|
|
|
This topic applies to both ViPNet Coordinator and ViPNet Client.
The integrated firewall of ViPNet Coordinator can be easily switched between five pre-defined global security levels.
If the coordinator is acting as a gateway-firewall and/or router, and has more than one network adapter installed, the security level can be defined for each network adapter.
To change the current security level:
in the system tray and select the level from the pop-up menu.Security level options are:
1. Encryption is active. All open traffic is blocked. This is the safest mode. All traffic is encrypted and ViPNet users can only communicate with other ViPNet users (as listed in the Private Network section). Any non-encrypted inbound or outbound traffic, regardless of filters in the Public Network section or the security level of a different network adapter, will be blocked. In addition, you can apply traffic filtering rules for selected ViPNet nodes (see Actions > Access Rules from the menu bar).
2. Encryption is active. Registered traffic is allowed. Any open traffic has to be defined before it is able to pass. This mode allows encrypted connections to other ViPNet nodes (as listed in the Private Network section). Non-encrypted traffic is allowed however if it is defined by a filter in the Public Network section. In addition, you can apply traffic filtering rules for selected ViPNet nodes (see Actions > Access Rules from the menu bar).
3. Encryption is active. Boomerang mode for open traffic. This is the default mode. Internet usage is allowed, however the VPN's integrity is kept upright. This means connections from other sources may only be established if the initial connection request came from the VPN Client. This mode allows you to establish connections to any open LAN or Internet resource (on your initiative). At the same time, connection requests from other addresses or over another port are blocked. VPN connections are provided the same way as the previous levels.
The advanced boomerang mode analyzes incoming information according to several parameters (including IP address, protocol and port).
The standard boomerang mode analyzes incoming traffic by IP address and protocol only.
Filters set up in the Public Network section are applied in boomerang mode by the following principle: If you add a rule for a specific IP address in the Public Network section, the boomerang mode will not be applied to this address.
4. Encryption is active. All open traffic is allowed. The firewall is deactivated, however the connection log is still functioning. This mode is suitable for testing purposes rather than a working environment.
5. Encryption is turned off. All open traffic is allowed. The firewall and ViPNet driver are deactivated and no encryption takes place. No connection log is kept. Note: In this mode a network adapter becomes totally unprotected from possible network attacks.
Note: A connection log file is kept for each security level (except level 5) containing information on blocked and passed IP packets.
ViPNet is intended to analyze IP packets and will pass packets of other protocols (like IPX/SPX, NetBEUI usw) by default. ARP and RARP packets are always passed since they are needed for the successful functioning of the IP protocol.
© 2007 Infotecs