manualshive.com logo in svg

Allied Telesis AR 300 AT-AR300 AT-AR300, Release Manual

The Allied Telesis AR 300 AT-AR300 is a powerful network router designed for reliable and secure connectivity. For detailed setup and configuration instructions, you can easily download the free Release Manual from manualshive.com. Get the most out of your device with this comprehensive manual.

Share
Download
background image

22

Release Note

Software Release 2.3.1

C613-10325-00 REV B

Firewall HTTP Proxies and Firewall Policies

To add or delete a Firewall HTTP proxy, use the new HTTP option for the 
PROXY parameter in the commands:

ADD FIREWALL POLICY=

policy-name

 PROXY={

HTTP

|SMTP} 

INTERFACE=

interface

 GBLINTERFACE=

interface

 DIRECTION={IN|

OUT|BOTH} [IP=

ipadd

] [DAYS=

day-list

] [AFTER=

hh:mm

[BEFORE=

hh:mm

]

DELETE FIREWALL POLICY=

policy-name

 PROXY={

HTTP

|SMTP} 

INTERFACE=

interface

 GBLINTERFACE=

interface

 DIRECTION={IN|

OUT|BOTH} [IP=

ipadd

]

The PROXY parameter specifies the application proxy that will be added to the 
security policy. Available application proxies are described in Table 4.

HTTP Filters

To add to or delete from the HTTP filter for a firewall policy, use the 
commands:

ADD FIREWALL POLICY=

name

 HTTPFILTER=

filename

 [DIRECTION={IN|

OUT}]

DELETE FIREWALL POLICY=

name 

HTTPFILTER=

filename

 

[DIRECTION={IN|OUT}]

where:

name

 is a character string, 1 to 15 characters in length. Valid characters are 

letters (a-z, A-Z), digits (0-9) and the underscore character (“_”).

filename

 is the name of a file on the router.

These commands add or delete the contents of a HTTP filter file from the HTTP 
filter of the specified firewall policy. The HTTP filter file contains a list of URLs, 
keywords and cookie settings that are used to filter the traffic traversing the 
HTTP proxy.

The POLICY parameter specifies the policy to which the HTTP filter file will be 
added. It must already exist.

The HTTPFILTER parameter specifies the name of the HTTP filter file. The 
filter file is a file type with a 

.txt 

extension containing zero or more single line 

entries. The string 

keywords: 

must be placed at the beginning of the file and is 

used to start the keyword section. Keywords can be placed on the same line if 
they are separated by a space, or placed on separate lines. The URL section is 
indicated by a 

URLS: 

keyword as the first word on the line. URL entries must 

contain full domain, directory, and folder names. Only one domain is allowed 

Table 4: Application Proxies.

Proxy

Functions

HTTP

Filtering of requested URLs.

Blocking/filtering of cookies.

SMTP

Provides filtering of spam email from known spam sources.

Blocking of third party relay attacks.

Blocking of email smurf amp attacks.

Summary of Contents for AR 300 AT-AR300 AT-AR300

Page 1: ...Security IPsec Source Interface and Enhancements 11 OSPF on Demand 12 Paladin Firewall Enhancements 14 Interface based NAT 14 Rule based NAT 14 Time Limited Rules 15 New Command Syntax 15 Web Redirect...

Page 2: ...has been made to ensure that the information contained within this document and the features and changes described are accurate Allied Telesyn International can not accept any type of liability for e...

Page 3: ...ards can be hot swapped into the same bay The software configurations of the interfaces on the hot swapped cards are preserved across the hot swap so that modules configured to interfaces on the cards...

Page 4: ...Follow these steps to hot swap an NSM or PICs in an NSM 4PIC into an empty NSM bay 1 Check that the NSM or PIC bay is empty 2 Check that the NSM bay is ready for hot swap Look at the Swap and In use...

Page 5: ...0 Series routers Commands to reset interface and IP MIB counters to zero and changes to the display of MIB counters IP and Interface Counters on page 29 An extended range of telephony functions on AR3...

Page 6: ...ommands relating to interfaces on hot inserted cards until the router or switch is restarted These interfaces must be configured manually The router or switch does not update the MAC address of any ho...

