![Moxa EDR-810-VPN-2GSFP [113/139] Cross conflict policy x cross conflicts with policy y](/img/pdf.png)
Moxa EDR-810-VPN-2GSFP [113/139] Cross conflict policy x cross conflicts with policy y
![Moxa EDR-810-VPN-2GSFP [113/139] Cross conflict policy x cross conflicts with policy y](/views2/1196160/page113/bg71.png)
Industrial Secure Router User's Manual Firewall
8-9
Include: Policy [X] is included in Policy [Y]
The Source/Destination IP range or Source/Destination port number of policy [X] is less than or equal to policy
[Y], and the action target (Accept/Drop) is the same. In this case policy [X] will increase the loading of the
Industrial Secure Router and lower its performance.
For example, two firewall policies are shown in the following table:
Index Input Output Protocol Source IP Destination IP Target
1 WAN1 LAN All 10.10.10.10 192.168.127.10 ACCEPT
2 WAN2 LAN All 20.20.20.10
to 20.20.20.30
192.168.127.20 ACCEPT
Suppose the user next adds a new policy with the following configuration:
Index Input Output Protocol Source IP Destination IP Target
3 WAN2 LAN All 20.20.20.20 192.168.127.20 ACCEPT
After clicking the PolicyCheck button, the Industrial Secure Router will issue a message informing the user
that policy [3] is included in policy [2] because the IP range of policy [3] is smaller than the IP range of policy
[2], and the Target action is the same.
Cross Conflict: Policy [X] cross conflicts with Policy [Y]
Two firewall policy configurations, such as Source IP, Destination IP, Source port, and Destination port, in
policy [X] and policy [Y] are masked, and the action target (Accept/Drop) is different.
For example, two firewall policies are shown in the following table:
Index Input Output Protocol Source IP Destination IP Target
1 WAN1 LAN All 10.10.10.10 192.168.127.10 ACCEPT
2 WAN2 LAN All 20.20.20.20
to 20.20.20.30
192.168.127.25
ACCEPT
Suppose the user next adds a new policy with the following configuration:
Index Input Output Protocol Source IP Destination IP Target
3 WAN2 LAN All 20.20.20.25 192.168.127.20
to 192.168.127.30
DROP
The source IP range in policy 3 is smaller than policy 2, but the destination IP of policy 2 is smaller than policy
3, and the target actions (Accept/Drop) of these two policies are different. If the user clicks the PolicyCheck
button, the Industrial Secure Router will issue a message informing the user that policy [3] is in Cross Conflict
with policy [2].
Содержание
- Industrial secure router user s manual 1
- Third edition january 2015 1
- Www moxa com product 1
- Copyright notice 2
- Disclaimer 2
- Industrial secure router user s manual 2
- Technical support contact information 2
- Trademarks 2
- Www moxa com support 2
- Table of contents 3
- Introduction 5
- Designed for industrial applications 6
- Features 6
- Industrial networking capability 6
- Industrial secure router user s manual introduction 6
- Overview 6
- Package checklist 6
- Useful utility and remote configuration 6
- Getting started 7
- Industrial secure router user s manual getting started 8
- Rs 232 console configuration 115200 none 8 1 vt100 8
- Industrial secure router user s manual getting started 9
- Login by admin account 9
- Using telnet to access the industrial secure router s console 9
- Industrial secure router user s manual getting started 10
- Using a web browser to configure the industrial secure router 10
- Industrial secure router user s manual getting started 11
- Edr 810 series features and functions 12
- Industrial secure router user s manual edr 810 series features and functions 13
- Quick setting profile 13
- Step 1 define the wan ports and lan ports 13
- Step 2 configure the lan ip address of the edr 810 and the subnet address of the lan ports 13
- Wan routing quick setting 13
- Industrial secure router user s manual edr 810 series features and functions 14
- Step 3 configure the wan port type 14
- Industrial secure router user s manual edr 810 series features and functions 15
- Step 4 enable services 15
- Bridge routing quick setting 16
- Industrial secure router user s manual edr 810 series features and functions 16
- Step 2 configure the bridge lan ip address of the edr 810 and the subnet address of the bridged ports 16
- Step 5 activate the settings 16
- Step1 define the wan port and bridge ports 16
- Industrial secure router user s manual edr 810 series features and functions 17
- Step 3 configure the wan port type 17
- Industrial secure router user s manual edr 810 series features and functions 18
- Industrial secure router user s manual edr 810 series features and functions 19
- Step 4 enable services 19
- System 19
- System information 19
- Industrial secure router user s manual edr 810 series features and functions 20
