Neoware Neoware c50 - Thin Client User manual
Neoware Firewall
USER MANUAL
© 2006 by Neoware, Inc.
3200 Horizon Drive,
King of Prussia, PA 19406 USA
Tel.: +1-610-277-8300
Fax: +1-610-771-4200
Email: [email protected]
Web: http://www.neoware.com
This manual is copyrighted by Neoware, Inc. All rights are reserved. This document may not, in
whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronic
medium or machine-readable form without prior consent, in writing, from Neoware, Inc.
Neoware is a trademark of Neoware, Inc. Other trademarks used in this manual are the property of
their respective owners.
Disclaimer: The information provided in this manual is intended for instructional purposes only
and is subject to change without notice. Neoware, Inc. accepts no responsibility or liability for
errors, omissions, or misleading information that may be contained in this manual.
April 2006
iii
Neoware Firewall User Manual
Table of Contents
CHAPTER 1
Introduction & Installation 1
What is Neoware Firewall? 1
Neoware Firewall & Windows Firewall 1
Installation Procedure 2
CHAPTER 2
Configuring Neoware Firewall 3
Introduction 3
Starting the Configuration Utility 4
Currently Defined Firewall Filters 5
Changing the Filter Assignment 6
Editing a Filter 6
Removing a Filter 6
Adding a New Filter 7
Defining Filter Rules 7
Saving & Applying the Firewall Configuration 9
CHAPTER 3
Exporting a Neoware Firewall
Configuration 11
Introduction 11
Exporting the Firewall Configuration File 11
Table of Contents
iv
Exporting Displayed Data 12
APPENDIX A
Default Neoware Firewall Rules 15
Index 23
1
Neoware Firewall User Manual
CHAPTER 1 Introduction &
Installation
This chapter introduces Neoware Firewall and describes the
installation procedure.
What is Neoware Firewall?
Neoware Firewall is a utility to assist in the configuration of IP
security policies to protect your thin client by establishing a local
firewall. This powerful utility can be used to create static ingress
and egress rules by port, protocol, source, and destination.
Neoware Firewall provides a user-friendly interface for easy con-
figuration of the firewall. It also provides a set of predefined secu-
rity rules and an export option to clone a customized configuration
to other thin clients.
Neoware Firewall & Windows Firewall
Microsoft Windows Firewall may also be included with XPe thin
clients in addition to Neoware Firewall. Note that Microsoft Win-
dows Firewall only handles inbound traffic, whereas Neoware
Firewall handles both inbound and outbound traffic.
If Microsoft Windows Firewall is included, it may be enabled by
default. The Administrator can decide whether the Windows Fire-
wall should be left turned on, or to only rely on Neoware Firewall
once it is configured and enabled. Note that Neoware Firewall does
Introduction & Installation
2 Installation Procedure
not require the Windows Firewall, and Neoware Firewall can func-
tionally replace the Windows Firewall for incoming traffic.
Installation Procedure
Neoware thin clients may have Neoware Firewall already installed.
If you need to re-install it, the standard snap-in installation proce-
dure applies. This snap-in is available on the Neoware web site.
After installation you will find a shortcut in the Start menu named
Neoware Firewall Configuration Utility.
3
Neoware Firewall User Manual
CHAPTER 2 Configuring Neoware
Firewall
This chapter describes how to configure Neoware Firewall to
provide the level of protection required for your thin client.
Introduction
Neoware Firewall is disabled by default. If you are using ezUpdate
and have configured your FTP server to use passive data connec-
tions, you will need to configure Neoware Firewall for passive FTP
before enabling it. Since passive FTP servers may be configured to
use a range of ports anywhere between 1024 and 65535, there is no
way of pre-configuring these ports in Neoware Firewall without
making the firewall essentially ineffective. Enabling Neoware Fire-
wall without configuring it for passive FTP will make ezUpdate
fail for those networks using passive FTP.
Configuring Neoware Firewall
4 Starting the Configuration Utility
Starting the Configuration Utility
Neoware Firewall is configured using a utility that is accessed from
the Start menu. To run the utility, select Start > All Programs >
Neoware Firewall Configuration Utility.
The utility will display an introductory screen then a dialog listing
all the currently defined firewall filters.
Configuring Neoware Firewall
Currently Defined Firewall Filters 5
Currently Defined Firewall Filters
The main dialog of the Neoware Firewall configuration utility shows
a list of all the currently defined firewall filters, together with some
descriptive information.
Neoware Firewall provides a default set of predefined firewall filters
so that you can use the firewall immediately. For a list of all the pre-
defined filters and their functions, refer to the appendix “Default
Neoware Firewall Rules” on page 15
The list of firewall filters includes the following information:
Assign A check box indicating the status of the filter
(assigned or unassigned).
Filter Name The name of the firewall filter.
Action Indicates whether the filter Blocks or Permits data
flow.
Description Provides a description of what the filter does.
Configuring Neoware Firewall
6 Currently Defined Firewall Filters
Changing the Filter
Assignment
To change the assignment of a filter:
1Click the check box next to any of the listed filters to change its
status (assigned or unassigned).
2Click the Save button to make the changed setting take immedi-
ate effect.
Editing a Filter To edit a currently defined filter:
1Select the filter to edit by clicking on the filter line in the list of
defined filters.
2Click the Edit button to display the Filter Properties dialog.
This is almost the same as the Add a Filter dialog (which is
described in the section “Adding a New Filter” on page 7),
except that you cannot change the filter’s name or description.
Removing a Filter To remove a filter:
1Select the filter to remove by clicking on the filter line in the list
of defined filters.
2Click the Remove button.
3Click the Save button to make the change take effect.
Configuring Neoware Firewall
Adding a New Filter 7
Adding a New Filter
To add a new firewall filter, click the Add button to display the Add
a Filter dialog.
