Configuration / Configuring IPv6 firewall rules
Parent topic: Configuring IPv6 firewall rules

Station objects

Using the Station objects button, you define stations that the IPv6 firewall can use in filter rules.

Click on Add to create a new object.

You can set the following properties for the object:

Name
Specifies the name of the object.
Type
Determines the station type. The selection made here determines which of the following table columns (Network name, Local station/Remote site and Address/Prefix) have to be filled out. Possible values:
Named network
Name of a local network, e.g. INTRANET.
  • The only column to be filled out is Network name.
  • If it contains an interface name, then the station consists of all networks on this interface.
  • If you specify a network group, then the station consists of all prefixes under IPv6 addresses with this group.
Peer
Name of a WAN remote site, e.g. INTERNET.
  • The only column to be filled out is Local station/Remote site.
  • It can contain a WAN interface or a RAS template. With a WAN interface it resolves to all prefixes/networks to which a route exists via this WAN interface, and with a RAS template it resolves to all prefixes/networks to which a route exists via a RAS interface from this template.
Network prefix
IPv6 prefix
  • The only column to be filled out is Address/Prefix.
  • It contains an IPv6 prefix, e.g. "2001:db8::/32".
Host identifier or Interface identifier
  • The columns Network name and Address/Prefix both have to be filled out
  • Network name contains a WAN interface or a RAS template.
  • Address/Prefix contains an IPv6 identifier. These are the last 64 bits of the IPv6 address of an IPv6 host, e.g. "::2a0:57ff:fe1b:3a6a". The value must contain two leading colons.
  • This identifier forms an address when combined with all of the networks of the interface Network name or with the networks of the RAS interface from the specified template.
  • Furthermore, a link-local address with this identifier is formed for each of these interfaces.
IP address
  • The only column to be filled out is Address/Prefix.
  • It contains an IPv6 address, e.g. "2001:db8::/1".
Local station
Name of a local IPv6 host or local station.
  • The Local station/Remote site column must be filled out and contains a hostname.
  • The Network name column is optional and can include a LAN interface.
  • The host name is resolved to a host address using the DHCPv6 server or the DNS server in the device.
  • If an interface has been specified, the address is only taken if it can be reached via this interface.
MAC address
This allows rules to be created for resources on the internal network that are identified by their MAC address. In dual-stack networks, this helps with the correlation to IPv4 station objects that are also handled by an IPv4 rule based on their MAC address.
  • The Network name column is optional and can contain the name of a network where the station object is located.
  • The column Address/Prefix contains the MAC address used to identify the object.
Note: In rules, MAC addresses can be a source but not a target.
Delegated prefix
Especially where the provider prefix is dynamic, this allows a rule to be defined for downstream routers or resources.
  • The Network name column is optional and can contain the name of a network where the station object is located. This can be used as a restriction on the local network.
  • The column Local station/Remote site is required and should contain the remote peer from which the delegated prefix is obtained or derived.
  • The column Address/Prefix contains a prefix or address that is linked (OR operator) with the prefix obtained from the provider. If the object should refer to the entire prefix, you can either configure ::/0 or the entry can be left blank. Example: The provider delegates the prefix 2001:db8:1234::/48 to the remote peer INTERNET.
    • To use the subnet abcd, the Address/Prefix has to be configured as the value 0:0:0:abcd::/48.
    • If the address to be used is 2001:db8:0:23::dead:beef/128, then the Address/Prefix can be configured as 0:0:0:23::dead:beef/128.
    • If the entire prefix is to be used, then the Address/Prefix can be configured as ::/0 or the entry can be left blank.
Network name
Here you enter the name of the network if you selected the appropriate option in the Type field.
Local station/Remote site
Here you enter the name of the remote site if you selected the appropriate option in the Type field.
Address/Prefix
Here you enter the address if you selected the appropriate option in the Type field.
Parent topic: Configuring IPv6 firewall rules

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo