Use the interface harden command to enable hardening for this WAN interface.Use the no form of this command to disable hardening for this WAN interface.
<interface name> WAN hardening is an option that provides additional protection against unsafe connections from remote sites. When WAN hardening is enabled, only traffic arriving from a Silver Peak IPsec tunnels is allowed to enter.When Silver Peak appliances are deployed in Router Mode, you have the option of hardening any WAN–side interface. This means:
n For traffic inbound from the WAN, the appliance only accepts encapsulated traffic arriving from another Silver Peak appliance, via an IPsec tunnel. All other connections are rejected.
n
n Any data from the internet that gets backhauled via a Silver Peak IPSec tunnel will reach its destination at the hardened sites. This allows for integration with other security tools, such as firewalls, at the data center.
n Data sourced directly from the internet, or any other connection that doesn’t flow through a Silver Peak IPsec tunnel, is discarded when it hits the hardened interface. Only data from authenticated Silver Peak IPsec tunnels is allowed to pass across a hardened interface.
Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com. |