5.3 SECURITY
NAT/PT
This security function supports the conversion between private IP addresses and public IP addresses.
Network Address Translation and Port Address Translation services protect devices on the private internal
LAN from being exposed on the Public Network. This service also allows a single public IP address to be
shared among multiple hosts on the internal LAN.
Firewall
•
Access Filtering: Access lists and policies can be implemented to control access to internal resources.
•
DMZ Function: Hosts connected to the DMZ port can bypass the network firewall making it easier for
external clients to access their services. Applications such as web servers and mail servers are typically
connected to the DMZ ports. The private LAN is still protected behind the firewall.
•
Port Forwarding:This feature allows external hosts on the public network to access hosts and services on
the internal private LAN by forwarding the Public WAN address to a private LAN address based on a spe-
cific port.
Intrusion Detection System (IDS)
This function monitors all packets on the network to provide an additional level of security. This feature will
prevent various types of attacks and intrusion attempts on the data network. Detection is based on “Snort
Rules” which define specific intrusion patterns (can be updated at www.snort.org).
Virtual Private Network (VPN)
The VPN (Virtual Private Network) feature allows external hosts and networks to access the local private LAN
as if they were virtually part of the local LAN. This feature is implemented using the IPSEC (authentication:
RSA key, Pre-shared key, x.509 cert) or PPTP (Point to Point Tunnelling Protocol).
DHCP
The OfficeServ 7200 can function as a DHCP server. This service dynamically can assign IP addresses to all
hosts connected to the private LAN.
SIP Aware ALG (SIP Application Gateway)
This feature takes SIP packets coming at the WAN interface and redirects them to any SIP user agents con-
nected to the private LAN.
DSMI
This service automatically configures the router to allow for VoIP applications such as remote IP phones and
IP networking, IP Trunking, etc.
5.4