This dialog enables you to enter all the necessary information for
your filter.
You must enter a name for your filter in the Filter Name field, and
specify the Filter Action by selecting either Permit traffic or Block
traffic.
You can enter a Description for this new filter so that you can
quickly discover what it does.
Defining Filter Rules You must define the Rules used by the filter. Rules include proto-
cols, ports, and source/destination addresses.
Important: Rules are applied from most specific to least specific.
For example, a rule to "permit TCP port 21" would be applied over
a rule to "block all TCP packets". For the firewall to function prop-
erly, the first rules written should block all inbound and outbound
traffic, then individual rules should be written to permit necessary
traffic.
Configuring Neoware Firewall
8 Adding a New Filter
To add a rule, click the Add button (in the Add a Filter dialog) to
display the Add a Rule dialog.
In this dialog, enter a Rule Name, provide a Description, and spec-
ify the rule details.
After adding a rule, click OK to save the current settings to that rule.
Configuring Neoware Firewall
Saving & Applying the Firewall Configuration 9
Saving & Applying the Firewall Configuration
When you have finished making changes to the firewall configura-
tion, click the Save button in the main Neoware Firewall Configu-
ration Utility dialog to save the settings and make the new security
policy take effect. A message will be displayed indicating that the
firewall policy has been assigned.
Your configuration is now active.
Configuring Neoware Firewall
10 Saving & Applying the Firewall Configuration
11
Neoware Firewall User Manual
CHAPTER 3
Exporting a Neoware
Firewall Configuration
This chapter describes how to export a Neoware Firewall configu-
ration to other thin clients.
Introduction
Once you have defined and saved your security policy configura-
tion, you may also want to apply the same configuration to other
thin clients. This can be achieved very easily and quickly.
Exporting the Firewall Configuration File
To export your current firewall configuration, simply click the
Export button in the main Neoware Firewall Configuration Util-
ity dialog.
Exporting a Neoware Firewall Configuration
12 Exporting Displayed Data
A dialog will be displayed asking you to specify a name and destina-
tion directory for the export (IP Security Template) file.
Clicking Save will create an executable batch file which you can
send to other thin clients, either manually or by using Neoware’s
ezRemote Manager.
Exporting Displayed Data
The Neoware Firewall Configuration Utility saves the display data
and export configuration separately. If you want to copy the display
data to other thin clients as well as the export file, you need to do the
following:
1In the Neoware Firewall Configuration Utility dialog, click
the Save button to save the current configuration.
2Click Export to save the firewall configuration as a batch file.
3Locate the file MFWC.DAT in the Neoware Firewall program
directory (default: C:\Program Files\Neoware Firewall Con-
figuration Utility).
Exporting a Neoware Firewall Configuration
Exporting Displayed Data 13
4Apply the exported template batch file on the target thin client.
5Overwrite the MFWC.DAT file on the target thin client with
the MFWC.DAT file from the source of the exported batch file.
Exporting a Neoware Firewall Configuration
14 Exporting Displayed Data
15
Neoware Firewall User Manual
APPENDIX A Default Neoware
Firewall Rules
This appendix lists and describes the default set of rules provided
with Neoware Firewall.
This appendix describes all the standard filters provided with
Neoware Firewall, and their default settings. Each filter description
includes the rules and settings associated with them.
All Inbound Traffic
Assigned: No
Action: Block
Blocks all inbound traffic.
Rule Name: Inbound
Any protocol, any source port, any destination port, source address
any IP address, destination address my IP address, not mirrored.
All Outbound Traffic
Assigned: No
Action: Block
Blocks all outbound traffic.
Rule Name: Outbound
Any protocol, any source port, any destination port, source address
my IP address, destination address any IP address, not mirrored.
Default Neoware Firewall Rules
16
Applications \ System
Assigned: Yes
Action: Permit
Ports required for specific applications and services.
Rule Name: BootPS\DHCP
Allows DHCP requests/renewals. UDP protocol, any source port,
destination port 67, source address my IP address, destination
address any IP address, mirrored.
Rule Name: DNS (TCP)
Allows connections to DNS servers via TCP. TCP protocol, any
source port, destination port 53, source address my IP address, desti-
nation address any IP address, mirrored.
Rule Name: DNS (UDP)
Allows connections to DNS servers via UDP. UDP protocol, any
source port, destination port 53, source address my IP address, desti-
nation address any IP address, mirrored.
Rule Name: FTP
Allows connections to FTP servers. TCP protocol, any source port,
destination port 21, source address my IP address, destination
address any IP address, mirrored.
Rule Name: FTP Data
Allows file transfers with FTP servers. TCP protocol, any source
port, destination port 20, source address my IP address, destination
address any IP address, mirrored.
Rule Name: HTTP
Allows connections to Web servers. TCP protocol, any source port,
destination port 80, source address my IP address, destination
address any IP address, mirrored.
Rule Name: HTTPS
Allows secure connections to Web servers. TCP protocol, any
source port, destination port 443, source address my IP address, des-
tination address any IP address, mirrored.
Other manuals for Neoware c50 - Thin Client
9
This manual suits for next models
5
Table of contents
Popular Firewall manuals by other brands
Forcepoint
Forcepoint 3201 Hardware guide
ZyXEL Communications
ZyXEL Communications ZyXEL ZyWALL 5 quick start guide
NETGEAR
NETGEAR FVG318 - ProSafe 802.11g Wireless VPN Firewall 8... installation guide
Arxceo
Arxceo ALLY IP1000 user guide
IBASE Technology
IBASE Technology FWA8600 user manual
NETGEAR
NETGEAR FVG318 - ProSafe 802.11g Wireless VPN Firewall 8... Reference manual
