Note: The Firewall feature is not applicable to MCD for Industry Standard Servers (ISS).
For security, the CXi and MXe can function as a firewall, dropping or rejecting unknown packets, allowing or disallowing IPSec A standard security protocol that provides authentication and encryption over the Internet. IPSec is used predominantly in the construction of Virtual Private Networks. and PPTP PPTP or Point to Point Tunneling Protocol encapsulates data sent over the Internet within a virtual private network (VPN). pass-through, and performing many-to-1 NAT See Network Address Translation (NAT) For a computer to communicate with other computers and Web servers on the Internet, it must have an IP address. An IP address is a unique 32-bit number that identifies the location of your computer on a network. An IP address is similar to a street address in that it is means to find out exactly where you are and deliver information to you. Network Address Translation allows a single device, such as a router, to act as an agent between the Internet (or "public network") and a local (or "private") network. This means that only a single, unique IP address is required to represent an entire group of computers. (IP masquerading).
By default, all inbound traffic is blocked by the firewall with the exception of packets for establishing PPTP VPN See Virtual Private Network (VPN) A VPN is a secure way to communicate through a dedicated server to a corporate network over the Internet. The VPN overlays a private network on top of the public Internet network. While the Internet transfers traffic based on router hops, going from one router to the next between the source and destination, the VPN uses VPN gateways as its "hops." This makes the multiple Internet routers disappear and the VPN gateways appear to be logically adjacent, which simplifies the network topology and makes it possible to create a private network. In this way, private data can be sent across the Internet through VPN gateways, which encapsulate the data to maintain its privacy. Tunnels are set up for the exclusive transport of this data between pairs of gateways. Because an organisation can forward traffic through these tunnels with internal IP addresses, they also enable enterprises to connect remote offices and remote workers without having to reconfigure their IP addresses or pay for globally-unique IP addresses that are required for Internet transmission. Until fairly recently, companies have extended their networks to other sites through the use of leased lines to maintain a wide area network (WAN). Leased lines, like ISDN (integrated services digital network) provided a company with a way to expand its private network beyond its immediate geographic area. A WAN had obvious advantages over a public network like the Internet when it came to reliability, performance and security. But maintaining a WAN, particularly when using leased lines, can be quite expensive and often rises in cost as the distance between the offices increases. As the popularity of the Internet grew, businesses turned to it as a means of extending their own networks. First came intranets, which are password-protected sites designed for use only by company employees. Now, many companies are creating their own VPN (virtual private network) to accommodate the needs of remote employees and distant offices. VPNs address the security risks of leveraging a public network through the use of the IP Security Protocol (IPSec). This protocol provides security services for encrypting and authenticating the data. IPSec encryption encrypts the traffic, so even if the data is intercepted or delivered to the wrong destination, it is still safeguarded, since only the intended recipient can decrypt it. IPSec authentication prevents traffic manipulation as well as unintentional or malicious insertions into the data payload along the network path. This solves many of the security problems associated with the traditional leased and circuit-switchedlines. tunnels and ICMP ICMP or Internet Control Message Protocol is a protocol that generates error messages, test packets, and informational messages related to IP. requests to the IP address of the WAN interface.
Firewall protection is provided on the WAN (Internet Gateway) port only.
Complete the Firewall Control form.
(Optional) Program the Port Forward Table form to allow external traffic to reach resources on the internal network.
None.