Gebruiksaanwijzing /service van het product 9515 van de fabrikant Intel
Ga naar pagina of 28
DMZ Firewall Solution Intel Express Route rs 9515, 9525 an d 9535.
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECT ION WITH INTEL PRODUCTS. NO L ICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERT Y RIGHTS IS GRANTED BY TH IS DOCUMENT.
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 2 Table of Contents 1 Introduction ............................................................................................................................ 3 1.1 About This Document .
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 3 1 Introduction 1.1 A bout This Document This docum ent explains h ow to config ure a secure I nternet solution u sing the se cond LAN interface of the I ntel Express router as a DMZ.
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 4 The purpose of this se tup is to p rohibit any direct da ta transm ission betwee n the I nternet and the secure ne twork.
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 5 2.2 Routing Setup Do not use R IP on the WAN interf ace or the D MZ in terface. This prev ents intr uders from corrupting the rou ting table.
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 6 3 DMZ Single IP A ddress Solution This solu tion explains h ow to set up a D MZ solut ion when the I nternet serv ice provide r (ISP) has assigned a single I P address to y our netwo rk.
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 7 Note The order o f the NA T en tries is importan t. NAT entr ies are de fined as f ollows : Entry Functi on Settings 1 Directs all in coming HTTP requests to the Web server. Mapping type: Static Po rt (Sing le IP) Internal a ddress: 10.
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 8 Filters are de fined as fol lows: Filter Functi on Settings — Prohibit use rs on th e secure ne twork access to th e I nternet Default Action: Discar d 1 Allows access to t he HTTP /F TP proxy serv er on the DMZ .
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 9 Filter Functi on Settings Src. address : 10.2.0.2 Src. port: = 80 2 Allows FTP (on ly passiv e connections ) from secur e LAN to the F TP proxy server on the DMZ (see note 1). Two filte rs are req ui red.
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 10 Filter Functi on Settings Dest. address : 10.5.0.2 Dest. port: > 1023 Src. addre ss type: Host Src. address : 10.2.0.4 Src. port: = 119 8 Sends all pack ets genera ted by the r outer to the se cure LAN (LA N1).
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 11 Filters are de fined as fol lows: Filter Functi on Settings — Pass all pack ets dest ined for D MZ Default A ction: Pass 1 Prevents RI P updates from entering the DMZ network Acti on: Discar d Protocol: UDP Dest.
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 12 Filter Functi on Settings Scr. addre ss type: Host Src. address : <LAN1 I P address> Src. port : All 9 Discards all I CMP packets en tering th e DMZ network . This prev ents the ro uter from repor ting the I P netm ask.
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 13 3.3.3 Internet Co nnection Fi lters 3.3.3.1 Receive (Rx) Filters on the connection to the Interne t Configure these rece ive fil ters for the Intern et connect ion, shown as th ey appear in Adva nced Setup .
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 14 Filter Functi on Settings 2 Allows FTP (bo th activ e and passiv e) from the I nterne t to the H TTP/F TP server on the DMZ . Three fi lters are r equired. Action : Pass Protocol: TCP TCP flags: All Dest.
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 15 Filter Functi on Settings Dest. address : 10.2.0.2 Dest. port > 1023 Src. addre ss type: All Src. port: > 1023 9 Allows D NS reply to the HT TP/F TP proxy serv er on the DMZ .
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 16 Filter Functi on Settings Dest. addr ess type: Host Dest. address : 10.2.0.3 Dest. port > 1023 Src. addre ss type: All Src. port: = 25 15 Allows incom ing News (NNTP) from a specified external N ews serv er to the DMZ (see no te 2).
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 17 4 DMZ Multiple IP A ddress Solution This solu tion explains h ow to set up a D MZ when the I SP supplies y ou with mult iple IP addresses. I n the exam ple, the I SP has assig ned the si te a range o f IP addresses: 193.
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 18 4.3 Network Address Trans lation (NA T) Because the se cure priv ate netwo rks on LAN1 use public IP addresses (8 9.20.0.0 and 90.20.0.0 ), configure N AT to tr anslate t hese addres ses to priv ate I P addresses.
