IS200DAMDG1A工控备件模块
具有白名单的数据包筛选器方案如图所示,“数据包筛选器规则列表”被指定为白名单(允许符合以下规则的数据包)。规则1允许HTTP数据包通过,规则2允许HTTPS数据包通过。在这种配置下,网关将仅允许IP范围为192.168.123.200至250的HTTP和HTTPS数据包,这些数据包以TCP端口80或443为目标,通过WAN接口。数据包筛选器设置转到“安全”>“防火墙”>“数据包筛选器”选项卡。数据包筛选器允许用户创建和自定义数据包筛选器策略,以根据其办公室设置允许或拒绝特定的入站/出站数据包通过路由器。启用数据包过滤器配置窗口项目名称值设置描述数据包过滤器默认未选中选中启用框以激活数据包过滤器功能EW200工业蜂窝网关258黑名单/白名单默认设置拒绝与以下规则匹配的数据包过滤器当选择拒绝与下列规则匹配时,规则中指定的数据包将被阻止&列入黑名单。相反,使用“允许那些符合以下规则的数据包”,您可以明确列出要传递的数据包,其余数据包将被阻止。日志警报默认情况下未选中选中启用框以激活事件日志。保存单击保存保存设置撤消单击撤消取消设置创建/编辑数据包过滤规则网关允许您自定义数据包过滤规则。它最多支持20个筛选规则集。应用添加按钮后,将显示数据包筛选器规则配置屏幕。数据包筛选器规则配置项名称值设置描述规则名称1。字符串格式,任意文本2。必需设置输入数据包筛选器规则名称。值范围:1~30个字符。来自接口1的EW200工业蜂窝网关259。所需设置2。默认情况下,选择了Any。将所选接口定义为路由器的数据包输入接口。如果要过滤的数据包来自LAN到WAN,则选择LAN作为此字段。如果VLAN-1到WAN,则为该字段选择VLAN-1。其他示例是VLAN-1至VLAN-2。VLAN-1到WAN。选择任意以过滤从任何接口进入路由器的数据包。请注意,路由器不接受两个相同的接口。e、 例如VLAN-1至VLAN-1。至接口1。所需设置2。默认情况下,选择了Any。将所选接口定义为路由器的数据包离开接口。如果要过滤的数据包从LAN输入到WAN,则选择WAN作为此字段。如果VLAN-1到WAN,则为该字段选择WAN。其他示例是VLAN-1至VLAN-2。VLAN-1到WAN。选择“任意”以过滤从任何接口离开路由器的数据包。请注意,路由器不接受两个相同的接口。e、 例如VLAN-1至VLAN-1。源IP 1。所需设置2。默认情况下,选择“任意”。此字段用于指定源IP地址。选择任意以过滤来自任何IP地址的数据包。选择“特定IP地址”以过滤来自IP地址的数据包。选择IP范围以过滤来自指定IP地址范围的数据包。选择基于IP地址的组以过滤来自预定义组的数据包。在该选项可用之前,必须预先定义组。请参阅对象定义>分组>主机分组。
Packet Filter with White List Scenario As shown in the diagram, "Packet Filter Rule List" is specified as a white list (Allow those matching the following rules). Rule-1 is to allow HTTP packets to pass, and Rule-2 is to allow HTTPS packets to pass. Under such configuration, the gateway will allow only HTTP and HTTPS packets, issued from the IP range 192.168.123.200 to 250, which are targeted to TCP port 80 or 443 to pass the WAN interface. Packet Filter Setting Go to Security > Firewall > Packet Filter tab. The packet filter setting allows user to create and customize packet filter policies to allow or reject specific inbound/outbound packets through the router based on their office setting. Enable Packet Filter Configuration Window Item Name Value setting Description Packet Filter Unchecked by default Check the Enable box to activate the Packet Filter function EW200 Industrial Cellular Gateway 258 Blacklist / White List Deny those match the following rules is set by default When Deny those match the following rules is selected, as the name suggests, packets specified in the rules will be blocked –blacklisted. In contrast, with Allow those match the following rules, you can specifically white list the packets to pass and the rest will be blocked. Log Alert Unchecked by default Check the Enable box to activate Event Log. Save Click Save to save the settings Undo Click Undo to cancel the settings Create/Edit Packet Filter Rules The gateway allows you to customize your packet filtering rules. It supports up to a of 20 filter rule sets. When the Add button is applied, the Packet Filter Rule Configuration screen will appear. Packet Filter Rule Configuration Item Name Value setting Description Rule Name 1. String format, any text 2. Required setting Enter a packet filter rule name. Value Range: 1 ~ 30 characters. EW200 Industrial Cellular Gateway 259 From Interface 1. Required setting 2. By default Any is selected Define the selected interface to be the packet-entering interface of the router. If the packets to be filtered are coming from LAN to WAN then select LAN for this field. If VLAN-1 to WAN then select VLAN-1 for this field. Other examples are VLAN-1 to VLAN-2. VLAN-1 to WAN. Select Any to filter packets coming into the router from any interfaces. Please te that two identical interfaces are t accepted by the router. e.g., VLAN-1 to VLAN-1. To Interface 1. Required setting 2. By default Any is selected Define the selected interface to be the packet-leaving interface of the router. If the packets to be filtered are entering from LAN to WAN then select WAN for this field. If VLAN-1 to WAN then select WAN for this field. Other examples are VLAN-1 to VLAN-2. VLAN-1 to WAN. Select Any to filter packets leaving the router from any interfaces. Please te that two identical interfaces are t accepted by the router. e.g., VLAN-1 to VLAN-1. Source IP 1. Required setting 2. By default Any is selected This field is to specify the Source IP address. Select Any to filter packets coming from any IP addresses. Select Specific IP Address to filter packets coming from an IP address. Select IP Range to filter packets coming from a specified range of IP address. Select IP Address-based Group to filter packets coming from a pre-defined group. group must be pre-defined before this option becomes available. Refer to Object Definition > Grouping > Host grouping.
