Configuring lan to wan access – Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual

Brocade Mobility 5181 Access Point Product Reference Guide

147

53-1002516-01

Configuring firewall settings

6

4. Refer to the Configurable Firewall Filters field to set the following firewall filters:

5. Click Apply to save any changes to the Firewall screen. Navigating away from the screen

without clicking the Apply button results in all changes to the screens being lost.

6. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the

settings displayed on the Firewall screen to the last saved configuration.

7. Click Logout to securely exit the Access Point applet. A prompt displays confirming the logout

before the applet is closed.

Configuring LAN to WAN access

The Mobility 5181 Access Point LAN can be configured to communicate with the WAN side of the
Mobility 5181 Access Point. Use the Subnet Access screen to control access from the LAN1 (or
LAN2) interfaces to the WAN interface. This access level will function as an ACL in a router to
allow/deny certain IP addresses or subnets to access certain interfaces (or subnets belonging to
those interfaces) by creating access policies. It also functions as a filter to allow/deny access for
certain protocols such as HTTP, Telnet, FTP etc.

To configure Mobility 5181 Access Point subnet access:

NAT Timeout

Network Address Translation (NAT) converts an IP address in one
network to a different IP address or set of IP addresses in a
different network. Set a NAT Timeout interval (in minutes) the

Mobility 5181 Access Point

uses to terminate the IP

address translation process if no translation activity is detected
after the specified interval.

SYN Flood Attack Check

A SYN flood attack requests a connection and then fails to
promptly acknowledge a destination host's response, leaving the
destination host vulnerable to a flood of connection requests.

Source Routing Check

A source routing attack specifies an exact route for a packet's
travel through a network, while exploiting the use of an
intermediate host to gain access to a private host.

Winnuke Attack Check

A "Win-nuking" attack uses the IP address of a destination host to
send junk packets to its receiving port.

FTP Bounce Attack Check

An FTP bounce attack uses the PORT command in FTP mode to
gain access to arbitrary ports on machines other than the
originating client.

IP Unaligned Timestamp
Check

An IP unaligned timestamp attack uses a frame with the IP
timestamp option, where the timestamp is not aligned on a 32-bit
boundary.

Sequence Number
Prediction Check

A sequence number prediction attack establishes a three-way TCP
connection with a forged source address. The attacker guesses
the sequence number of the destination host response.

Mime Flood Attack Check

A MIME flood attack uses an improperly formatted MIME header in
"sendmail" to cause a buffer overflow on the destination host.

Max Header Length
(>=256)

Use the Max Header Length field to set the maximum allowable
header length (at least 256 bytes).

Max Headers
(>=12)

Use the Max Headers field to set the maximum number of headers
allowed (at least 12 headers).