RuggedRouter
®
User Guide
• Visit the Firewall Rules sub-menu and assign the following rules.
Gauntlet Actions must have "log to syslog level" set to "<Don't log>":
Action Source zone Destination zone Protocol Src-Port Dst-Port
ACCEPT net fw UDP any 30000
ACCEPT net fw UDP any 30001
Gauntlet net loc any
Gauntlet net fw TCP any any
See also the Note on VRRP, Firewall Rules, and Gauntlet, below.
• Apply the Shorewall configuration.
• Using Webmin, visit the Bootup and Shutdown menu and ensure that
Shorewall is enabled to start at boot. Start Shorewall. Webmin access is now
blocked until secure access through VPC is opened.
Step 2 of 3 – Gauntlet Configuration
• Use rrsetup to define a Gauntlet passphrase, and enable Gauntlet.
Step 3 of 3 - CCC Configuration
• Use CCC to create a network router. Refer to the Gauntlet CCC User
Manual for details or use Help after connecting to the CCC. Use VPC with
an Administrator account to verify access to Webmin. Using the CCC,
authorize users for defined devices behind a router. Use VPC with a user
account to connect to an authorized device. Again, refer to the Gauntlet
VPC User Manual for more details or use VPC Help.
Note on VRRP, Firewall Rules, and Gauntlet
It may be necessary to specify additional firewall rules in order that certain protocols
such as VRRP be accessible to the router without restriction by Gauntlet. If, for
example, the router is configured to be a member of a VRRP Virtual Router Group, it
must be able to accept VRRP communication from its peers. The following firewall
rule must be added after the ACCEPT rules to UDP ports 30000 and 30001 and before
the rules under Gauntlet control:
Action Source zone Destination zone Protocol Src-Port Dst-Port
ACCEPT net fw VRRP
The order of the firewall rules is significant. Any rules that are entered after the
Gauntlet rules may not be processed. Rules inserted before the Gauntlet rules may
compromise the security provided by Gauntlet. Note that exposing any protocol or
networked service has the potential of being a security risk and should not be done
without good reason. Contact RuggedCom support for assistance if you wish to add
other rules to the set recommended here.
Note You must ensure that the firewall is configured and enabled when using the
Gauntlet Security Appliance.
264 RuggedCom
To Next Page
Loading...
Need help?
General