- User account 20
- Create new account 21
- Industrial secure router user s manual edr 810 series features and functions 21
- Date and time 22
- Delete existing account 22
- Industrial secure router user s manual edr 810 series features and functions 22
- Modify existing account 22
- Daylight saving time 23
- Industrial secure router user s manual edr 810 series features and functions 23
- Industrial secure router user s manual edr 810 series features and functions 24
- System event settings 24
- Warning notification 24
- Industrial secure router user s manual edr 810 series features and functions 25
- Port event settings 25
- Email settings 26
- Industrial secure router user s manual edr 810 series features and functions 26
- Industrial secure router user s manual edr 810 series features and functions 27
- Relay warning status 27
- Syslog server settings 27
- Industrial secure router user s manual edr 810 series features and functions 28
- Settingcheck 28
- Industrial secure router user s manual edr 810 series features and functions 29
- System file update by remote tftp 29
- Industrial secure router user s manual edr 810 series features and functions 30
- System file update by local import export 30
- Industrial secure router user s manual edr 810 series features and functions 31
- Port settings 31
- Reset to factory default 31
- Restart 31
- Industrial secure router user s manual edr 810 series features and functions 32
- Industrial secure router user s manual edr 810 series features and functions 33
- Link aggregation 33
- The port trunking concept 33
- Industrial secure router user s manual edr 810 series features and functions 34
- Port trunking 34
- Trunking status 34
- Port mirror 35
- The vlan concept 35
- Using virtual lan 35
- What is a vlan 35
- Benefits of vlans 36
- Configuring virtual lan 36
- Industrial secure router user s manual edr 810 series features and functions 36
- Managing a vlan 36
- Industrial secure router user s manual edr 810 series features and functions 37
- Q vlan settings 37
- Quick setting panel 37
- Benefits of multicast 38
- Multicast 38
- The concept of multicast filtering 38
- Vlan table 38
- What is an ip multicast 38
- Industrial secure router user s manual edr 810 series features and functions 39
- Multicast filtering 39
- Multicast filtering and moxa s industrial secure routers 39
- Enabling multicast filtering 40
- Igmp multicast filtering 40
- Industrial secure router user s manual edr 810 series features and functions 40
- Static multicast mac 40
- Igmp snooping 41
- Igmp snooping settings 41
- Igmp table 41
- Industrial secure router user s manual edr 810 series features and functions 41
- Industrial secure router user s manual edr 810 series features and functions 42
- Static multicast mac 42
- Stream table 42
- Industrial secure router user s manual edr 810 series features and functions 43
- Qos and rate control 43
- Qos classification 43
- Cos mapping 44
- Industrial secure router user s manual edr 810 series features and functions 44
- Industrial secure router user s manual edr 810 series features and functions 45
- Rate limiting 45
- Tos dscp mapping 45
- Industrial secure router user s manual edr 810 series features and functions 46
- Mac address table 46
- Detailed explanation of dynamic ip type 47
- Industrial secure router user s manual edr 810 series features and functions 47
- Interface 47
- Industrial secure router user s manual edr 810 series features and functions 48
- Detailed explanation of pppoe type 49
- Detailed explanation of static ip type 49
- Industrial secure router user s manual edr 810 series features and functions 49
- Bridge group interface 50
- Industrial secure router user s manual edr 810 series features and functions 50
- Adding ports into the bridge interface 51
- Industrial secure router user s manual edr 810 series features and functions 51
- Modify and activate the bridge group interface 51
- Dhcp server 52
- Dhcp settings 52
- Global settings 52
- Network service 52
- Industrial secure router user s manual edr 810 series features and functions 53
- Static dhcp 53
- Industrial secure router user s manual edr 810 series features and functions 54
- Client list 55
- Industrial secure router user s manual edr 810 series features and functions 55
- Ip port binding 55
- Industrial secure router user s manual edr 810 series features and functions 56
- Snmp settings 56
- Industrial secure router user s manual edr 810 series features and functions 57
- Dynamic dns 58
- Industrial secure router user s manual edr 810 series features and functions 58
- Industrial secure router user s manual edr 810 series features and functions 59
- Security 59
- User interface management 59
