Configure: Firewall
The default security configuration for a Mako is to permit no communications initiated from the
Internet to penetrate your networks. At the same time all communications initiated from the
office network can access the Internet. In telephone terms, you can call out, but they can’t
call in.
This means that users on your Mako-protected networks can send and receive their email,
browse the World Wide Web, and access all other Internet based services, while the firewall
ensures that none of their PCs are visible to the Internet.
This is a very secure setting of your Mako device and should not be changed except in cases
of specific need. Changes to permissions which Deny access tend to improve firewall
security. Changes which Allow access tend to weaken firewall security. Changes to
permissions should therefore specify the permitted access as narrowly as possible to
minimise risk of unauthorised intrusion.
Inbound
This relates to the firewall rules which permit communications to be initiated from the Internet
into your local networks by a remote host computer.
It is important to understand that Inbound access permissions place some responsibility for
security of the local network onto the designated target local network PC or server. The
firewall will pass through all communications matching the access permissions. If the local
PC or server is not itself secure then other computers in the office network can be exposed to
unauthorised access.
It is therefore sensible to exercise caution when enabling Inbound access. It is also
necessary to ensure that target computers on the local network have all security related
updates applied to their software.
Outbound
This relates to the firewall rules which permit communications to be initiated from computers
in your office network to remote host systems on the Internet.
It is sensible to appreciate that, though the firewall will ensure that communications are only
initiated by PCs on the local network, once established these communications are two-way.
Internet based attackers have developed a wide variety of malicious software programs which
can be downloaded onto a PC without the PC user’s knowledge. These programs are
generically known as ‘Viruses’, though other terms such as Trojan and Worm are in use.
The actions of virus programs can be very dangerous to your office computer systems. Early
examples tended to perform obvious destructive acts such as the deletion of crucial system
files. More recently information has been extracted by the virus to damage reputations by
sending malicious emails under the name of the PC owner. Other varieties of virus may
instigate industrial espionage with confidential information, may use office PCs in an Internet
borne attack on a third party, or may steal Internet access at the office’s expense.
The firewall is not a substitute for effective virus protection, which should be installed on all
computers with Outbound access to the Internet, and which must be kept up to date at no
less than weekly intervals.
Intranet
Mako 7550s have quad LAN ports and the Intranet firewall controls enable you to restrict or
allow access between the four networks. The default setting is to not allow any
communication between the four networks.
VPN
In addition to having control over inbound and outbound traffic, your Mako enables you to
have firewall control over your Mako to Mako VPNs. To find out more about Mako to Mako
VPNs, please see the VPN section of this document.
Mako Networks Mako 7550-E Product Handbook v.1.1
Page 35