Nortel 4134 用户指南
13
New in this release
The following section details what is new in Nortel Secure Router 4134
Security — Configuration and Management (NN47263-600).
Security — Configuration and Management (NN47263-600).
Features
See the following sections for information about supported features:
Firewall and NAT
The SR4134 implements a stateful inspection firewall. The stateful
inspection firewall relies on building network connections and monitoring
their state to make a decision on admitting an inbound packet. All traffic
passing through the stateful inspection firewall is analyzed against the state
of the network connections in order to determine whether it is allowed to
pass through. In a typical setup, only outbound rules are defined to permit or
deny certain types of traffic. When allowing a packet to go from the trusted
to untrusted network based on a rule match, the stateful firewall creates a
network connection, which is uniquely identified by certain elements of the
packet. Based on the application type (and the corresponding protocol),
the appropriate inbound policy is dynamically created. When a return
packet is received, the packet is allowed as long as the state of the network
connection allows reception of this packet.
inspection firewall relies on building network connections and monitoring
their state to make a decision on admitting an inbound packet. All traffic
passing through the stateful inspection firewall is analyzed against the state
of the network connections in order to determine whether it is allowed to
pass through. In a typical setup, only outbound rules are defined to permit or
deny certain types of traffic. When allowing a packet to go from the trusted
to untrusted network based on a rule match, the stateful firewall creates a
network connection, which is uniquely identified by certain elements of the
packet. Based on the application type (and the corresponding protocol),
the appropriate inbound policy is dynamically created. When a return
packet is received, the packet is allowed as long as the state of the network
connection allows reception of this packet.
In order to allow the inbound traffic to pass, the firewall creates a temporary
inbound policy which expires upon the expiry of the firewall connection.
This dynamic inbound policy creation requires intimate knowledge of the
applications generating the traffic.
inbound policy which expires upon the expiry of the firewall connection.
This dynamic inbound policy creation requires intimate knowledge of the
applications generating the traffic.
To create these policies, the stateful firewall uses Application Level
Gateways (ALG). ALGs are application-aware and support dynamic port
opening, providing the supported applications with the required ports to
receive traffic across the firewall.
Gateways (ALG). ALGs are application-aware and support dynamic port
opening, providing the supported applications with the required ports to
receive traffic across the firewall.
The SR4134 also supports Network Address Translation (NAT), which gives
ports on a private network access to the Internet using one or more globally
unique IP addresses.
ports on a private network access to the Internet using one or more globally
unique IP addresses.
The SR4134 supports the following NAT types:
•
Static NAT
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.