Billion Electric Company BIPAC-7500G user manual Firewall and Access Control

Page 56
Firewall and Access Control

Billion BIPAC-7500G–802.11g ADSL VPN Firewall Router with 3DES Accelerator

Firewall and Access Control

Your router includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet access from your LAN, as well as helping to prevent attacks from hackers. In addition to this, when using NAT (Network Address Translation. Please see the WAN configuration section for more details on NAT) the router acts as a “natural” Internet firewall, as all PCs on your LAN will use private IP addresses that cannot be directly accessed from the Internet.

Firewall: Prevents access from outside your network. The router provides three levels of security support:

NAT natural firewall: This masks LAN users’ IP addresses which are invisible to outside users on the Internet, making it much more difficult for a hacker to target a machine on your network. This natural firewall is on when NAT function is enabled.

When using Virtual Servers your PCs will be exposed to the degree specified in your Virtual Server settings provided the ports specified are opened in your firewall packet filter settings.

Firewall Security and Policy (General Settings): Inbound direction of Packet Filter rules to prevent unauthorized computers or applications accessing your local network from the Internet.

Intrusion Detection: Enable Intrusion Detection to detect, prevent and log malicious attacks.

Access Control: Prevents access from PCs on your local network:

Firewall Security and Policy (General Settings): Outbound direction of Packet Filter rules to prevent unauthorized computers or applications accessing the Internet.

MAC Filter rules: To prevent unauthorized computers accessing the Internet.

