manualshive.com logo in svg

Allied Telesis AR 300 AT-AR300 AT-AR300, Release Manual

The Allied Telesis AR 300 AT-AR300 is a powerful network router designed for reliable and secure connectivity. For detailed setup and configuration instructions, you can easily download the free Release Manual from manualshive.com. Get the most out of your device with this comprehensive manual.

Share
Download
background image

24

Release Note

Software Release 2.3.1

C613-10325-00 REV B

Figure 6: Example of a HTTP filter file.

HTTP Cookies

By default, HTTP cookie requests are allowed to pass through the HTTP proxy 
configured under the firewall policy. To discard cookie sets from particular 
domains or URLs, put entries in the filter file for the direction in which you 
want to filter, as described above. To configure the HTTP proxy to discard all 
HTTP cookie sets from all responses, use the command:

DISABLE FIREWALL POLICY=

name

 HTTPCOOKIES

where:

name 

is a character string, 1 to 15 characters in length. Valid characters are 

letters (a-z, A-Z), digits (0-9) and the underscore character (“_”).

The POLICY parameter specifies the name of the firewall policy for which 
cookie requests are to be disabled. The policy must already exist.

# The keywords section starts with the string “keywords:”.

keywords:

# The keywords can match any part of the URL. URLs containing these entries will 

# be denied unless specifically allowed by an entry later in the file.

sex

plants

toys

.nz

# Putting a * in front of the keyword indicates that the string must appear at 

# the end of the URL, for the URL to be denied. The following entry would match 

www.anything.com/this/is/an/example, but not www.example.com

*example

# The * operator can be used to specify the type of file.

*.mp3

*.jpg

# The URLs section starts with the string “URLS:”, and specifies particular URLs

# to deny, allow or cookie filter.

URLS:

# If no explicit deny is put on the end then the URL is denied.

# Note the implicit /* on the end of the domain. 

www.plant.com

www.nude.com

# Specific sections of websites can be matched. The sections must be complete 

# folder/directory names, so the following entry would match 

# www.hacker.com/dosAttack/dos.html but not www.hacker.com/dosAttacks/dos.html

www.hacker.com/dosAttack

# The “nocookies” option denies cookie requests from the domain, and makes an 

# implicit allow.

www.acompany.com: nocookies

 

# The “allow” option can be used to override general URL exclusions.

www.nude.com/this/is/not/porn : allow

# The “allow” option can also be used to override general keyword exclusions.

www.sexy.plants.com : allow

# The “allow” and “nocookies” options can be combined to allow a URL that is  

# forbidden by the keywords, but deny cookie requests.

www.acompany.co.nz : allow nocookies

Summary of Contents for AR 300 AT-AR300 AT-AR300

Page 1: ...Security IPsec Source Interface and Enhancements 11 OSPF on Demand 12 Paladin Firewall Enhancements 14 Interface based NAT 14 Rule based NAT 14 Time Limited Rules 15 New Command Syntax 15 Web Redirect...

Page 2: ...has been made to ensure that the information contained within this document and the features and changes described are accurate Allied Telesyn International can not accept any type of liability for e...

Page 3: ...ards can be hot swapped into the same bay The software configurations of the interfaces on the hot swapped cards are preserved across the hot swap so that modules configured to interfaces on the cards...

Page 4: ...Follow these steps to hot swap an NSM or PICs in an NSM 4PIC into an empty NSM bay 1 Check that the NSM or PIC bay is empty 2 Check that the NSM bay is ready for hot swap Look at the Swap and In use...

Page 5: ...0 Series routers Commands to reset interface and IP MIB counters to zero and changes to the display of MIB counters IP and Interface Counters on page 29 An extended range of telephony functions on AR3...

Page 6: ...ommands relating to interfaces on hot inserted cards until the router or switch is restarted These interfaces must be configured manually The router or switch does not update the MAC address of any ho...

Page 7: ...es out entries after a specified period of up to 60 minutes When a domain or host is requested the cache is searched for a matching entry If a match is found a response is sent to the requesting PC or...

