security Checks
Block UDP Flood: If this option is enabled, the security appliance will not accept more than 150 simultaneous, active UDP connections from a single computer on the LAN.
ICSA Settings
Block ICMP Notification: ICSA requires the firewall to silently block without sending an ICMP notification to the sender. Some protocols, such as MTU Path Discovery, require ICMP notifications. Enable this setting to operate in "stealth" mode.
Block Fragmented Packets: ICSA requires the firewall to block fragmented packets from ANY to ANY.
Block Multicast Packets: ICSA requires the firewall to block multicast packets.
DoS Attacks
SYN Flood Detect Rate (max/sec): Enter the maximum number of SYN packets per second the security appliance accepts before determining that a SYN Flood Intrusion is occurring. This value can range between 1 and 10,000 SYN packets per second. The default is 128 SYN packets per second.
Echo Storm (ping pkts/sec): The security appliance monitors the number of pings per second to determine when to declare an echo storm intrusion event. Echo storm intrusion events are not blacklisted. This value can range between 1 and 10,000 ping packets per second. The default is 15 ping packets per second.
ICMP Flood [ICMP pkts./sec]: The security appliance monitors the number of ICMP packets per second, not including PING packets, to determine when to declare an ICMP flood intrusion event. ICMP flood events are not blacklisted. This value can range between 1 and 10,000 ICMP packets per second. The default is 100 ICMP packets per second.
Click Apply to save your changes.
Click Reset to revert to the previous settings.

 

 

For additional help, please visit http://www.cisco.com/go/sa500help/
Guest
 

Re:cisco SA540

Postby Guest » Tue Jun 23, 2009 7:44 pm

oh okay stev... thanks for the help.

 

so on the ipv4 rule, how do you configure rdp to one of the local computers?

 

can i setup one to one mapping on this router? i.e. i have 5 IPs, and i want the users to go out with IP A, but the mail server will be going out with IP B.

 

is it doable?

 

thanks again.

Guest
 

Re:cisco SA540

Postby Guest » Tue Jun 23, 2009 8:02 pm

That is absolutely doable.  You can create IP Aliases under the network interface, then on the port forwarding rules, use one of those IPs to setup the forwarding.  Be sure to use the latest firmware 1.1.21.  Read the release notes, as it will cause a factory default when you upgrade to it.

Guest
 



  • Advertisement


Similar topics


Return to Small Business Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron