|
|
|
|
 |
|
 |
|
|
Setting a Novell IPX RIP/SAP Firewall on the AccessBuilder®
500/600/7000 and the OfficeConnect™ Remote 5XX Using the XR parameter
What is the XR parameter ?
XR is a menu option which allows a firewall to be
implemented on a routed network which will allow specific servers
to be associated with specific networks. Unlike the XF table the
entry of information is greatly simplified. However if you need
to build a more complex firewall to specifically deny devices
then the XF table should be used. The XF table can be amended
after the XR menu has been used, if so desired.
Below is an example of a network containing 3 servers
and 2 work stations. The left hand network is network ABC and
the right hand one is CDE. The servers have internal network addresses
as shown, i.e. A, B, C.
In the example above we will build a firewall to
allow Workstation 1 to have access to Server 3 on the local network
and Server 1 on the remote net but not access to Server 2, also
we will deny Workstation 2 access to Server 3.
Enter CO RO to go to the ROUTER CONFIGURATION screen.
V05.03 Lite ROUTER CONFIGURATION ETSI ISDN Down
--------------------------------------------------------------------------------
PArameters - Protocols to be
Routed
IP - IP Routing Table
NRip - IPX RIP Table
NSap - IPX SAP Table
NEar - Nearest Server List
IPFire - IP Firewall Table
XFire - IPX Firewall Table XRsfire - IPX RIP/SAP Firewall Table -------------------------------------------------------------------------------- ^G - Main menu ^L - Prev menu --------------------------------------------------------------------------------
(co ro) Enter command :
When XR is entered then the following screen will
be displayed V05.03 Lite RIP/SAP FIREWALL CONFIGURATION ETSI ISDN Down ----------------------------------------------------------------------
Page
No. 1 of 1
Description Ext Net Int Net ADd/ASsoc/EDit/DElete - Firewall XF - IPX FW Config ---------------------------------------------------------------------- ^G - Main menu ^L - Prev menu ---------------------------------------------------------------------- (co ro xr) Enter command :
Before any information can be added enter the XF
command which will enable IPX firewall configuration. (N.B. XF
is a toggle. Entering it again will disable the configuration.)
The relevant information to allow the firewall can now be added.
Enter the command ADD and the following screen will
be displayed.
V05.03 Lite EDIT IPX SERVER FIREWALL ENTRY ETSI
ISDN Down ----------------------------------------------------------------------
Server Name : SERVER_NAME External network : 00000000
Internal network : 00000000
IPX Firewall : Config Enabled ---------------------------------------------------------------------- ^G - Main menu ^E - Submit ^L - Prev menu
----------------------------------------------------------------------
Enter the server name, in this case we will start
with Server 1. Enter the External network number which in this
example is CDE and also the internal network number of server
1 which is B, an example of what you will see after this information
has been entered and saved is shown below. V05.03 Lite RIP/SAP FIREWALL CONFIGURATION ETSI ISDN Down ----------------------------------------------------------------------
Page
No. 1 of 1 Description Ext Net Int Net
[Server: Server 1
00000CDE 0000000B] ADd/ASsoc/EDit/DElete - Firewall XF - IPX FW Config ---------------------------------------------------------------------- ^G - Main menu
^L - Prev
menu-----------------------------------------------------------------------(co
ro xr) Enter command : The server that has been entered now has to be associated with the remote network.
To do this enter AS which will present you with the
following menu. V05.03 Lite ASSOCIATE IPX CLIENT WITH SERVER ETSI ISDN Down
----------------------------------------------------------------------
Server Name :
Client Name :
Client Network : 00000000
IPX Firewall : Config Enabled ---------------------------------------------------------------------- ^G - Main menu ^E - Submit ^L - Prev menu
----------------------------------------------------------------------
Enter the server name in this case Server 1 then
the client name. This can be anything you wish to identify the
opposite client network with, for instance a site location.
In this example we will use a town name of Cirencester. Now enter
the network number in this case it will be network ABC. An example
of what you will see after this information has been entered and
saved is shown below: V05.03 Lite RIP/SAP FIREWALL CONFIGURATION ETSI ISDN Down ----------------------------------------------------------------------
Page
No. 1 of 1 Description Ext Net Int Net [Server: Server 1 00000CDE 0000000B]
Client: Cirencester <-> Server:Server1
00000ABC NOT_REQD ADd/ASsoc/EDit/DElete - Firewall XF - IPX FW Config ---------------------------------------------------------------------- ^G - Main menu ^L - Prev menu ----------------------------------------------------------------------
(co ro xr) Enter command :
This is all that is needed to implement the firewall
to allow the actions described at the beginning of this technical
note. If we now display the XF table by typing the command CO
RO XF the following will be seen. V05.03 Lite IPX FIREWALL CONFIGURATION ETSI ISDN Down ----------------------------------------------------------------------
Page
No. 1 of 1 Src Network Dest Network Action Bidir Packets [00000ABC 00000CDE ACCEPT TRUE 0] 00000ABC 0000000B ACCEPT TRUE 0 00000000 00000CDE ACCEPT TRUE 0 00000000 0000000B ACCEPT TRUE 0 00000000 00000000 ACCEPT TRUE 0
00000000 00000001-FFFFFFFF DENY TRUE
0 APpend/INsert/EDit/DElete - IPX Firewall Entry Operations ---------------------------------------------------------------------- ^G - Main menu ^L - Prev menu ----------------------------------------------------------------------
(co ro xf) Enter command : As can be seen from the above screen shot we have achieved a relatively complex firewall with simple actions using the XR parameter.
|
|
|
News/Events | Partners | Technology | Solutions | Products | Support | Inside 3Com Home | Log In | Search | Feedback | Site Map | Site Features | Document Center | Shop | Legal |
