Vrrp, firewall rules, and access manager, Step 3 of 4 – sap configuration, Step 4 of 4 - verification test – RuggedCom RuggedRouter RX1100 User Manual

34. Maintaining The Router

Revision 1.14.3

290

RX1000/RX1100™

Note that granting these uncontrolled accesses to the router is not required in normal
operation. This is a security risk and should not be done without good reason. Note too
that rules are order dependent, and so this rule should be placed above the SAPCtl
and Idefender rules.

b.

The order of these rules is significant. If you add any rules after the Idefender
rules, they may not get processed. Rules inserted before the Idefender rules may
compromise the security provided by Idefender. Contact RuggedCom support for
assistance if you wish to add other rules.

7.

Using Webmin, visit the Bootup and Shutdown menu and ensure that Shorewall is enabled
to start at boot. Start Shorewall. Webmin access is now blocked until secure access through
Access Client is opened.

Step 3 of 4 – SAP Configuration

Use rrsetup to define a passphrase and required setup parameters and to enable the portal.

1.

Select the required parameters menu option and enter the "unit name" assigned to this
router, and the IP address of the Access Manager which will control it.

2.

Select the SAP Passphrase menu option and enter a valid passphrase.

3.

Select the Enable Idefender SAP menu option to enable the software. If it is already enabled
then the menu option will say "Disable Idefender SAP".

Note

The unit name and passphrase entered at the router and the Access Manager must match or else
the Access Manager will refuse to acknowledge the router. The unit name and passphrase are
both case-sensitive.

Step 4 of 4 - Verification Test

1.

To verify that the Access Manager, SAP and client are functioning, you can now use Access
Client with a user account to connect to an authorized device.

Note

For a detailed discussion of the configuration and use of Secure Access Portals from the Access
Manager's point of view, please consult the Access Manager User Manual, under Managing
Secure Access Portals

34.4.2.1. VRRP, Firewall Rules, and Access Manager

It may be necessary to specify additional firewall rules in order that Access Manager's SAP (Secure
Access Portal) be able to access certain protocols, such as VRRP, on the RuggedRouter. If, for
example, the router is configured to be a member of a VRRP Virtual Router Group, it must be able
to accept VRRP communication from its peers. The following firewall rule must be added after the
ACCEPT rules to UDP ports 30000 and 30001 and before the rules under Access Manager control:

Action

Source zone

Destination zone

Protocol

Source Ports

ACCEPT

net

fw

VRRP

any