2 dos (denial of service) protection, 3 firewall and access control list (acl), 4 default acl rules – Asus RX3042H User Manual

Page 76

Advertising
background image

Configuring Firewall

RX3042H User's Manual

64

9.1.2 DoS (Denial of Service) Protection

Both DoS protection and stateful packet inspection provide first line

of defense for your network. No configuration is required for both

protections on your network as long as firewall is enabled for the

RX3042H. By default, the firewall is enabled at the factory. Please

refer to section 9.3.1 “Firewall ” to enable or disable firewall service

on the RX3042H.

9.1.3 Firewall and Access Control List (ACL)

9.1.3.1 Priority Order of ACL Rule

All ACL rules have a rule ID assigned – the smaller the rule ID, the

higher the priority. Firewall monitors the traffic by extracting header

information from the packet and then either drops or forwards the

packet by looking for a match in the ACL rule table based on the

header information. Note that the ACL rule checking starts from the

rule with the smallest rule ID until a match is found or all the ACL

rules are examined. If no match is found, the packet is dropped;

otherwise, the packet is either dropped or forwarded based on the

action defined in the matched ACL rule.

9.1.3.2 Tracking Connection State

The stateful packet inspection engine in the firewall keeps track

of the state, or progress, of a network connection. By storing

information about each connection in a state table, RX3042H is

able to quickly determine if a packet passing through the firewall

belongs to an already established connection. If it does, it is passed

through the firewall without going through ACL rule evaluation.
For example, an ACL rule allows outbound ICMP packet from

192.168.1.1 to 192.168.2.1. When 192.168.1.1 send an ICMP echo

request (i.e. a ping packet) to 192.168.2.1, 192.168.2.1 will send an

ICMP echo reply to 192.168.1.1. In the RX3042H, you donʼt need to

create another inbound ACL rule because stateful packet inspection

engine will remember the connection state and allows the ICMP

echo reply to pass through the firewall

9.1.4 Default ACL Rules

The RX3042H supports two types of access rules:

Advertising
Popular Brands
Popular manuals