Siemens 4200 Series User Manual
Router User’s Guide
Monitoring Network Health
Level
The firewall contained within the Router may be configured to operate in one of several modes, referred
to as levels. For ease of use, three generic levels are preconfigured – Low, Medium and High. A separate
level, ICSA 3.0a Compliant, is provided for those users who require compliance with the criteria set forth
by ICSA Labs for firewall behavior. (Please refer to Appendix D, “Firewall Security Levels,” in the User
Guide on CD-ROM for a detailed description of these preconfigured levels.)
to as levels. For ease of use, three generic levels are preconfigured – Low, Medium and High. A separate
level, ICSA 3.0a Compliant, is provided for those users who require compliance with the criteria set forth
by ICSA Labs for firewall behavior. (Please refer to Appendix D, “Firewall Security Levels,” in the User
Guide on CD-ROM for a detailed description of these preconfigured levels.)
In addition to the preconfigured levels, a Custom level is provided for advanced users who require the
capability to define a unique custom set of firewall rules. To specify the firewall security level:
capability to define a unique custom set of firewall rules. To specify the firewall security level:
1. Select Setup>Firewall>Level from the left navigation pane of the Web interface. This displays the
“Firewall Level Configuration” window.
2. Select one of the following from the Select Firewall Level drop-down menu.
• Off
No restrictions are applied to either inbound or outbound traffic. In addition, Network Address Port
Translation (NAPT) functionality is disabled. Because there is no address/port translation when
the firewall is placed in this mode, all LAN-side connected hosts must be assigned a valid public
IP address.
Translation (NAPT) functionality is disabled. Because there is no address/port translation when
the firewall is placed in this mode, all LAN-side connected hosts must be assigned a valid public
IP address.
• Low
Minimal restrictions with respect to outbound traffic. Outbound traffic is allowed for all supported
IP-based applications and Application Level Routers (ALGs). The only inbound traffic allowed is
traffic received within the context of an outbound session initiated on the local host.
IP-based applications and Application Level Routers (ALGs). The only inbound traffic allowed is
traffic received within the context of an outbound session initiated on the local host.
• Medium
Moderate restrictions with respect to outbound traffic. Outbound traffic is allowed for most
supported IP-based applications and Application Level Routers (ALGs). The only inbound traffic
allowed is traffic received within the context of an outbound session initiated on the local host.
supported IP-based applications and Application Level Routers (ALGs). The only inbound traffic
allowed is traffic received within the context of an outbound session initiated on the local host.
• High
High restrictions with respect to outbound traffic. Outbound traffic is allowed only for a very
restricted set of supported IP-based applications and ALGs. The only inbound traffic allowed is
traffic received within the context of an outbound session initiated on the local host and permitted
by this firewall mode.
restricted set of supported IP-based applications and ALGs. The only inbound traffic allowed is
traffic received within the context of an outbound session initiated on the local host and permitted
by this firewall mode.
• ICSA 3.0a-compliant
Supports the ICSA Labs criteria for firewall behavior. (For more information, visit the ICSA site at
• Custom
Allows advanced users to add, modify, and delete their own firewall rules. If you select this option,
you must set customized rules for both inbound and outbound traffic using the IP Filtering option.
you must set customized rules for both inbound and outbound traffic using the IP Filtering option.
3. Click
Apply.
43