Chapter Objective Discuss various additional and important features of a firewall –DHCP –Virtual server –Enabling applications that require multiple connections –Filters (IP, MAC etc. ) –Firewall rules regulating traffic –DMZ –Remote management –etc.
WAN Side IP In the case of the firewall/switch, an address for the firewall must be specified for both the WAN side and the LAN side –The LAN side address will be a private address that is not visible to the Internet
IP Options Static IP –Demonstrated early Dynamic IP –Cable modem and LAN Internet sharing –Could also be employed in the case of DSL PPPoE –DSL specific
Opening Ports for Special Applications There are special applications that would require one or more ports to be opened through the firewall/switch Examples include Internet chat, telephony applications etc.
Filters and Blockers IP Filters –LAN clients can be selectively blocked from accessing the Internet based on their IP address MAC Filters –The same as above, but the filter is based on MAC address of a client URL Blocking –URLs can be blocked from being accessed Domain Blocking –Access to domains can be blocked as well
Firewall Rules Firewall rules can be specified to allow or block traffic entering the firewall or passing through the firewall/switch For example, pinking the firewall from the Internet (WAN) side can be disabled using firewall rules
Tools Administrative –Set passwords and enable or disable remote management Time –Set the current time and date System –Store and load firewall settings Firmware upgrade Miscellaneous tools
Administrative Tools Set administrator and a user password Enable the firewall to be managed from a remote computer probably over the Internet –In general, it is not desirable to enable this option for security reasons
Miscellaneous Tools Pinging a host name or an IP address Restarting the firewall –Probably to activate any changes made Block the pinging of the firewall from the Internet (WAN) side Enabling UPNP and gaming mode Allow VPN traffic based on PPTP and IPSec to pass through Enable dynamic DNS service
Status Reporting Display LAN and WAN settings Log and display the log of activities –Attacks, dropped packets etc. Display traffic statistics –Number of packets transmitted and received on the WAN (Internet – External) and LAN (Internal) side