Nortel 4134 用户指南
24
Firewall and NAT Fundamentals
Default firewall
The following figure shows the default firewall configuration: a corp trusted
zone with all outbound connections allowed and an internet untrusted zone
with all incoming connections blocked. In addition, all ALGs are enabled.
zone with all outbound connections allowed and an internet untrusted zone
with all incoming connections blocked. In addition, all ALGs are enabled.
Figure 1
Default firewall
Default firewall
Three-legged firewall
A typical three-legged firewall configuration consists of the following three
virtual firewalls:
virtual firewalls:
•
Corp – An organization’s private trusted network
•
Dmz – An organization hosting its web/ ftp/ mail server to public
•
Internet – The public untrusted network
In this configuration, untrusted SSH and IKE connections to the router
itself are allowed. Trusted and untrusted HTTP connections to a DMZ web
server are allowed. And the default, corp trusted zone with all outbound
connections are allowed.
itself are allowed. Trusted and untrusted HTTP connections to a DMZ web
server are allowed. And the default, corp trusted zone with all outbound
connections are allowed.
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.