31 firewall management, Chapter 31, Firewall management – Westermo RedFox Series User Manual
Page 682
Westermo OS Management Guide
Version 4.17.0-0
Chapter 31
Firewall Management
When connecting your network to the Internet (or any non-trusted network) a
router with firewall functionality should be used. The firewall will protect against
undesired access to your local servers, or other kinds of network intrusion from
attackers on the Internet.
The WeOS firewall supports the following main features:
❼ Packet filtering: Packet filters enables you to control what traffic is allowed
to pass through your router/firewall and what packets it should drop. Packet
filter rules can also be specified to control access to services on your router.
❼ Packet modification: Packet modification makes it possible to modify pack-
ets that are routed through the router/firewall.
❼ Network Address Translation (NAT): The WeOS NAT functionality includes
both network address port translation (NAPT) and 1-TO-1 NAT.
❼ Port forwarding: Port forwarding is often used together with NAPT, and will
then enable you to access servers in your private network from outside (e.g.,
from the Internet).
The WeOS firewall utilises connection tracking; a rule allowing traffic to pass
through the firewall in one direction, will implicitly allow traffic of established
connections (and traffic of related connections) to also pass in the reverse direc-
tion. Application level gateway (ALG) helper functions can be enabled to provide
connection tracking of more complex protocols, such as FTP and SIP.
describes the firewall functionality available in WeOS.
and
cover firewall management via the Web Interface and via the CLI.
682
➞ 2015 Westermo Teleindustri AB