LANCOM Router Firewall Konfiguration
Firewall Ports
Allgemeine Ports
| Port | Dienst | Protokoll | |
|---|---|---|---|
| 53 | DNS | TCP | |
| 80 | HTTP | TCP | |
| 443 | HTTPS | TCP | |
| 500 | IPSEC / VPN | UDP | |
| 4500 | IPSEC / VPN | UDP | |
Anwendungsspezifische Ports
Dropbox
Ports 80/443/17600/17603/17500
Citrix
Ports (TCP) 8443/9080/30001/30002/30022
Ports (TCP/UDP) 61616/30005
Konfiguration gem. LANCOM
https://support.lancom-systems.com/knowledge/pages/viewpage.action?pageId=32982115
Firewall Regeln für AddIn
Allgemeine Dienste:
cd /
cd /Setup/IP-Router/Firewall/Rules
del *
# Name Prot. Source Destination Action LB-Policy Linked Prio Firewall-Rule VPN-Rule Stateful Src-Tag Rtg-tag Comment
# ==================================-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
add "WINS" {Prot.} "TCP UDP" {Source} "NETBIOS ANYHOST" {Destination} "ANYHOST" {Action} "INTERNET-FILTER" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "block NetBIOS/WINS name resolution via DNS"
add "ALLOW-VPN" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "IPSEC ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""
add "ALLOW-DNS" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "DNS ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""
add "ALLOW-INET" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "MAIL HTTP HTTPS ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""
add "DENAY-ALL" {Prot.} "ANY" {Source} "ANYHOST" {Destination} "ANYHOST" {Action} "INTERNET-FILTER" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""
add "CONTENT-FILTER" {Prot.} "TCP" {Source} "LOCALNET" {Destination} "WEB ANYHOST" {Action} "CONTENT-FILTER-BASIC" {LB-Policy} "" {Linked} No {Prio} 9999 {Firewall-Rule} No {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "pass web traffic to Content-Filter"
cd /
Zusätzlich für ein Bestimmtes Netz "Produktiv" in ein VPN Tunnel alles freigeben:
add "IGEL" {Prot.} "ANY" {Source} "%LPRODUKTIVNETZ" {Destination} "%HPRODU@Z_RZGA_M" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 100 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""