Packet Filtering Using Novell iManager

Novell^® BorderManager^® 3.8 comes with a Packet Filtering Configuration Task based on Novell iManager for configuring TCP/IP filters. The Novell BorderManager Access Management Role and Packet Filtering Configuration Task is automatically plugged into Novell iManager during Novell BorderManager 3.8 installation.

For more details regarding filter configuration see AppNotes on Filter Configuration.

Make sure that Novell iManager is up and working on the NetWare^® or Windows machine. For more information refer to Installing iManager 2.0.1 Snap-Ins .

To log in to Novell iManager:

1. In Internet Explorer go to https://<ipaddress>/nps/iManager.html or use https://<DNS>/nps/iManager.html

2. Log in to Novell iManager to use the Packet Filtering Configuration Task.

3. When you log in to Novell iManager, you can see the role of NBM Access Management on the left pane. Click NBM Access Management to see the Filter Configuration task.

4. Click the Filter Configuration task to see the NBM Server Selection option.

5. Select the Novell BorderManager 3.8 server.

To set up the Packet Filtering Configuration Task, refer to Packet Filtering Using Novell iManager.

To ensure that the configured filters are active, check to see that you have enabled filter support using INETCFG.

After you have reached the filter configuration task, the following seven types of configuration can be seen:

• Configure Packet Forwarding Filter
• Configure Service Type
• Configure Incoming RIP Filter
• Configure Outgoing RIP Filter
• Configure Incoming EGP Filter
• Configure Outgoing EGP Filter
• Configure OSPF Filter

Figure 13
Configuration Menu

The global logging status for all filter types can be enabled or disabled from the configuration menu.

Select any one of the following for configuration:

• Configuring Packet Forwarding Filter: TCP/IP Packet Forwarding Filters allow the router to selectively filter packets based on their packet type, source, and destination.

• Configuring Service Type: Service Type includes the System and User defined packet types used for configuring Packet Forwarding filters.

• Routing Information Protocol (RIP) Filter: RIP filters are used to control the propagation of routing information by this router. They provide a low level of security by hiding the existence of specific IP networks from other routers. There are two types of routing filters, incoming and outgoing.

  Incoming RIP filters restrict the acceptance of routing information from the adjacent routers.

  Outgoing RIP filters restrict the routing information advertised by the router to its adjacent routers.

• EGP Filter: The routes that the router can share with the EGP peers are defined with EGP filters. There are two types of EGP filters: Incoming and Outgoing.

  Incoming EGP filters restrict what routes can be accepted from an EGP peer.

  Outgoing EGP filters restrict what routes learned from RIP, OSPF, or static routes can be propagated to EGP peers.

• Configuring OSPF Filter: The router can use OSPF to exchange routing information within its Autonomous System. OSPF External Route Filters define the route and the source of the source of the route that will be propagated into the OSPF domain.

Select an operation from the list and click Next to continue.

Click Done if you want to save changes to IP logging and exit Filter Configuration.

Click Cancel to exit Filter Configuration.

The next three sections contain information about configuring filter types:

• Configuring the Packet Forwarding Filter
• Configuring the Service Type
• Configuring an Incoming RIP Filter