The Firewall filters only those data packets out of the entire data stream running through the IP router of the LANCOM, for which a special treatment has been defined.
The Firewall only checks data packets routed by the IP router of the LANCOM. In general, these are the data packets, which are exchanged between one of the WAN interfaces and the internal networks (LAN, WLAN, DMZ).
For example, the communication between LAN and WLAN is normally not carried out by the router, as long as the LAN bridge allows a direct exchange. Thus the Firewall rules do not apply here. The same applies to the so-called “internal services” of the LANCOM like Telnet, TFTP, SNMP and the web server for the configuration with WEBconfig. The data packets of these services do not run through the router, and therefore aren’t influenced by the Firewall.
The LANCOM Firewall uses several lists for checking data packets, which are automatically generated from Firewall rules, resulting Firewall actions or by active data connections:
- Host block list
- Port block list
- Connection list
- Filter list
When a data packet should be routed via the IP router, the Firewall uses the lists as follows:
- The first check is, whether the packet was coming from a workstation belonging to the host block list. If the sender is blocked, the packet will be discarded.
- If the sender is not blocked in this list, the port block list will be checked, if the used port/protocol combination on the destination PC is closed. In this case the packet will be discarded.
- If sender and destination are not blocked in the first two lists, then it will be checked whether a connection entry exists for this packet in the connection list. If such an entry exists, then the packet will be handled as noted in this list.
- If no entry has been found for the packet, then the filter list will be searched, whether a suitable entry exists and the action indicated in this list will be carried out. If the action intends to accept the packet, then an entry is made in the connection list, as well as for any further actions.
The four lists obtain their information as follows:
- In the host block list are all those stations listed, which are blocked for a certain time because of a Firewall action. The list is dynamic, new entries can be added continuously with appropriate actions of the Firewall. Entries automatically disappear after exceeding the timeout.
- In the port block list those protocols and services are filed, which are blocked for a certain time because of a Firewall action. This list is likewise a dynamic one, new entries can be added continuously with the appropriate Firewall actions. Entries automatically disappear after exceeding the timeout.
- For each established connection an entry is made in the connection list, if the checked packet has been accepted by the filter list. In the connection list is noted from which source to which destination, over which protocol and which port a connection is actually allowed. The list contains in addition, how long an entry will stay in the list and which Firewall rule is responsible for the entry. This list is very dynamic and permanently “moving”.
- The filter list is made of the Firewall rules. The containing filters are static and only changed when Firewall rules are added, edited or deleted.
Thus all lists, which are consulted by the Firewall to check data packets, finally base on the Firewall rules.