LANCOM Router Firewall Konfiguration: Unterschied zwischen den Versionen
(Die Seite wurde neu angelegt: „https://support.lancom-systems.com/knowledge/pages/viewpage.action?pageId=32982115“) |
KKeine Bearbeitungszusammenfassung |
||
| (4 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
== Firewall Ports == | |||
=== Allgemeine Ports === | |||
{| class="wikitable" | |||
|+ | |||
!Port | |||
!Dienst | |||
!Protokoll | |||
! | |||
|- | |||
|53 | |||
|DNS | |||
|TCP | |||
| | |||
|- | |||
|80 | |||
|HTTP | |||
|TCP | |||
| | |||
|- | |||
|443 | |||
|HTTPS | |||
|TCP | |||
| | |||
|- | |||
|500 | |||
|IPSEC / VPN | |||
|UDP | |||
| | |||
|- | |||
|4500 | |||
|IPSEC / VPN | |||
|UDP | |||
| | |||
|- | |||
| | |||
| | |||
| | |||
| | |||
|} | |||
=== Anwendungsspezifische Ports === | |||
==== Dropbox ==== | |||
Ports 80/443/17600/17603/17500 | |||
==== Citrix ==== | |||
Ports (TCP) 8443/9080/30001/30002/30022 | |||
Ports (TCP/UDP) 61616/30005 | |||
== Konfiguration gem. LANCOM == | |||
https://support.lancom-systems.com/knowledge/pages/viewpage.action?pageId=32982115 | https://support.lancom-systems.com/knowledge/pages/viewpage.action?pageId=32982115 | ||
== Firewall Regeln für AddIn == | |||
=== Allgemeine Dienste: === | |||
cd / | |||
cd /Setup/IP-Router/Firewall/Rules | |||
del * | |||
<nowiki>#</nowiki> Name Prot. Source Destination Action LB-Policy Linked Prio Firewall-Rule VPN-Rule Stateful Src-Tag Rtg-tag Comment | |||
<nowiki>#</nowiki> ==================================----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |||
add "WINS" {Prot.} "TCP UDP" {Source} "NETBIOS ANYHOST" {Destination} "ANYHOST" {Action} "INTERNET-FILTER" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "block NetBIOS/WINS name resolution via DNS" | |||
add "ALLOW-VPN" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "IPSEC ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "" | |||
add "ALLOW-DNS" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "DNS ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "" | |||
add "ALLOW-INET" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "MAIL HTTP HTTPS ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "" | |||
add "DENAY-ALL" {Prot.} "ANY" {Source} "ANYHOST" {Destination} "ANYHOST" {Action} "INTERNET-FILTER" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "" | |||
add "CONTENT-FILTER" {Prot.} "TCP" {Source} "LOCALNET" {Destination} "WEB ANYHOST" {Action} "CONTENT-FILTER-BASIC" {LB-Policy} "" {Linked} No {Prio} 9999 {Firewall-Rule} No {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "pass web traffic to Content-Filter" | |||
cd / | |||
=== Zusätzlich für ein Bestimmtes Netz "Produktiv" in ein VPN Tunnel alles freigeben: === | |||
add "IGEL" {Prot.} "ANY" {Source} "%LPRODUKTIVNETZ" {Destination} "%HPRODU@Z_RZGA_M" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 100 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "" | |||
[[Kategorie:Lancom]] | |||
[[Kategorie:Firewall]] | |||
[[Kategorie:Regeln]] | |||
[[Kategorie:17xx]] | |||
[[Kategorie:19xx]] | |||
__INHALTSVERZEICHNIS_ERZWINGEN__ | |||
Aktuelle Version vom 29. März 2021, 10:54 Uhr
Firewall Ports
Allgemeine Ports
| Port | Dienst | Protokoll | |
|---|---|---|---|
| 53 | DNS | TCP | |
| 80 | HTTP | TCP | |
| 443 | HTTPS | TCP | |
| 500 | IPSEC / VPN | UDP | |
| 4500 | IPSEC / VPN | UDP | |
Anwendungsspezifische Ports
Dropbox
Ports 80/443/17600/17603/17500
Citrix
Ports (TCP) 8443/9080/30001/30002/30022
Ports (TCP/UDP) 61616/30005
Konfiguration gem. LANCOM
https://support.lancom-systems.com/knowledge/pages/viewpage.action?pageId=32982115
Firewall Regeln für AddIn
Allgemeine Dienste:
cd /
cd /Setup/IP-Router/Firewall/Rules
del *
# Name Prot. Source Destination Action LB-Policy Linked Prio Firewall-Rule VPN-Rule Stateful Src-Tag Rtg-tag Comment
# ==================================-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
add "WINS" {Prot.} "TCP UDP" {Source} "NETBIOS ANYHOST" {Destination} "ANYHOST" {Action} "INTERNET-FILTER" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "block NetBIOS/WINS name resolution via DNS"
add "ALLOW-VPN" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "IPSEC ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""
add "ALLOW-DNS" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "DNS ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""
add "ALLOW-INET" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "MAIL HTTP HTTPS ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""
add "DENAY-ALL" {Prot.} "ANY" {Source} "ANYHOST" {Destination} "ANYHOST" {Action} "INTERNET-FILTER" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""
add "CONTENT-FILTER" {Prot.} "TCP" {Source} "LOCALNET" {Destination} "WEB ANYHOST" {Action} "CONTENT-FILTER-BASIC" {LB-Policy} "" {Linked} No {Prio} 9999 {Firewall-Rule} No {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "pass web traffic to Content-Filter"
cd /
Zusätzlich für ein Bestimmtes Netz "Produktiv" in ein VPN Tunnel alles freigeben:
add "IGEL" {Prot.} "ANY" {Source} "%LPRODUKTIVNETZ" {Destination} "%HPRODU@Z_RZGA_M" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 100 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""