Lancom Systems LCOS 3.50 User Manual

LANCOM Reference Manual LCOS 3.50

̈

Chapter 8: Firewall

132

Fi

rew

a

ll

Firewall. The specific parameters for the different alerting types such as the
relevant email account can be set at the following places:

An example:

Let us assume a filter named 'BLOCKHTTP', which blocks all access to a HTTP
server 192.168.200.10. In case some station would try to access the server
nevertheless, the filter would block any traffic from and to this station, and
inform the administrator via SYSLOG also.

SYSLOG notifications

If the Firewall drops an appropriate packet, a SYSLOG notification is created
(see ’Setting up the SYSLOG module’

→

page 288) as follows:

PACKET_ALERT: Dst: 192.168.200.10:80 {}, Src:

10.0.0.37:4353 {} (TCP): port filter

Ports are printed only for port-based protocols. Station names are printed, if
the LANCOM can resolve them directly (without external DNS request).

If the SYSLOG flag is set for a filter entry (%s action), then this notification
becomes more detailed. Then the filter name, the exceeded limit and the filter
action carried out are printed also. For the example above this should read as:

PACKET_ALERT: Dst: 192.168.200.10:80 {}, Src:

10.0.0.37:4353 {} (TCP): port filter

PACKET_INFO:

matched filter: BLOCKHTTP

exceeded limit: more than 0 packets transmitted or received

on a connection

actions: drop; block source address for 1 minutes; send

syslog message;

Notification by email

If the email system of the LANCOM is activated, then you can use the com-
fortable notification by email:

Configuration tool

Run

LANconfig

Log & Trace

SMTP Account

SNMP

SYSLOG

WEBconfig

Expert Configuration

Setup

SMTP

SNMP Module SYSLOG

Module

Terminal/Telnet

/Setup/SMTP resp. SNMP Module or SYSLOG Module