Page 7: ...es out entries after a specified period of up to 60 minutes When a domain or host is requested the cache is searched for a matching entry If a match is found a response is sent to the requesting PC or...

Page 8: ...s not specified the name servers will be used as the default name servers All DNS requests that do not match another specified domain will be sent to the default name servers This is equivalent to spe...

Page 9: ...eset Telnet Server Port Number The listen port for the Telnet server is now configurable so that it can be changed from the default value 23 The LISTENPORT parameter has been added to the SET TELNET c...

Page 10: ...ompression encryption authentication or Diffie Hellman key exchange A decoding channel is used for decompression decryption or authentication With Software Release 2 3 1 the number of channels availab...

Page 11: ...C POSTION pos RADDRESS ANY ipadd ipadd RMASK ipadd RNAME ANY system name RPORT ANY port OPAQUE SRCINTERFACE interface TRANSPORTPROTOCOL ANY EGP ESP GRE ICMP OPAQUE OSPF RSVP TCP UDP protocol UDPHEARTB...

Page 12: ...t multi access NBMA networks are declared as demand circuits i e more than one router has the network configured as a demand circuit routing update traffic is reduced but the periodic sending of Hello...

Page 13: ...ing OSPF on demand For more information see the Open Shortest Path First OSPF chapter of your switch or router s Software Reference The latest Software Reference can be downloaded from the support sit...

Page 14: ...e sites For examples of their use see Web Redirection with Reverse NAT Rules on page 18 and Further Examples on page 19 As in previous releases the Paladin Firewall requires a special feature licence...

Page 15: ...will be active from the creation of the rule and will be deleted after the time specified has expired All entries created from this rule will be destroyed once the rule expires Rules defined with a TT...

Page 16: ...y allows traffic that matches the rule Care should be taken when defining the rule so only the desired traffic will be permitted through the firewall The GBLIP parameter specifies a single IP address...

Page 17: ...The NATMASK parameter specifies an IP address mask that will be used to translate IP addresses from one subnet to another The MASK parameter must only be specified when the rule action is NAT and the...

Page 18: ...everse NAT Rules The implementation of reverse NAT allows the firewall to perform Web Redirection A NAT rule can be created which redirects HTTP traffic and sends it to one particular web server defin...

Page 19: ...t rule number until a match is found A low number will ensure that the allow rule will be applied if appropriate rather than any of the other rules ADD FIREWALL POLICY ISP RULE 5 INTERFACE vlan1 ACTIO...

Page 20: ...private subnet 10 1 2 0 use the command ADD FIREWALL POLICY zone1 RULE 11 ACTION NAT NATTYPE STANDARD INT eth1 PROTOCOL all GBLIP 210 25 4 0 IP 10 1 2 0 NATMASK 255 255 255 0 REMOTEIP 210 25 4 1 210...

Page 21: ...all HTTP Application Gateway Proxy A new Firewall HTTP proxy Application Gateway will filter outbound HTTP sessions based on the URLs requested and block the setting of all cookies or cookies requeste...

Page 22: ...cter _ filename is the name of a file on the router These commands add or delete the contents of a HTTP filter file from the HTTP filter of the specified firewall policy The HTTP filter file contains...

Page 23: ...han a similar entry with deny Finally keywords in the file have the least precedence They are only applied to sections of the URL not part of the closest fitting URL entry Figure 6 contains an example...

Page 24: ...g a in front of the keyword indicates that the string must appear at the end of the URL for the URL to be denied The following entry would match www anything com this is an example but not www example...

Page 25: ...passing through the HTTP proxy is enabled If PROXY is specified the display of general information about firewall proxies is enabled The DEBUG parameter is not retained over a reboot SHOW FIREWALL PO...

Page 26: ...ach time a VLAN port fails or is disabled Table 6 New parameters in the output of the SHOW FIREWALL POLICY COUNTER command Parameter Meaning HTTP Proxy Filter File Name of a text file containing a lis...

Page 27: ...the PORTMONITORING parameter is set to ON the STEPVALUE parameter may also be specified The default is OFF The STEPVALUE parameter specifies the value by which the priority of the VR should be decrem...

