Firewall filters fields – Carrier Access CMG Router User Manual

5-30

CMG Router - Release 2.7

Profile Directory:Remote Profile

Firewall Filters

Firewall Filters Fields

Rule Number

The rule number defines the order in which the rules are applied. Once there is two or more rules
created, the rule number can be changed to put them in the desired order. The Last! rule
displayed, is automatically set after the first rule is defined, and states that the Adit should drop
any service (incoming or outgoing) which has not been addressed in the proceeding rules.

Action: (Pass/Drop)

This column indicates the service(s) that will <Pass> or <Drop> from the local network to the
remote network and vice versa. On the Firewall Filters window the following indicated Pass/
Drop:
! in this column = Drop Blank column = Pass
Typically, rules are established with the Pass action, since the last rule (which is automatically
defined by the software) Drops all services not expressly permitted by the previous rule(s). For
example, if you wish to deny all transmissions except Telnet, you would create a rule indicating
that Telnet has the Pass action. The Adit software would create the last rule that states the unit
should Drop all other services

.

Since any service that is not expressly permitted to pass will be prohibited, it is important that
you thoroughly understand the security policies of your WAN before attempting to create a
firewall. We suggest that only experienced Network Administrators create and maintain
firewall filters. Incorrectly defined filters may compromise the security and functionality of
your WAN.