Package firewall
The XML API OSS interface uses the firewall package to configure stateful firewall on SAR-H platform
to provide highest level of security in the prevention of DoS attacks. The firewall employs a Zone-based design.
The operator can create multiple firewall policies:
- the operator can create Zone Policy by including RuleSet policies to define level of trust and access right.
- the operator can create RuleSet policy to define match requirement and action, then can be added to Zones as
required.
- the operator can create HostGroup policy to define host devices and address spaces in Zones. HostGroup can be
added to RuleSet Policy to specify Source and destination.
- the operator can create ServiceGroup policy to define set of services in the service matching field of the rule.
The operator can put interfaces (Network Interface, SAP, SDP, CPM Interface and Management Access Interface)
that needs to be firewalled in to Zones by specifying ip or ip range.