̈ Chapter 8: Firewall LANCOM Reference Manual LCOS 3.50
127
Firewall
̈ either a rule applies to the packet, for which observe further rules is not
activated.
̈ or the list of the Firewall rules has been completely worked through with-
out applying a further rule to the packet.
To realize this aforementioned scenario it is necessary to install for each sub-
network a Firewall rule that rejects from a data rate of 512 kbps up additional
packets of the protocols FTP and HTTP. For these rules the observe further rules
option will be activated. Defined in an additional rule for all stations of the
LAN, all packets will be rejected which exceed the 1024 kbps limit.
VPN rules
As described in section ’Default VPN rules’ →page 122, a VPN rule can
receive its information about source and destination network from Firewall
rules.
By activating the option “This rule is used to create VPN rules” for a Firewall
rule, you determine that a VPN rule will be derived from this Firewall rule.
For detailed information about VPN rules please see the appropriate
VPN documentation.
Apart from this basic information, a Firewall rule answers the question when
and/or on what it should apply to and which actions should be executed:
̈ Stations / Service: To which stations/networks and services/protocols
does the rule refer to? (→page 128)
̈ Conditions: Is the effectiveness of the rule reduced by other conditions?
(→page 129)
̈ Trigger: On exceeding of which threshold shall the rule being triggered?
(→page 130)
̈ Action: What should happen to the data packets when the condition
applies and the limit is reached? (→page 130)
̈ Further measures: Should further measures be initiated apart from the
packet action? (→page 130)
̈ Quality of Service (QoS): Are data packets of certain applications or
with the corresponding markings transferred preferentially by assurance
of special Quality of Services? (→page 131)
Condition, limit, packet action and other measures form together a
so-called “action set”. Each Firewall rule can contain a number of