1 firewall, Concepts, Implementation – Panasonic 8000 User Manual

3 Firewall troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VAS

3.1 Firewall

Concepts

The firewall of the Secure Router 8000 Series filters packets and performs Network Address
Translation (NAT) on the basis of the Access Control List (ACL).

This chapter describes troubleshooting of the packet filter firewall. For information about

NAT troubleshooting, see Chapter 13, “NAT troubleshooting.”

The process for filtering IP data packets is as follows:

1.

Obtain the information about the header of the data packet, including the protocol

number of the upper-layer protocol over the IP layer, the source address of the data
packet, the destination address, the source interface, and the destination interface.

2.

Compare the information with the ACL rule.

3.

Determine whether to forward or discard the data packet.

The core filtering technology of the firewall is the ACL. The ACL provides a means of
differentiating the data packets by the features of the IP packets.

Implementation

To filter packets, you need to complete the following steps:

1.

Configure ACL rules to determine the type of data packet that is filtered and the type of
data packet that can pass. The ACL is used to specify the source or destination address
and the source or destination interface number of the data packet.

2.

Define the class and the rule of traffic classification.

3.

Define the behavior of the firewall.

4.

Apply the configured rule on the specified interface.

After executing the preceding steps, configure the firewall filtering function on the interface.

3.2 Troubleshooting the firewall

The section describes the following topics:

•

Networking environment

•

Configuration notes

•

Diagnostic flowchart

•

Troubleshooting procedure

3-2

Nortel Networks Inc.

Issue 01.01 (30 March 2009)