Billion Electric Company 6404VGP, 6404VP user manual Firewall and Access Control

Page 45
Firewall and Access Control

VoIP/(802.11g) Broadband Firewall Router

Firewall and Access Control

Your router includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet access from your LAN, as well as helping to prevent attacks from hackers. In addition to this, when using NAT, the router acts as a “natural” Internet firewall, as all PCs on your LAN will use private IP addresses that cannot be directly accessed from the Internet.

Firewall: Prevents access from outside your network. The router provides three levels of security support:

NAT natural firewall: This masks LAN users’ IP addresses which is invisible to outside users on the Internet, making it much more difficult for a hacker to target a machine on your network. This natural firewall is on when NAT function is enabled.

When using Virtual Servers your PCs will be exposed to the degree specified in your Virtual Server settings provided the ports specified are opened in your firewall packet filter settings.

Firewall Security and Policy (General Settings): Inbound direction of Packet Filter rules to prevent unauthorized computers or applications accessing your local network from the Internet.

Intrusion Detection: Enable Intrusion Detection to detect, prevent and log malicious attacks.

Access Control: Prevents access from PCs on your local network:

Firewall Security and Policy (General Settings): Outbound direction of Packet Filter rules to prevent unauthorized computers or applications accessing the Internet.

URL Filter: To block PCs on your local network from unwanted websites.

Here are items under the Firewall section: General Settings, Packet Filter, Intrusion Detection, URL Filter, IM/P2P Blocking and Firewall Log.