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 19 Filters are de fined as fol lows: Filter Functi on Settings — Prohibit interna l users acc ess to the Int e r ne t Defaul t Action: Defaul t 1 Allow s access to the H TTP /FTP pro xy server on the DMZ .
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 20 Filter Functi on Settings Src. port: = 80 2 Allows F TP (only pass ive conne ctions) from secur e LAN to the F TP proxy server on the DMZ (see note 1). Two filte rs are req ui red. Action : Pass Protocol: TCP TCP flags: ACK Dest.
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 21 Filter Functi on Settings Dest. port: > 1023 Src. addre ss type: Host Src. address : 193.84.251.4 Src. port: 119 8 Sends a ll packets g enerated by the router to t he intern al LAN (LAN1 ).
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 22 Filter Functi on Settings Src. addre ss type: All Src. port: All 2 Prev ents tunnel p ackets from entering the DMZ network Acti on: Discar d Protocol: TCP Dest. addr ess type: All Dest port: Tunnel Src.
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 23 Filter Functi on Settings 9 Discards all I CMP packets en tering th e DMZ network . This prev ents the ro uter from repor ting the I P netm ask. These filters m ust inc lude all I P addresses on the router, including the WAN IP address if the rou ter is usin g num bered links.
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 24 4.4.2. 2 Transmit (Tx) filters on LAN2 Set the de fault ac tion to Pass . 4.4.3 Internet Co nnection Fi lters 4.4.3.1 Receive (Rx) Filters on the Connection to the Internet The requi red receiv e filters f or the I nternet connection, s hown as they appear in Advanced Setup .
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 25 Filter Functi on Settings Src. port: > 1023 2 Allows F TP (both act ive and pass ive) from the I nterne t to the H TTP/F TP server on the DMZ . Three fi lters are r equired. Action : Pass Protocol: TCP TCP flags: All Dest.
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 26 Filter Functi on Settings Dest. addr ess type: Host Dest. address : 193.84.251.2 Dest. port > 1023 Src. addre ss type: All Src. port: = 21 9 Allow s DNS r eply to the HTTP /FTP proxy serv er on the DMZ .
DMZ Firewall Solution fo r the Express Router 07-12-99 Version 1.0 27 Filter Functi on Settings 14 Allows outg oing m ail (SMTP) to any host on th e Interne t from the DMZ. Action : Pass Protocol: TCP TCP flags: ACK Dest. addr ess type: Host Dest. address : 193.
Een belangrijk punt na aankoop van elk apparaat Intel 9515 (of zelfs voordat je het koopt) is om de handleiding te lezen. Dit moeten wij doen vanwege een paar simpele redenen:
Als u nog geen Intel 9515 heb gekocht dan nu is een goed moment om kennis te maken met de basisgegevens van het product. Eerst kijk dan naar de eerste pagina\'s van de handleiding, die je hierboven vindt. Je moet daar de belangrijkste technische gegevens Intel 9515 vinden. Op dit manier kan je controleren of het apparaat aan jouw behoeften voldoet. Op de volgende pagina's van de handleiding Intel 9515 leer je over alle kenmerken van het product en krijg je informatie over de werking. De informatie die je over Intel 9515 krijgt, zal je zeker helpen om een besluit over de aankoop te nemen.
In een situatie waarin je al een beziter van Intel 9515 bent, maar toch heb je de instructies niet gelezen, moet je het doen voor de hierboven beschreven redenen. Je zult dan weten of je goed de alle beschikbare functies heb gebruikt, en of je fouten heb gemaakt die het leven van de Intel 9515 kunnen verkorten.
Maar de belangrijkste taak van de handleiding is om de gebruiker bij het oplossen van problemen te helpen met Intel 9515 . Bijna altijd, zal je daar het vinden Troubleshooting met de meest voorkomende storingen en defecten #MANUAl# samen met de instructies over hun opplosinge. Zelfs als je zelf niet kan om het probleem op te lossen, zal de instructie je de weg wijzen naar verdere andere procedure, bijv. door contact met de klantenservice of het dichtstbijzijnde servicecentrum.