
How to configure the AT-AR450S Firewall using the Graphical User Interface (GUI) 15
C613-16011-00 REV A
13 February 2004
IP Address Settings tab
The IP address settings tab enables you to specify the source and destination IP address to
which the rule applies, as shown in Figure 14 on page 16.
Note the titles of the left-hand and right-hand group boxes in this window. The titles may
change depending on the policy and direction making it clear which devices the IP
addresses belong to. In the example window shown in Figure 14 on page 16, LAN IP
refers to the IP address of the device on the private LAN, and Remote IP refers to the IP
address of the device out on the Internet.
Interface This is the interface to which the rule will be applied. The rule will apply to
packets entering the router via this interface and leaving via another interface
of the relevant policy.
IPSEC Encapsulation Specifies whether or not the rule only applies to packets that arrived into the
router IPSEC encapsulated and were decapsulated by the IPSEC engine on
the router,
Note that this checkbox is NOT relevant to the case of IPSEC encapsulated
packets that are simply being forwarded through the router in encapsulated
form. It is only relevant to packets that have been decapsulated, or that will
be encapsulated, by the router itself. This checkbox is most often used in
combination with the NoNAT action as the IPSEC encapsulated packets are
frequently being tunnelled from one private LAN to another, so NAT is not
relevant to them.
Protocol/Port Number There are four mutually exclusive radio buttons.
All services - No restriction. All protocol types and all TCP/UDP port
numbers match this rule.
Common service - This allows you to choose from a dropdown list of
common TCP and UDP services such as HTTP, DNS, FTP, TFTP.
Custom service - This allows you to specify a protocol and/or port number
in the most general fashion. You can either choose the protocol from a
dropdown list of well-known protocols such as TCP, UDP, GRE, IPSEC, or
specify the protocol number. If you specify UDP or TCP, then it you can also
specify the particular port numbers to which the rule applies - either 'all
ports' or a specified range of ports.
Port Translation - This option is significantly different to the three above. If
you choose this option, packets will not only be forwarded, they will also have
static NAT applied to them. You can specify the protocol to match, either
UDP or TCP, and the port translation to carry out - from Global Port to
Local Port. Port translation can only be specified for rules being applied to
a public interface.
Table 3: Traffic type properties and their meanings
Property Meaning
Komentáře k této Příručce