52

Chapter 4: Configuration

Image 56
Contents 802.11g ADSL VPN Firewall Router with 3DES Accelerator User’s Manual Version Release 1.10eBIPAC-7500G Page Table of Contents CHAPTER 2 INSTALLING THE ROUTERCHAPTER 3 BASIC INSTALLATION CHAPTER 4 CONFIGURATIONCHAPTER 5 TROUBLESHOOTING CONTACT INFORMATIONAPPENDIX A PRODUCT SUPPORT AND S AVE C ONFIGURATION TO F LASHFeatures Wireless Ethernet 802.11gFast Ethernet Switch Quick Installation WizardUniversal Plug and Play UPnP and UPnP NAT Traversal Network Address Translation NATFirewall Domain Name System DNS relayDynamic Host Configuration Protocol DHCP client and server Firmware UpgradeableStatic and RIP1/2 Routing Simple Network Management Protocol SNMPBIPAC-7500G ADSL Router Application Figure 1.1 Application DiagramImportant note for using the BIPAC-7500G ADSL Router Chapter 2 Installing the RouterPackage Contents The Front LEDs Meaning1 PWR 2 SYS 3 LAN port 4 LAN port 5 LAN port 6 LAN port 7 WLAN 10 MAIL 11 PPP 13 ADSLRESET PWR Power Switch The Rear PortsPort LINE CONSOLE LANCabling Chapter 3 Basic Installation Connecting your routerConfiguring PCs in Windows For Windows XP2. Double-click Local Area Connection. See Figure 4. Select Internet Protocol TCP/IP and click Properties. See FigureFor Windows Double-click Local Area “LAN” Connection . SeeIn the LAN Area Connection Status window, click Properties . See Figure3. Click Properties 5. Then select the DNS Configuration tab. See FigureFor Windows 98 / ME For Windows NT4.0 2. Select TCP/IP Protocol and click Properties. See3. Select the Obtain an IP address from a DHCP server Figure 3.12 TCP / IPFactory Default Settings Username and PasswordLAN Device IP Settings ISP setting in WAN siteInformation from your ISP PPPoE PPPoA RFC1483 Bridged RFC1483 Routed IPoAConfiguring with your Web Browser Figure 3.14 User namd & Password Prompt WidonwQuick Start Chapter 4 ConfigurationSave Config to FLASH Status ARP TableRIP Routing Table Routing TableRouting Table DHCP Table Leased TableExpired Table Permanent TablePPTP Status IPSec Status L2TP Status Email StatusUPnP Portmap Error LoggingEvent Log Quick Start Click Start to begin scanning for encapsulation types offered by your ISP. If the scan is successful you will then be presented with a list of supported options Configuration LAN Local Area NetworkEthernet LAN, WAN, System, Firewall, VPN, QoS, Virtual Server and AdvancedWireless ESSID BroadcastWireless Security WPA Pre-Shared KeyPage Port Setting DHCP Server the requesting PC in the LAN your Local Area Network WAN Wide Area Network RFC 1483 Routed Connections PPPoE Connections Advanced Options PPPoE Connectiondiscovered the DNS server IP address, it automatically gives the address to the local DNS relay so that a connection can be established RFC 1483 Bridged Connections All Ip PppoePPPoA Routed Connections Advanced Options PPPoA Chapter 4 Configuration IPoA Routed Connections Page ADSL System Time ZoneRemote Access Firmware Upgrade Backup / Restore Restart Router User Management Firewall and Access Control URL Filter To block PCs on your local network from unwanted websites General Settings Packet Filter Port Filters Table 1 Pre-defined Port FilterAddress Filters Configuring Packet Filter Click Port FiltersClick Delete 4. Click Add TCP FilterClick Add TCP Filter Input HTTP port number Select “Allow”HTTP inbound & outbound application Intrusion Detection Block DurationTable 2 Hacker attack types recognized by the IDS Intrusion Name Detect Parameter BlacklistType of Block Duration Drop PacketMAC Address Filter URL Filter Restrict URL Features Firewall Log Log information can be seen in the Status - Event Log after enablingVPN Virtual Private Networks PPTPRemote Access PPTP Connection Click Apply after changing settings LAN to LAN PPTP Connection Click Apply after changing settings IPSec Click Create to configure a new IPSec VPN connectionConfigure a new VPN Connection LocalRemote ProposalMD5 A one-way hashing algorithm that produces a 128−bit hash Advanced Option L2TP Remote Access L2TP Connection MD5 A one-way hashing algorithm that produces a 128−bit hash LAN to LAN L2TP Connection IPSec Enable for enhancing your LT2P VPN security Example Configuring a Remote Access PPTP VPN Dial-in Connection Configuring PPTP VPN in the OfficeFunction DescriptionKey Length Mode Idle Time Auto statefulExample Configuring a Remote Access PPTP VPN Dial-out Connection Configuring the PPTP VPN in the OfficeMode Idle Time statefulExample Configuring a LAN-to-LAN PPTP VPN Connection Configuring PPTP VPN in the Head Office Configuring PPTP VPN in the Branch Office Example Configuring a IPSec LAN-to-LAN PPTP VPN Connection Table 3 Network Configuration and Security Plan192.168.0.0/24 69.1.121.30 192.168.1.0/24 69.1.121.3 12345678 Tunnel mode ESPMD5 with AESWAN side Configuring IPSec VPN in the Head OfficeIP address of the head office router in Configuring IPSec VPN in the Branch Office QoS Quality of Service Prioritization HighIP Throttling Port Number Protocol Virtual Server “Port Forwarding”Table 4 Well-know and registered Ports POP3 Post Office Protocol Version TCP or UDP, however you can specify other protocols using the drop-down Protocol menu. Setting the protocol to “all” will cause all incoming connection attempts using all protocols on all port numbers to be forwarded to the specified IP address Advanced Static RoutingDynamic DNS Check Emails Device Management Embedded Web ServerSNMP Universal Plug and Play UPnPSNMP V1 and SNMP Version SNMPv2c and SNMPv3 From RFC 1213 MIB-IIFrom RFC1650 EtherLike-MIB From RFC 1493 Bridge MIBFrom RFC 1472 PPP/Security MIB From RFC 1473 PPP/IP MIBFrom RFC 1474 PPP/Bridge MIB From RFC1573 IfMIBSave Configuration to Flash Logout Chapter 5 Troubleshooting Problems starting up the routerProblems with the WAN Interface ProblemCan’t ping any PCs on the LAN Problems with the LAN InterfaceFrequent loss of ADSL linesync disconnections WORLDWIDE APPENDIX A Product Support and Contact InformationContact Billion AUSTRALIA