Lancom Systems LCOS 3.50 Server User Manual


 
LANCOM Reference Manual LCOS 3.50 ̈ Chapter 8: Firewall
126
Firewall
̈ Create VPN rule: Is this Firewall rule also used to create a VPN rule?
(page 127)
Priority
When setting up the filter list of the Firewall rules, the LANCOM will automat-
ically sort the entries. Thereby the “grade of detail“ will be considered: All
specified rules are observed at first, after that the general ones (e. g. Deny All).
If after the automatic sorting the desired behaviour of the Firewall does not
turn out, it is possible to change the priority manually. The higher the priority
of the Firewall rule, the earlier it will be placed in the according filter list.
For complex rule types please check the filter list as described in sec-
tion ’Firewall diagnosis’ page 151.
Observe further rules
There are requirements to a Firewall, which cannot be covered by a single rule.
If the Firewall is used to limit the Internet traffic of different departments (in
own IP subnetworks), individual rules cannot e.g. illustrate the common upper
limit at the same time. If to everyone of e.g. three departments should be
granted a bandwidth of maximal 512 kbps, but the entire data rate of the
three departments should not exceed a limit of 1024 kbps, then a multi-level
checking of the data packets must be installed:
̈ In a first step it will be checked, if the actual data rate of the individual
department does not exceed the limit of 512 kbps.
̈ In a second step it will be checked, if the data rate of all departments
together does not exceed the overall limit of 1024 kbps.
Normally the list of the Firewall rules is applied sequentially to a received data
packet. If a rule applies, the appropriate action will be carried out. The check-
ing by the Firewall is terminated then, and no further rules will be applied to
the packet.
In order to reach a two-stage or multi-level checking of a data packet, the
“Observe further rules option“ will be activated for the rules. If a Firewall rule
with activated observation of further rules applies to a data packet, the appro-
priate action will be carried out at first, but then the checking in the Firewall
will continue. If one of the further rules applies also to this data packet, the
action being defined in this rule will also be carried out. If also for this follow-
ing rule the observe further rules option is activated, the checking will be con-
tinued until