Lancom Systems LCOS 3.50 User Manual

̈

Chapter 8: Firewall

LANCOM Reference Manual LCOS 3.50

139

Fi

rew

a

ll

̈

Example configuration “Basic Internet”

̈

If you want to permit a VPN dial-in to a LANCOM acting as VPN gateway,
then you need a Firewall rule allowing incoming communication from the
client to the local network:

̈

In case a VPN is not terminated by the LANCOM itself (e.g. a VPN Client
in the local area network, or LANCOM as Firewall in front of an additional
VPN gateway), you'd have to allow IPSec and/or PPTP (for the "IPSec over
PPTP" of the LANCOM VPN Client) ports additionally:

̈

For ISDN or V.110 dial-in (e.g. by HSCSD mobile phone) you have to allow
the particular remote site (see also ’Configuration of remote stations’

→

page 89):

Rule name

Source

Destination

Action

Service
(target
port)

ALLOW_HTTP

Local network

All stations

transmit

HTTP, HTTPS

ALLOW_FTP

Local network

All stations

transmit

FTP

ALLOW_EMAIL

Local network

All stations

transmit

MAIL, NEWS

ALLOW_DNS_F
ORWARDING

IP address of
LANOM (or: Local
network)

transmit

transmit

DNS

DENY_ALL

All stations

reject

reject

ANY

Rule

Source

Destination

Action

Service

ALLOW_VPN_DIAL_IN

remote site name

Local network

transmit

ANY

Rule

Source

Destination

Action

Service
(target port)

ALLOW_VPN

VPN Client

VPN Server

transmit

IPSEC, PPTP

Rule

Source

Destination

Action

Service

ALLOW_DIAL_IN

remote site name

Local network

transmit

ANY