Adding an Inbound and Outbound Firewall

In this scenario, Acme Company is running TCP/IP and the Internetwork Packet Exchange^TM (IPX^TM) protocol on the network. Acme wants to use Novell BorderManager 3.8 as both an inbound and an outbound firewall. Acme wants to do the following:

• Add a firewall to secure the network
• Allow outbound and inbound Simple Mail Transfer Protocol (SMTP) e-mail
• Allow outbound and inbound DNS information
• Allow public users from the Internet to view only the Web server on the intranet
• Allow internal users on the intranet to access the Internet

The following Novell BorderManager 3.8 components are used to implement this scenario, as shown in the following figure:

• Packet filtering
• Proxy Services Transparent HTTP proxy application
• Access control

Figure 24
Inbound and Outbound Firewall

To implement Novell BorderManager 3.8 as a firewall on the network, Acme Company must perform the following general sequence of steps:

1. Install Novell BorderManager 3.8 and enable packet filtering on public interfaces during the installation.

   For more information and for Novell BorderManager 3.8 installation procedures, refer to the Novell Novell BorderManager 3.8 installation documentation.

2. Use FILTCFG to do the following:
   • Specify filter exceptions for the SMTP server. Allow outbound SMTP requests and inbound SMTP responses.
   • Specify filter exceptions for an external DNS server. Allow outbound DNS requests and inbound DNS responses.
   • Specify filter exceptions for the Web server. Allow inbound HTTP requests or responses destined for the Web server's IP address and allow outbound HTTP requests or responses coming from the Web server's IP address.

   For more information and for packet filtering configuration procedures, refer to the packet filtering online documentation.

3. Use the Novell BorderManager 3.8 Services page in NetWare^® Administrator to enable and configure the Transparent proxy application on the Novell BorderManager 3.8 server.

   For more information and for configuration procedures, refer to the proxy services online documentation.

4. (Optional) Use the Novell BorderManager 3.8 Services page in NetWare Administrator to enable and configure the HTTP reverse, or acceleration, proxy to enhance performance.

   For more information and for configuration procedures, refer to the Proxy Services online documentation.

5. (Optional) Use NetWare Administrator to enable and configure access control rules for the intranet users.

   For more information and for configuration procedures, refer to the access control online documentation.