44

Chapter 4: Configuration

Page 44 Page 46
Image 45
Page 44 Page 46
Contents VoIP/802.11g Broadband Firewall Router BiPAC 6404VP / 6404VGPUser’s Manual Version Release 5.08aTable of Contents QoS Quality of Service Firewall and Access ControlCHAPTER 5 TROUBLESHOOTING VoIP Voice over Internet ProtocolChapter 1 Introduction FeaturesIntroduction to your Router 802.11g Wireless AP with WPA SupportDynamic Host Configuration Protocol DHCP client and server Quality of Service QoSNetwork Address Translation NAT SOHO Firewall Security with DoS and SPIRich Management Interfaces Firmware UpgradeableImportant note for using this router Chapter 2 Installing the RouterPackage Contents Do not use the same power source for this router as other equipmentRJ-45 connector The Front LEDsWireless Router Only RJ-11 connectorPort Power Switch PWR RESET The Rear PortsWAN LAN Phone 1XCabling Chapter 3 Basic Installation Chapter 3 Basic InstallationATA Mode Broadband Router Mode Connecting Your RouterConfiguring PCs in Windows in Window XP 2. Double-click Local Area Connection. See Figure4. Select Internet Protocol TCP/IP and click Properties. See Figure Configuring PCs in Windows 2. Double-click Local Area “LAN” Connection. See Figure4. Select Internet Protocol TCP/IP and click Properties See Figure Configuring PC in Windows 95/98/ME 5. Then select the DNS Configuration tab. See Figure3. Click Properties 2. Select TCP/IP Protocol and click Properties. See Figure Configuring PC in Windows NT4.0Web Interface Username and Password Factory Default SettingsDevice LAN IP settings ISP setting in WAN siteInformation from your ISP DHCP Obtain an IP Address Automatically Static IP Fixed IP AddressPPPoE Configuring with your Web Browser ATA / Router Mode Configuration Chapter 4 ConfigurationSave Config to FLASH StatusStatus Wireless Association Table Wireless Router OnlyARP Table Routing TableRIP Routing Table DHCP TableLeased Table Expired TableVoIP Status Email StatusEvent Log Error LogNAT Sessions DiagnosticUPnP Portmap ATA / Router Mode LAN NAT DHCP Server Device IP WAN System Firewall QoS Virtual Server FunctionsTime Schedule Advanced VoIP RouterLAN Local Area Network ConfigurationEthernet Primary IP AddressIP Alias → Active PC in LAN Ethernet Client Filter Default setting is set to DisableEthernet Client Filter Active PC in LAN displays a list of individual Ethernet device’s IP Address & MAC Address which connecting to the router Parameters Wireless Wireless Router OnlyWireless Distribution System WDS WPA-PSK TKIP / WPA-PSK AES Pre-Shared Key Wireless Security Wireless Router OnlyPage Wireless Client / MAC Address Filter Wireless Router Only Wireless Client Filter Default setting is set to Disable→Associated Wireless Clients DHCP Server Time Zone SystemRemote Access Firmware Upgrade Backup / Restore Restart Router User Management Firewall and Access Control General Settings Packet Filter Table 1 Predefined Port Filter Example Predefined Port Filters RulesApplication ProtocolUDP17 Packet Filter - Add TCP/UDP Filter Packet Filter - Add Raw IP Filter Page Click Add TCP/UDP Filter Click DeleteExample Configuring Packet Filter5. The new port filter rule for HTTP is shown below Block Duration Intrusion DetectionIntrusion Name Table 2 Hacker attack types recognized by the IDSDetect Parameter Ascend KillAlways On URL Filterdropped Instant Message Blocking The default is set to Disabled Peer to Peer Blocking The default is set to DisabledIM / P2P Blocking Log information can be seen in the Status - Event Log after enabling Firewall LogVoIP Broadband Firewall Router VoIP Voice over Internet ProtocolSetting for Phone Port WizardVoice QoS Authentication Username Same as Phone Number User-defined ProfilesNOTE User defined profiles are limited to 8 only SIP Device Parameters Advanced - Parameters How to register to SIP ServerNote ONHOOK means hung up Advanced - PSTN Environment AdjustmentPhone Port Login Account ConfigurationVolume Control For examplesCodec Preference Speed DialPSTN Dial Plan 3 Dial at Timeout PSTN Dial Plan Examples4 Dial at Timeout no Prefix 1 Dial with PrefixVoIP/802.11g Broadband Firewall Router VoIP Dial Plan Prefix Processing Dial Plan Rules ListDescription Dial-Plan ExamplesSpecial Dial Plan Examples ## xxLocalcheap.com is the default VoIP provider I set on phone port 1. When I call out any number start with 1 or 2 or 3 and plus rest of the phone number for local call, 03 is always prepended in front of these number. If 23295 are dialed, 03-2-32935 is the actual phone number called out via localcheap.com provider Mobilecheap.com is the default VoIP provider I set on phone port 2. When I call out 123-39-45678 for a mobile call, 123 is replaced with 09. Therefore, 09-39-45678 is the actual phone number called out via Mobilecheap.com provider Country Specific Ring & Tone Ring & ToneRing Parameters Tone ParametersSpecial Dial Codes OptionFlash-hook Click Clear QoS Quality of ServicePrioritization HighDSCP Mapping Table Table 4 DSCP Mapping TableWireless Router Device Standard DSCPOutbound IP Throttling LAN to WAN Inbound IP Throttling WAN to LAN Connection Diagram VoIP Normal PCs Restricted PCInformation and Settings Example QoS for your NetworkMission-critical application Advanced setting by using IP throttlingVoice application Restricted ApplicationVoIP/802.11g Broadband Firewall Router Virtual Server “Port Forwarding” Internal IP Add Virtual ServerIP Address ExampleEdit DMZ Host Global IP Address Edit One-to-One NAT Network Address TranslationSelect the Apply button to apply your changes Example List of some well-known and registered port numbers Table 5 Well-known and registered PortsPort Number ProtocolTime Schedule Configuration of Time Schedule Click EditEdit a Time Slot Delete a Time SlotManagement and IGMP Static Route AdvancedDynamic DNS Check Email Embedded Web Server 2 Management IP accounts Device ManagementSNMP V1 and Universal Plug and Play UPnPSNMP SNMP Version SNMPv2c and SNMPv3From RFC 1493 Bridge MIB From RFC1650 EtherLike-MIBFrom RFC 1471 PPP/LCP MIB From RFC 1472 PPP/Security MIBSave Configuration to Flash LogoutIGMP Problems starting up the router Chapter 5 TroubleshootingProblems with the LAN Interface ProblemContact Billion WORLDWIDE APPENDIX A Product Support and Contact Information
Top Page Image Contents