Below is an example of how to enable firewall on the Allied Telesyn 410S
- FIREWALL configuration
enable firewall
create firewall policy="fire"
enable firewall policy="fire" option=all
enable firewall policy="fire" icmp_f=all
add firewall policy="fire" int=vlan1 type=private
add firewall policy="fire" int=eth0 type=private
add firewall policy="fire" int=ppp0 type=public
add firewall poli="fire" nat=enhanced int=vlan1-0 gblin=ppp0-1 gblip=167.131.231.2
add firewall poli="fire" nat=enhanced int=eth0-0 gblin=ppp0-1 gblip=167.131.231.2
add firewall poli="fire" ru=3 ac=nat int=ppp0-0 prot=tcp po=23 ip=192.168.0.2 gblip=167.131.255.206 gblp=23
Never enable the firewall until you have entered your remote access statement for telnet or you will be locked out of the device. You must start by defining the policy. This one is called "fire". Line 4 of the config allow pinging to the box. Lines 5-7 define zones for the firewall to watch. Private is considered protected. Traffic is inspected from Public to Private. The private interfaces may talk freely if the routes are known. The lines 8-9 inform the router to use Dynamic NAT for all outbound traffic to pass from the private to the public side of the router like when a user is surfing the web. The last line allows remote access to the device for future configurations. The last step is to enable the firewall with the line 1 statement.