- Authentication certificate 60
- Industrial secure router user s manual edr 810 series features and functions 60
- Trusted access 60
- Industrial secure router user s manual edr 810 series features and functions 61
- Interface statistics 61
- Monitor 61
- Radius server settings 61
- Industrial secure router user s manual edr 810 series features and functions 62
- Port statistics 62
- Event log 63
- Industrial secure router user s manual edr 810 series features and functions 63
- Edr g902 g903 series features and functions 64
- Industrial secure router user s manual edr g902 g903 series features and functions 65
- Overview 65
- Configuring basic settings 66
- Industrial secure router user s manual edr g902 g903 series features and functions 66
- System identification 66
- Accessible ip 67
- Industrial secure router user s manual edr g902 g903 series features and functions 67
- Attention 68
- Industrial secure router user s manual edr g902 g903 series features and functions 68
- Password 68
- Industrial secure router user s manual edr g902 g903 series features and functions 69
- Industrial secure router user s manual edr g902 g903 series features and functions 70
- Industrial secure router user s manual edr g902 g903 series features and functions 71
- Settingcheck 71
- Industrial secure router user s manual edr g902 g903 series features and functions 72
- Configuration file 73
- Industrial secure router user s manual edr g902 g903 series features and functions 73
- System file update by local import export 73
- System file update by remote tftp 73
- Industrial secure router user s manual edr g902 g903 series features and functions 74
- Log file 74
- Reset to factory default 74
- Restart 74
- Upgrade firmware 74
- Upload configuration data 74
- Bridge mode 75
- Mode configuration 75
- Network mode 75
- Network settings 75
- Router mode 75
- Detailed explanation of dynamic ip type 76
- Industrial secure router user s manual edr g902 g903 series features and functions 76
- Wan1 configuration 76
- Detailed explanation of static ip type 77
- Industrial secure router user s manual edr g902 g903 series features and functions 77
- Detailed explanation of pppoe type 78
- Industrial secure router user s manual edr g902 g903 series features and functions 78
- Wan2 configuration includes dmz enable 78
- Detailed explanation of dynamic ip type 79
- Industrial secure router user s manual edr g902 g903 series features and functions 79
- Detailed explanation of static ip type 80
- Industrial secure router user s manual edr g902 g903 series features and functions 80
- Detailed explanation of pppoe type 81
- Industrial secure router user s manual edr g902 g903 series features and functions 81
- Industrial secure router user s manual edr g902 g903 series features and functions 82
- Lan interface 82
- Using dmz mode 82
- Communication redundancy 83
- How dual wan backup works 83
- Lan ip configuration 83
- Wan backup edr g903 only 83
- Industrial secure router user s manual edr g902 g903 series features and functions 84
- Wan backup configuration 84
- Industrial secure router user s manual edr g902 g903 series features and functions 85
- Monitor 85
- Monitor by port 85
- Monitor by system 85
- Eventlog 86
- Industrial secure router user s manual edr g902 g903 series features and functions 86
- System log 86
- Industrial secure router user s manual edr g902 g903 series features and functions 87
- Syslog 87
- Routing 88
- Industrial secure router user s manual routing 89
- Rip routing information protocol 89
- Static route 89
- Static routing 89
- Unicast routing 89
- Industrial secure router user s manual routing 90
- Rip routing information protocol 90
- Industrial secure router user s manual routing 91
- Routing table 91
- Network redundancy 92
- Configuring stp rstp 93
- Industrial secure router user s manual network redundancy 93
- Layer 2 redundant protocols edr 810 series only 93
- Industrial secure router user s manual network redundancy 94
- Configuring turbo ring v2 95
- Explanation of current status items 95
- Industrial secure router user s manual network redundancy 95
- Explanation of settings items 96
- Industrial secure router user s manual network redundancy 96
- Industrial secure router user s manual network redundancy 97
- Layer 3 redundant protocols 97
- Vrrp settings 97
- Network address translation 98
- Industrial secure router user s manual network address translation 99
- Nat concept 99
- Network address translation nat 99
- To 1 nat 99
- Industrial secure router user s manual network address translation 100
- Bidirectional 1 to 1 nat 101
- Industrial secure router user s manual network address translation 101
- N to 1 nat 101
