Rule table

WEBconfig: Setup / IP router / Firewall / Rules

The rules table links various pieces of information on a firewall rule. The rule contains the protocol to be filtered, the source, the destination and the firewall action to be executed. For every firewall rule there is also an on/off switch, a priority, the option to link with other rules, and activation of the rule for VPN connections.

Just as with LANconfig, WEBconfig can be used to configure the firewall with the help of objects. The % notation described as follows is only necessary for defining objects or actions.

Note: Existing firewalls in the % notation are not automatically converted to the object-orientated form. However, the LANCOM KnowledgeBase contains the pre-defined firewall settings used by the new objects.

Note: Devices with LCOS version 7.6 or later are automatically pre-defined with the main firewall objects. When processing older configurations with LANconfig, the firewall's standard objects are added automatically.

LCOS has a special syntax to define firewall rules. This syntax enables the representation of complex interrelationships for the testing and handling of data packets in the firewall with just a few characters. The rules are defined in the rules table. Pre-defined objects can be stored in two further tables so that frequently used objects do not have to be entered into the LCOS syntax every time:

The firewall actions are stored in the action table
The object table holds the stations and services

Note: The objects from these tables can be used for rule definition, although this is not compulsory. They merely simplify the use of frequently used objects.

The definition of firewall rules can contain entries in the object table for protocols, services, stations and the action table for firewall actions, and also direct definitions in the appropriate LCOS syntax (e.g. %P6 for TCP).

Note: For direct input of level parameters in the LCOS syntax, the same rules apply as specified in the following sections for protocols, source/destination and firewall actions.