NetComm NB712 manual Firewall

Page 8

2 Firewall

A firewall protects networked computers from an intrusion that could compromise confidentiality or result in data corruption or denial of service. It must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to. A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet.

A firewall examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. A firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewalls can filter packets based on their source and destination addresses and port numbers. This is known as address filtering. Firewalls can also filter specific types of network traffic. This is known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.

It is important to note that an Internet firewall cannot prevent individual users with modems from dialling into or out of the network. By doing so they bypass the firewall altogether and open the network to attack. However, these are management issues that should be raised during the planning of any security policy and cannot be solved with Internet firewalls alone.

 

 

 

 

 

Unknown Traffic

NB714 or NB712

 

 

 

 

G.SHDSL Modem Router

Access to Specific Destination

 

Specified Allowed Traffic

(Note: NB714 model shown)

 

 

 

Internet

 

 

 

 

 

 

 

 

 

Allowed Traffic

 

Out to Internet

 

 

 

 

 

 

 

 

 

 

Restricted Traffic

Firewall

 

 

 

 

 

 

 

 

 

 

PC

PC

PC

PC

8

NB712 / NB714 User Guide

 

YML829 Rev1

Page 7 Page 9
Image 8
Page 7 Page 9
Contents Page Contents NB714 User Guide Introduction FeaturesPackage Contents Specification RoutingBridging SecurityIndicators ATM QoSAAL5 Encapsulation WAN InterfaceApplication Physical/ElectricalMemory Product InformationFirewall There are three types of firewall Types of FirewallPacket Filtering Application Gateway Denial of Service AttackCircuit Gateway Ping of death SYN FloodIcmp Flood UDP FloodVlan Virtual Local Area Network Frame SpecificationApplications VID uniquely identifies the Vlan to which the frame belongsLED status Getting to know the routerFront Panel Rear Panel LAN 1,2,3,4Connecting your G.SHDSL Modem Router Check the Terminal Access ProgramDetermine Connection Setting Check the Ethernet Adapter in PCBridge EoA Route EoA IPoA PPPoA Install the Shdsl Router PPPoECross-over Ethernet cables can be used Port router with network topologyConfiguration via Web Browser Router, which will lose any previous configuration Click Basic for basic installation Basic SetupSystem error or disconnection Enter Host Name Bridge ModeLAN Parameters WAN1 Parameters Enter VPI Enter VCI Click LLC Click NextRouting Mode LAN IP Type Click Next to setup WAN1 parametersDhcp Client Dhcp Server IP typeIP Address Subnet MaskTrigger Dhcp Service DNS ServerDhcp relay RelayPPPoE or PPPoA AAL5 EncapProtocol For more information, refer to the section on NAT/DMZPassword Password ConfirmUsername Idle TimeEprom IPoA or EoA GatewayEprom Advanced Setup Annex Type Link TypeData rate Data RateShdsl SNR margin Margin range is from 0 toMargin, the better the line connection Reconnect for better line connectionWAN QoS Quality of Service UBR Unspecified Bit RateCBR Constant Bit Rate PCR Peak Cell Rate in kbpsBridge Eprom Vlan Pvid PacketsRIP Mode RouteAuto RIP Summary Press ModifyPoison Reverse Authentication requiredRIP Version NAT/DMZ Multi-DMZ Multi-NATVirtual Start IP Address Count Global Start IP AddressVirtual Server Firewall Basic Firewall SecurityAutomatic Firewall Security Advanced Firewall Security Click Advanced Firewall Security and then press FinishSYN Attack Connections and will be unresponsiveAddresses originating from your network Ping of death attack attempts to crash your system byDirection DescriptionSrc. IP Address Dest. IP AddressFiltering Rule for Smtp connection Filtering rule will be configured as followUpdate Filtering Rule Filtering Result10.0.0.0 172.16.6.0 Permit 10.1.99.0 172.16.0.0 Deny Any When the rule is ordered as ABCRule Order IP QoS NB714 User Guide Administration Security NB712 / NB714 User Guide Snmp MIBSnmp status CommunityVersion Community Time Sync Click on Time SyncTime Zone Sntp serviceTime Server Utility System Info Restore Configuration Backup Configuration10.2 Config Tool Lose all the configured parametersUpgrade Logout To logout the router, press logoutRestart Status You can monitor the followingLAN Parameters LAN-to-LAN connection with bridge ModeCO side WAN1 Parameters Enter IP 192.168.1.1 Enter Subnet MaskEnter Gateway 192.168.1.1 Enter Host Name Enter VPI Enter VCI EncapVCI32 EncapLLC CPE SideHost Name Enter Soho LAN to LAN Connection with Routing Mode Dhcp ServiceClick Route and CO Side then press Next IP Address 192.168.20.1 Subnet Mask 255.255.255.0 Host NameClick Next to setup the IP parameters WAN ParametersClick Route and CPE Side then press Next IP Address 192.168.10.1 Subnet Mask 255.255.255.0 Host Name192.168.30.2 Useradmin Password Serial ConsoleTelnet Baudrate 9600 Data Bits Parity Check Stop Bits Flow-controlOperation Interface Window structure Ctrl + C To quit the configuring item Ctrl + Q For help Menu Driven Interface CommandsTo choose another parameters Menu Tree 14.7 Configuration Ping Packet internet groper command Admin Done via utility commandUtility Exit Quit systemStatus Show SystemConfig ScriptReboot AdministrationWrite PingUser Profile Snmp Edit Community Entry List ShowSupervisor Password and ID Move the cursor to service and press enter SntpMove the cursor to sntp and press enter Move the cursor to timeserver1 and press enterMove the cursor to list and review the setting Setup UtilityExit ModeShdsl 14.16.3 WAN Bridge After enter add menu, the screen will prompt as followVlan Move the cursor to vlan and press enterFor each VLAN, Vlan ID is a unique number among 1~4095 14.16.6 802.11Q VlanFollow the following steps to configure 802.11q Vlan Generic command can setup RIP mode and auto summery mode You can review the list of RIP parameters via list commandRoute Screen will display the following14.16.8 LAN IP share14.16.10 NAT You can configure NAT parameters in nat menuMapping 14.16.11 PAT After key in enter, the screen will prompt as belowYou can enable the demilitarized zone via active command firewall security level can configure via level command14.16.12 DMZ FirewallActive DoS Protection IPQoS You can view the Dhcp configuration via list command DhcpHost name DefaultDNS proxy Appendix a Cable Information RJ-45 Network Ports10Mbps 100MbpsCross-Over Cabling Straight and crossover cable configurationStraight-Through Cabling Shdsl Line Connector Console Cable No connectionRxD O TxDAppendix B Registration and Warranty Information Contact InformationProduct Warranty
Top Page Image Contents