Avaya FireWall-1 Manual do Utilizador descarregar pdf (Página 44)

Configuring BaySecure FireWall-1

3-4

117384-D Rev 00

Establishing a Static Route

You may need to establish a static route between the router and the management

station before you configure the firewall parameters. By default, FireWall-1 filters

in-bound routing protocol packets from RIP or OSPF. Therefore, if your router

and firewall management station are on different subnets, you will need to

establish a static route on the router, pointing to the management station's subnet;

otherwise, your management station will be unable to communicate with the

router. For information about creating a static route, see Configuring IP, ARP, RIP,

and OSPF Services.

Establishing the Firewall Management Station

The firewall management station is the PC or UNIX workstation where you

installed the FireWall-1 software. You use the firewall management station to

enforce the firewall security policy that you created for the router. If the rules

specify that logging is to occur, the management station also logs all attempted

violations of the security policy. (To define a security policy, see “D

efining a

Firewall Security Policy” on page 3-10. You will also need to consult your Check

Point FireWall-1 documentation.)

Use the BCC to identify the management station to the router. Navigate to the

firewall prompt (for example,

box

;

firewall

) and enter:

primary-log-host

ip_address

is the

address of the primary firewall management station. (To view

the current primary firewall management station, you can issue the

primary-log-host

command without the IP address.)

For example, the following command specifies as the primary firewall

management station the PC or UNIX workstation with the IP address of 2.2.2.2:

firewall#

primary-log-host 2.2.2.2

firewall#:

1 2 ... 39 40 41 42 43 44 45 46 47 48 49 ... 67 68

Sem comentários

Avaya FireWall-1 Manual do Utilizador Página 44