Nortel 4134 Guia Do Utilizador
26
Firewall and NAT Fundamentals
•
FTP: allows for blocking or allowing FTP commands like put, get, ls,
mkdir, cd and pasv
mkdir, cd and pasv
•
SMTP: allows for blocking or allowing SMTP operations such as hello,
mail, rcpt, data, quit, send, saml, rset, vrfy, expn
mail, rcpt, data, quit, send, saml, rset, vrfy, expn
•
RPC: allows for denying or allowing program numbers. A remote
procedure is uniquely identified by program number, version number,
and procedure number. Any version and any procedure of an allowed
program number is allowed.
procedure is uniquely identified by program number, version number,
and procedure number. Any version and any procedure of an allowed
program number is allowed.
The firewall also provides the capability to perform URL key filtering at the
global level. Web pages can be blocked based on specific key words in the
URL request string.
global level. Web pages can be blocked based on specific key words in the
URL request string.
Policy-based controls
The firewall also provides the following policy-based controls:
•
Policy-based connection control:
provides the capability to control the maximum number of connections
that can originate from a given virtual firewall on a firewall policy basis.
that can originate from a given virtual firewall on a firewall policy basis.
•
Policy-based rate control:
provides the capability to control the maximum number of packets or
bytes per second on a firewall policy basis.
bytes per second on a firewall policy basis.
•
Policy-based schedules:
provides the capability to control when the firewall policy is active. By
associating a schedule with a firewall policy, you can determine when the
firewall policy is in effect. Schedules can be configured on a recurring
basis or as a one-time event. For example, you can set a network policy
of not allowing outbound FTP-PUT and mail after business hours.
associating a schedule with a firewall policy, you can determine when the
firewall policy is in effect. Schedules can be configured on a recurring
basis or as a one-time event. For example, you can set a network policy
of not allowing outbound FTP-PUT and mail after business hours.
•
Policy-based logging:
provides logging support on a per policy basis. The logging can be on
system console or telnet console of a syslog server. This helps you
to debug problems, if any.
system console or telnet console of a syslog server. This helps you
to debug problems, if any.
Logging and statistics
The SR4134 firewall provides logging support on multiple levels. This
logging can output to the system console or to a telnet session of a syslog
server. This helps you to debug problems, if any.
logging can output to the system console or to a telnet session of a syslog
server. This helps you to debug problems, if any.
Statistics are maintained on the following basis:
•
Per virtual firewall basis: number of packets from and to the untrusted
zone
zone
•
Per connection basis: number of bytes received and transmitted
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.