Page 8: ...s not specified the name servers will be used as the default name servers All DNS requests that do not match another specified domain will be sent to the default name servers This is equivalent to spe...

Page 9: ...eset Telnet Server Port Number The listen port for the Telnet server is now configurable so that it can be changed from the default value 23 The LISTENPORT parameter has been added to the SET TELNET c...

Page 10: ...ompression encryption authentication or Diffie Hellman key exchange A decoding channel is used for decompression decryption or authentication With Software Release 2 3 1 the number of channels availab...

Page 11: ...C POSTION pos RADDRESS ANY ipadd ipadd RMASK ipadd RNAME ANY system name RPORT ANY port OPAQUE SRCINTERFACE interface TRANSPORTPROTOCOL ANY EGP ESP GRE ICMP OPAQUE OSPF RSVP TCP UDP protocol UDPHEARTB...

Page 12: ...t multi access NBMA networks are declared as demand circuits i e more than one router has the network configured as a demand circuit routing update traffic is reduced but the periodic sending of Hello...

Page 13: ...ing OSPF on demand For more information see the Open Shortest Path First OSPF chapter of your switch or router s Software Reference The latest Software Reference can be downloaded from the support sit...

Page 14: ...e sites For examples of their use see Web Redirection with Reverse NAT Rules on page 18 and Further Examples on page 19 As in previous releases the Paladin Firewall requires a special feature licence...

Page 15: ...will be active from the creation of the rule and will be deleted after the time specified has expired All entries created from this rule will be destroyed once the rule expires Rules defined with a TT...

Page 16: ...y allows traffic that matches the rule Care should be taken when defining the rule so only the desired traffic will be permitted through the firewall The GBLIP parameter specifies a single IP address...

Page 17: ...The NATMASK parameter specifies an IP address mask that will be used to translate IP addresses from one subnet to another The MASK parameter must only be specified when the rule action is NAT and the...

Page 18: ...everse NAT Rules The implementation of reverse NAT allows the firewall to perform Web Redirection A NAT rule can be created which redirects HTTP traffic and sends it to one particular web server defin...

Page 19: ...t rule number until a match is found A low number will ensure that the allow rule will be applied if appropriate rather than any of the other rules ADD FIREWALL POLICY ISP RULE 5 INTERFACE vlan1 ACTIO...

Page 20: ...private subnet 10 1 2 0 use the command ADD FIREWALL POLICY zone1 RULE 11 ACTION NAT NATTYPE STANDARD INT eth1 PROTOCOL all GBLIP 210 25 4 0 IP 10 1 2 0 NATMASK 255 255 255 0 REMOTEIP 210 25 4 1 210...

Page 21: ...all HTTP Application Gateway Proxy A new Firewall HTTP proxy Application Gateway will filter outbound HTTP sessions based on the URLs requested and block the setting of all cookies or cookies requeste...

Page 22: ...cter _ filename is the name of a file on the router These commands add or delete the contents of a HTTP filter file from the HTTP filter of the specified firewall policy The HTTP filter file contains...

Page 23: ...han a similar entry with deny Finally keywords in the file have the least precedence They are only applied to sections of the URL not part of the closest fitting URL entry Figure 6 contains an example...

Page 24: ...g a in front of the keyword indicates that the string must appear at the end of the URL for the URL to be denied The following entry would match www anything com this is an example but not www example...

Page 25: ...passing through the HTTP proxy is enabled If PROXY is specified the display of general information about firewall proxies is enabled The DEBUG parameter is not retained over a reboot SHOW FIREWALL PO...

Page 26: ...ach time a VLAN port fails or is disabled Table 6 New parameters in the output of the SHOW FIREWALL POLICY COUNTER command Parameter Meaning HTTP Proxy Filter File Name of a text file containing a lis...

Page 27: ...the PORTMONITORING parameter is set to ON the STEPVALUE parameter may also be specified The default is OFF The STEPVALUE parameter specifies the value by which the priority of the VR should be decrem...

Page 28: ...DD BGP AGGREGATE ADD BGP CONFEDERATIONPEER ADD BGP IMPORT ADD BGP NETWORK ADD BGP PEER DELETE BGP AGGREGATE DELETE BGP CONFEDERATIONPEER DELETE BGP IMPORT DELETE BGP NETWORK DELETE BGP PEER DISABLE BG...

