Adding an Inbound and Outbound Firewall

In this scenario, Acme Company is running TCP/IP and the Internetwork Packet Exchange^TM (IPX^TM) protocol on the network. Acme wants to use Novell® BorderManager^TM as both an inbound and an outbound firewall. Acme wants to be able to do the following:

• Add a firewall to secure the network
• Allow outbound and inbound Simple Mail Transfer Protocol (SMTP) e-mail
• Allow outbound and inbound DNS information
• Allow public users from the Internet to view only the Web server on the intranet
• Allow internal users on the intranet to access the Internet

The following BorderManager components are used to implement this scenario, as shown in Figure 29:

• Packet filtering
• Proxy Services Transparent HTTP proxy application
• Access control

Figure 29
Inbound and Outbound Firewall

To implement BorderManager as a firewall on the network, Acme Company must perform the following general sequence of steps:

1. Install BorderManager and enable packet filtering on public interfaces during the installation.

   For more information and BorderManager installation procedures, refer to the Novell BorderManager installation documentation.

2. Using FILTCFG, do the following:
   • Specify filter exceptions for the SMTP server. Allow outbound SMTP requests and inbound SMTP responses.
   • Specify filter exceptions for an external DNS server. Allow outbound DNS requests and inbound DNS responses.
   • Specify filter exceptions for the Web server. Allow inbound HTTP requests or responses destined for the Web server's IP address and allow outbound HTTP requests or responses coming from the Web server's IP address.

   For more information and packet filtering configuration procedures, refer to the packet filtering online documentation.

3. Using NetWare^® Administrator, BorderManager Services page, enable and configure the Transparent proxy application on the BorderManager server.

   For more information and configuration procedures, refer to the proxy services online documentation.

4. (Optional) Using NetWare Administrator, BorderManager Services page, enable and configure the HTTP reverse, or acceleration, proxy to enhance performance.

   For more information and configuration procedures, refer to the Proxy Services online documentation.

5. (Optional) Using NetWare Administrator, enable and configure access control rules for the intranet users.

   For more information and configuration procedures, refer to the access control online documentation.