Page 28: ...DD BGP AGGREGATE ADD BGP CONFEDERATIONPEER ADD BGP IMPORT ADD BGP NETWORK ADD BGP PEER DELETE BGP AGGREGATE DELETE BGP CONFEDERATIONPEER DELETE BGP IMPORT DELETE BGP NETWORK DELETE BGP PEER DISABLE BG...

Page 29: ...The latest Software Reference can be downloaded from the support site at www alliedtelesyn co nz documentation documentation html IP and Interface Counters Software Release 2 3 1 allows you to reset a...

Page 30: ...If an option is not specified or ALL is specified all the IP counters are displayed The output displayed with the option ARP is shown in Figure 7 on page 30 and Table 8 on page 30 The output displayed...

Page 31: ...itiates a SLIP or PPP connection The interface will disappear when the user logs off when the router is restarted or when the IP module is reset with the RESET IP command An inactive interface is a pe...

Page 32: ...NMP community name inBadCommunityUses The total number of SNMP PDUs delivered to the SNMP agent that represented an SNMP operation not allowed by the SNMP community name in the PDU inASNParseErrs The...

Page 33: ...quest packets received by the router inGetResponses The number of SNMP Get Response packets received by the router inTraps The number of SNMP trap message packets received by the router outPkts The nu...

Page 34: ...value 64 127000 in kbps is rounded down to the nearest 64kbps if below 1000 otherwise it is rounded down to the nearest 1000 or 1 Mbps For Gigabit ports the input value 8 1016 in Mbps is rounded down...

Page 35: ...OFF YES NO other options SET USER login name LOGIN TRUE FALSE ON OFF YES NO other options SET USER LOGIN TRUE FALSE ON OFF YES NO other options TELNET Module Configuration Telnet Server Enabled Telne...

Page 36: ...sed both for PAP and CHAP authentication and to login and access the command line Usernames with LOGIN set to FALSE can only be used for PAP and CHAP authentication After upgrading from 2 0 x or 2 1 x...

Reviews:

No comments

Related manuals for AR 300 AT-AR300 AT-AR300

ABB RELION REF615R Manual preview
RELION REF615R
Brand: ABB Pages: 66
Panasonic BL-C20 Troubleshooting Manual preview
BL-C20
Brand: Panasonic Pages: 18
H3C H3C S7500E-X Command Reference Manual preview
H3C S7500E-X
Brand: H3C Pages: 16
H3C SR6600 SPE-FWM Configuration Manual preview
SR6600 SPE-FWM
Brand: H3C Pages: 24
FOR-A MFR-16DTIO Installation Manual preview
MFR-16DTIO
Brand: FOR-A Pages: 2
Tandberg Data Storagelibrary T24 Manual preview
Storagelibrary T24
Brand: Tandberg Data Pages: 28
Server Technology Sentry Global Security Modem Installation And Operation Manual preview
Sentry Global Security Modem
Brand: Server Technology Pages: 22
ZyXEL Communications P-336M Quick Start Manual preview
P-336M
Brand: ZyXEL Communications Pages: 125
Avaya ERS 5510 Technical Configuration Manual preview
ERS 5510
Brand: Avaya Pages: 73
Ethernet Direct Husky HMG-1648EP User Manual preview
Husky HMG-1648EP
Brand: Ethernet Direct Pages: 16
Rackable Systems OmniStor 4900F Series User Manual preview
OmniStor 4900F Series
Brand: Rackable Systems Pages: 196
Sans Digital Mobileraid MR8X Detailed User'S Manual preview
Mobileraid MR8X
Brand: Sans Digital Pages: 81
Gtran Wireless DotSurfer GPC-2100 User Manual preview
DotSurfer GPC-2100
Brand: Gtran Wireless Pages: 44
Acard ARS-2212 User Manual preview
ARS-2212
Brand: Acard Pages: 43
AIC HA201-AP User Manual preview
HA201-AP
Brand: AIC Pages: 64
Echelon 42150 User Manual preview
42150
Brand: Echelon Pages: 99
AMCI RBE2-8 User Manual preview
RBE2-8
Brand: AMCI Pages: 55
Hama 62732 Operating Instructions Manual preview
62732
Brand: Hama Pages: 34

Brands by name

Popular brands

Load more brands