Page 29: ...The latest Software Reference can be downloaded from the support site at www alliedtelesyn co nz documentation documentation html IP and Interface Counters Software Release 2 3 1 allows you to reset a...

Page 30: ...If an option is not specified or ALL is specified all the IP counters are displayed The output displayed with the option ARP is shown in Figure 7 on page 30 and Table 8 on page 30 The output displayed...

Page 31: ...itiates a SLIP or PPP connection The interface will disappear when the user logs off when the router is restarted or when the IP module is reset with the RESET IP command An inactive interface is a pe...

Page 32: ...NMP community name inBadCommunityUses The total number of SNMP PDUs delivered to the SNMP agent that represented an SNMP operation not allowed by the SNMP community name in the PDU inASNParseErrs The...

Page 33: ...quest packets received by the router inGetResponses The number of SNMP Get Response packets received by the router inTraps The number of SNMP trap message packets received by the router outPkts The nu...

Page 34: ...value 64 127000 in kbps is rounded down to the nearest 64kbps if below 1000 otherwise it is rounded down to the nearest 1000 or 1 Mbps For Gigabit ports the input value 8 1016 in Mbps is rounded down...

Page 35: ...OFF YES NO other options SET USER login name LOGIN TRUE FALSE ON OFF YES NO other options SET USER LOGIN TRUE FALSE ON OFF YES NO other options TELNET Module Configuration Telnet Server Enabled Telne...

Page 36: ...sed both for PAP and CHAP authentication and to login and access the command line Usernames with LOGIN set to FALSE can only be used for PAP and CHAP authentication After upgrading from 2 0 x or 2 1 x...

Reviews:

No comments

Related manuals for AR 300 AT-AR300 AT-AR300

D-Link DSL-2640BT Installation Manual preview
DSL-2640BT
Brand: D-Link Pages: 12
Linksys WRT54G3G-AT Product Data preview
WRT54G3G-AT
Brand: Linksys Pages: 2
Lindy 25046 User Manual preview
25046
Brand: Lindy Pages: 4
3Com 3C410012A - OfficeConnect Remote 531 Access... Getting Started Manual preview
3C410012A - OfficeConnect Remote 531 Access...
Brand: 3Com Pages: 72
LogLogic LX 1010 Quick Start Manual preview
LX 1010
Brand: LogLogic Pages: 30
Mercusys MR30G Quick Installation Manual preview
MR30G
Brand: Mercusys Pages: 35
HARTING HAIIC MICA Hardware Development Manual preview
HAIIC MICA
Brand: HARTING Pages: 13
H3C NSQ1GT48EA0 Manual preview
NSQ1GT48EA0
Brand: H3C Pages: 3
Freund FE-W826-T2 Setup Manual preview
FE-W826-T2
Brand: Freund Pages: 6
Lantech IMR-3003 User Manual preview
IMR-3003
Brand: Lantech Pages: 40
ZyXEL Communications P-335U Specifications preview
P-335U
Brand: ZyXEL Communications Pages: 2
ACTi LPR-100 Quick Installation Manual preview
LPR-100
Brand: ACTi Pages: 14
Paradyne ACCULINK 3161 CSU Quick Reference Manual preview
ACCULINK 3161 CSU
Brand: Paradyne Pages: 19
Black Box Secure Site Manager 16 Quick Start Manual preview
Secure Site Manager 16
Brand: Black Box Pages: 16
Zhone 6388-A2 User Manual preview
6388-A2
Brand: Zhone Pages: 53
Manson Engineering Industrial SBC-6108 User Manual preview
SBC-6108
Brand: Manson Engineering Industrial Pages: 10
Alcatel-Lucent Service Aggregation Router 7705 Installation Manual preview
Service Aggregation Router 7705
Brand: Alcatel-Lucent Pages: 20
TRENDnet TEW-752DRU User Manual preview
TEW-752DRU
Brand: TRENDnet Pages: 68

Brands by name

Popular brands

Load more brands