Firewall Design 561
Figure 15-5
A Perimeter Router
NOTE
The perimeter router can be referred to as the "front door" router.
Packet-filtering rules or access lists restrict access to network services and applications. If
internal users need access to Internet services, allow all TCP outbound traffic initiated from
inside the customer network, as shown in Figure 15-6.
Figure 15-6
Packet Filtering
Internet
Perimeter router
Internet
Perimeter router
Permit only established
sessions into the customer
network. The PC that is
telnetting is an established
session.
This PC is telnetting to a
device on the Internet
87200333.book Page 561 Wednesday, August 22, 2001 1:41 PM