- Industrial secure router user s manual network address translation 102
- Industrial secure router user s manual network address translation 103
- Port forward 103
- Industrial secure router user s manual network address translation 104
- Firewall 105
- Industrial secure router user s manual firewall 106
- Policy concept 106
- Policy configuration 106
- Policy overview 106
- Industrial secure router user s manual firewall 107
- Edr g902 g903 108
- Industrial secure router user s manual firewall 108
- Layer 2 policy setup only in bridge mode for 108
- Layer 2 policy setup only in bridge mode for edr g902 g903 108
- Industrial secure router user s manual firewall 109
- Industrial secure router user s manual firewall 110
- Quick automation profile 110
- Industrial secure router user s manual firewall 111
- Industrial secure router user s manual firewall 112
- Mask policy x is masked by policy y 112
- Policy check 112
- Cross conflict policy x cross conflicts with policy y 113
- Include policy x is included in policy y 113
- Industrial secure router user s manual firewall 113
- Industrial secure router user s manual firewall 114
- Modbus policy setup 114
- Modbus tcp policy 114
- Industrial secure router user s manual firewall 115
- Industrial secure router user s manual firewall 116
- Industrial secure router user s manual firewall 117
- Denial of service dos defense 118
- Industrial secure router user s manual firewall 118
- Firewall event log 119
- Industrial secure router user s manual firewall 119
- Industrial secure router user s manual firewall 120
- Virtual private network vpn 121
- Industrial secure router user s manual virtual private network vpn 122
- Ipsec configuration 122
- Overview 122
- Global settings 123
- Industrial secure router user s manual virtual private network vpn 123
- Ipsec advanced setting 123
- Ipsec quick setting 123
- Ipsec settings 123
- Industrial secure router user s manual virtual private network vpn 124
- Tunnel setting 124
- Industrial secure router user s manual virtual private network vpn 125
- Key exchange ipsec phase i 125
- Industrial secure router user s manual virtual private network vpn 126
- Data exchange ipsec phase ii 127
- Dead peer detection 127
- Industrial secure router user s manual virtual private network vpn 127
- Industrial secure router user s manual virtual private network vpn 128
- Ipsec status 128
- X 09 certificate 128
- Certificate generation 129
- Industrial secure router user s manual virtual private network vpn 129
- Certificate setting 130
- Industrial secure router user s manual virtual private network vpn 130
- Industrial secure router user s manual virtual private network vpn 131
- L2tp server layer 2 tunnel protocol 131
- Local certificate upload 131
- Remote certificate upload 131
- Examples for typical vpn applications 132
- L2tp configuration 132
- Site to site ipsec vpn tunnel with pre shared key 132
- Industrial secure router user s manual virtual private network vpn 133
- L2tp for remote user maintenance 133
- Vpn plan 133
- Industrial secure router user s manual virtual private network vpn 134
- Vpn plan 134
- Diagnosis 135
- Industrial secure router user s manual diagnosis 136
- Lldp function overview 136
- Lldp setting 136
- Industrial secure router user s manual diagnosis 137
- Lldt table 137
- Mib groups 138
- Industrial secure router user s manual mib groups 139
Похожие устройства
- Moxa EDR-810-VPN-2GSFP Руководство по использованию командной строки
- Moxa EDR-810-VPN-2GSFP Руководство по аппаратной части
- Moxa EDR-810-VPN-2GSFP Технические характеристики
- Moxa EDR-810-VPN-2GSFP-T Инструкция по эксплуатации
- Moxa EDR-810-VPN-2GSFP-T Руководство по аппаратной части
- Moxa EDR-810-VPN-2GSFP-T Руководство по использованию командной строки
- Moxa EDR-810-VPN-2GSFP-T Технические характеристики
- Moxa PT-7528-12MSC-12TX-4GSFP-HV Инструкция по эксплуатации
- Moxa PT-7528-12MSC-12TX-4GSFP-HV Руководство по аппаратной части
- Moxa PT-7528-12MSC-12TX-4GSFP-HV Руководство по использованию командной строки
- Moxa PT-7528-12MSC-12TX-4GSFP-HV Технические характеристики
- Moxa PT-7528-12MSC-12TX-4GSFP-HV-HV Инструкция по эксплуатации
- Moxa PT-7528-12MSC-12TX-4GSFP-HV-HV Руководство по аппаратной части
- Moxa PT-7528-12MSC-12TX-4GSFP-HV-HV Руководство по использованию командной строки
- Moxa PT-7528-12MSC-12TX-4GSFP-HV-HV Технические характеристики
- Moxa PT-7528-12MSC-12TX-4GSFP-WV Инструкция по эксплуатации
- Moxa PT-7528-12MSC-12TX-4GSFP-WV Руководство по аппаратной части
- Moxa PT-7528-12MSC-12TX-4GSFP-WV Руководство по использованию командной строки
- Moxa PT-7528-12MSC-12TX-4GSFP-WV Технические характеристики
- Moxa PT-7528-12MSC-12TX-4GSFP-WV-WV Инструкция по эксплуатации
Скачать
Случайные обсуждения