All NBM/On Server (NSBS)/Off Server services are logically grouped together and listed as services
Falling back to default filters is possible
Clearing all kinds of filters and exceptions on the selected server is easier
All policies are listed in one page
Creation of service-based exceptions is easier
The following sections describe steps to configure filters and exceptions using Easy Filter Configuration to allow specific IP services through the Novell® BorderManager® 3.9 firewall.
To configure filters for Novell BorderManager Services do the following:
Log in to iManager, then select
.From the list, select the server where the filters are to be configured by clicking the icon and then click
.From the
drop-down list, select the public interface of the server where the filters/exceptions are to be configured.To enable the filter for a service, select the corresponding check box under
.You can configure filters and exceptions for the following NBM services:
HTTP and Secure HTTP Proxy
FTP Proxy
DNS Proxy
Mail Proxy
News Proxy
Real Audio Proxy
RTSP Proxy
Transparent Telnet Proxy
NOTE:If you enable exceptions for
proxy with the option, it creates two default filters to deny all incoming and outgoing connections, thus creating exceptions to allow only HTTP and HTTPS traffic.To enable the log for a service, select the corresponding check box, under
.IMPORTANT:When you enable this option, the header of the packet that match the options in the filters or exceptions is logged if you have enabled both global logging status and filters/exception logging status. This is placed in the directory sys:\etc\logs\ippktlog. If you disable the option, the packets that match the options in filters or exceptions are not logged. Datalogging slows down the server’s performance and therefore should be kept on only for a short time.
To enable the stateful filter for a service, select the corresponding check box under
If stateful filtering is enabled in a filter rule, a dynamic filter is also created in the reverse direction. The reverse filter is created with the information such as source IP address, source interface, source port, destination IP address, destination interface, and destination port. This information is stored in a table which is later used to compare against the reply.
Click
. A page listing the filters that were added is displayed.NOTE:Use the List All Firewall Policies option to delete any filter. For more information, see List All Firewall Policies.
All Novell Small Scale Business Suite (NSBS) services are grouped and listed under On-Server Services. On-Server is the server where all the services and firewall are running. You can configure exceptions to the On-Server Services here.
To configure filters and exceptions for On-Server Services, complete the following steps:
Log in to iManager, then select
.From the list, select the server where the filters are to be configured by clicking the icon and then click
.Select the
tab.To enable the filter for a service, select the corresponding check box under
..The On Server services (NSBS) are grouped into five main service headings, under which various services are available:
Mail Messaging Services
Groupwise® Internet Agent
Groupwise Web Access
Groupwise PO Agent
Groupwise Mail Transfer Agent
File Services
iFolder®
Apple* Filing Protocol
Common Internet File System
Network File System
Network Attached Storage Device
Print Services
iPrint
Line Printer Daemons
Novell Distributed Print Services™ (NDPS®)
Network Management
ZENworks® for Desktop 3
ZENworks for Server 2
ZENworks for Server 3.2
Miscellaneous
iManager
WebServer
Remote Debugger
IMPORTANT:When you select enable log, it creates a log where the header of the packet that matches the options in the filters or exceptions is logged. Data logging slows down the server’s performance and you should turn it on only for a short period.
To enable the log for a service, select the corresponding check box, under
.Select the check box under
to enable a stateful filter.Click
.The results page is displayed.
To configure Off-Server service exceptions, complete the following steps:
Log in to iManager, then select
.From the list, select the server where the filters are to be configured by clicking the icon and then click
.Select the
tab.From the
drop-down list select the public interface where the exceptions are to be created.This is either the LAN or WAN interface that connects your server to the Internet or other public network.
To enable the filter for a service, select the corresponding check box under
.Off-Server Services (where firewall and services run on different machines) exceptions are classified into two main categories, under which various services are available.
Proxy Services
HTTP and Secure HTTP Proxy
FTP proxy
Mail Proxy
News Proxy
Real Audio Proxy
RTSP proxy
DNS Proxy
Transparent Telnet Proxy
Other Services
Mail Server
Web Server
FTP Server
DNS Server
To enable the log for a service, select the corresponding check box, under
.Select the check box under
to enable a stateful filter.If stateful filtering is enabled in a filter rule, a dynamic filter is also created in the reverse direction that is defined by the filter rule.
Indicate whether the proxy server is behind or outside the firewall by selecting the respective radio buttons.
Select
if the service is behind the firewall and the traffic to the Internet has to pass through the firewall.If the service exists before the firewall and the traffic coming from the Internet has to pass through the proxy and the firewall, then select
.Specify the server IP address of the proxy where the services are running in the Server IP Address field, then click
.