| Configuring the Firewall for RIPs and SAP Contents |
|
The RIP/SAP Firewall table allows you to limit the contents of IPX RIP and SAP packets using the XR command. By adding entries to the RIP/SAP Firewall table or editing existing entries, only named servers and their associated networks can be learned by the unit. This table limits only the transmission of RIP/SAP information whereas the XF Firewall table limits the transmission of all IPX packets. |
 |
When you enter CO RO XR at the command prompt, the screen shown in Figure 7-18 is displayed. This shows the RIP and SAP firewall entries that have been configured. |
|
The XR Firewall table provides a simple and convenient way of limiting the unit to bridging or routing to a defined number of servers. Although it prevents a client from seeing a remote server, for real firewall security is still necessary to filter IPX packets by adding the appropriate entries in the IPX Firewall table. This can be done automatically by executing the XF Firewall command before adding an entry to the XR table. |
|
| After configuring a list of sources or destinations that are to be allowed access it is necessary to add an entry that denies access to all other sources or destinations. Conversely, after configuring a list of sources or destinations that are to be denied access it is necessary to add an entry that allows access to all other sources or destinations. |
|
| Figure 7-18 |  RIP/SAP Firewall Entry screen |
| The fields in this table show the following: |
|
| Description The name of the Novell server. |
|
| Ext Net The external network number. |
|
| Int Net The Internal network number. |
|
| The options available from this screen are: |
|
| Add Adds an RIP/SAP Firewall entry. |
|
| Assoc Associates an entry with a network. |
|
| Edit Allows you to change the configuration of an entry. |
|
| Delete Removes an entry from the RIP/SAP Firewall table. |
|
| XF Automatically adds the entries made in the RIP/SAP Firewall table to the IPX Firewall table. |
|
| Example |
|
| Using the network shown in Figure 7-19, we can show how a RIP/SAP firewall can be configured. Router A receives packets from router B containing information about all of the servers S1, S2, S3 to S1000 and RIP packets containing information about all the networks connected to network2 including network2 itself. This is also true for the routers C, D and E. If all this information was passed across the ISDN links, the autocall tables and the RIP/SAP tables would quickly become unmanageably large. If you only need to connect to a single server, for example S3 on network2, you can add an XR firewall as described below. |
|
First, add a server entry (using the ADD command) called S3, external network2, internal network2i and server S3. You must then associate it with network1, external network1. The autocall table learns networks 2 and 2i and server S3. The RIP table learns 2 and 2i and the SAP table learns only S3. Information about all other networks is not passed to network1 |
|
| Figure 7-19 | XR Firewalling Example |
| Adding an Entry |
|
To add an entry to the RIP and SAP Firewall table, enter ADD at the command prompt to display the screen shown in Figure 7-20. |
|
| Figure 7-20 | Adding a RIP/SAP Firewall Entry |
| The fields in this screen are: |
|
| Server Name Enter the IPX server name to which you want to be able to connect. |
|
| External network Enter the Novell external network number for the remote network. |
|
| Internal network Enter the Novell internal network number for the remote network. |
|
| IPX Firewall The field indicates whether the IPX Firewall table is automatically updated by this entry. XF Firewall configuration must be enabled before the entry is added. See "IPX Firewall Configuration" below. |
|
| Associating a Server/Network |
|
If you are routing, you must associate a client network with the server with which it needs to communicate. Enter AS at the command prompt to display the screen shown in Figure 7-21. Routing must be enabled before the AS command can be used. See "Setting Router Options". |
|
| Figure 7-21 | Associating a RIP/SAP Firewall Entry |
| The fields in this screen are: |
|
| Server Name Enter the server name to which you want to connect. |
|
| Client Name Enter the name of the client network. |
|
| Client Network Enter the external network number of the client network. |
|
| IPX Firewall The field indicates whether the IPX Firewall table is automatically updated by this entry. XF Firewall configuration must be enabled before the entry is added. See "IPX Firewall Configuration" below. |
|
| Editing an Entry |
|
To edit an entry in the table, highlight the entry to be edited and enter ED at the command prompt. A screen similar to the one shown in Figure 7-21 is displayed. Make any changes required and press [CTRL]+[E] to submit the changes. Enter SAVE at the command prompt to make the changes permanent. |
|
| Deleting an Entry |
|
To delete an entry, highlight the entry to be deleted and enter DEL at the command prompt. The entry is removed. Enter SAVE at the command prompt to make the change permanent. |
|
| IPX Firewall Configuration |
|
If you want an entry to automatically update the IPX Firewall table, enter XF at the command prompt to enable automatic IPX Firewall configuration. To disable automatic configuration, enter XF at the command prompt again. This command must be applied before you add or edit an entry in the table. |
|
|
![[previous]](../../../graphics/prev.gif) |
 |
![[next]](../../../graphics/next.gif) |