Efficient Networks 5200 Series, 5500 Series, 5400 Series manual Firewall Security Levels

Page 35

SpeedStream Router User Guide

Firewall

Your SpeedStream router includes a user-configurable firewall that provides various levels of security against outside attacks. This firewall provides only WAN-side protection. The firewall does not provide any LAN-side protection.

The firewall also includes an advanced Attack Detection System (ADS) containing various algorithms to detect and identify WAN attacks the moment they start and protect the LAN from such attacks. Though WAN access may be temporarily hindered, the LAN is protected from such harmful traffic load.

Firewall Security Levels

The SpeedStream router is shipped with a set of preconfigured firewall database rules grouped into levels, allowing you to easily configure the firewall. The default set of levels include:

Off:

No restrictions are applied to either inbound or outbound traffic. In addition, all Network Address Port Translation (NAPT) functionality is disabled - there is no address/port translation. Since there is no address/port translation when the firewall is placed in this mode, all LAN-side connected hosts must be assigned a valid public IP address.

Low:

Minimal restrictions with respect to outbound traffic. Outbound traffic is allowed for all supported IP- based applications and Application Level Gateways (ALGs). The only inbound traffic that is allowed is that which is received within the context of an outbound session initiated on the local host and permitted by this firewall mode.

Medium:

Moderate restrictions with respect to outbound traffic. Outbound traffic is allowed for most supported IP-based applications and Application Level Gateways (ALGs). The only inbound traffic that is allowed is that which is received within the context of an outbound session initiated on the local host and permitted by this firewall mode.

High:

High restrictions with respect to outbound traffic. Outbound traffic is allowed only for a very restricted set of supported IP-based applications and ALGs. The only inbound traffic that is allowed is that which is received within the context of an outbound session initiated on the local host and permitted by this firewall mode.

ICSA 3.0a-compliant:

Supports the ICSA Labs criteria for firewall behavior. (For more information, visit the ICSA site at http://www.icsalabs.com)

Custom:

Allows advanced users to add, modify and delete their own firewall rules.

Note For specific application and protocol security modes, refer to Appendix D, “Firewall Security Levels.”

27

Image 35
Contents Router User Guide Software License General Provisions Contents Viewing Status Screens Iii 51-57 List of IllustrationsSpeedStream Router User Guide Hardware Description IntroductionAbout the SpeedStream Router Features and BenefitsSession Tracking General Safety GuidelinesFirewall Security Minimum System Requirements Installing the RouterHardware Installation Basic Installation ProcedureIn-Line Filter Installing Line FiltersRecording System Settings Two-to-One Adapter Connecting the CablesWall-Mount Filter Ethernet Installation Method USB Installation Method TCP/IP Properties dialog box displays Configuring Computer Network SettingsWindows 95 / 98 / ME TCP/IP Properties dialog box, click the IP Address tab Windows NT Double-clickNetwork and Dial-up Connections WindowsWindows XP Snooze Getting StartedNavigating the Web Interface LevelLog Screen Navigation ElementsIP Filter Rules To log on to the Web interface for the first time Logging On to the Web InterfaceLogging On to a PPP Session Entering the Network PasswordService Name Access ConcentratorHost Customizing Router SettingsTo specify the host configuration settings Click Save SettingsDhcp Configuration Options To specify the Dhcp configuration settings To change the user name or password User Setup System LoginStatic Routes Time Client Configuration OptionsTo configure the Time Client Time ClientNAT/NAPT Server To access the NAT/NAPT Configuration screenTo disable NAT and Napt To enable NAT and specify a destination IP addressPort Forwarding Port Forwarding Configuration OptionsTo enable Napt To add a port forwarding entry To edit an existing port forwarding configurationTo delete an existing entry To delete all entries in the tableFirewall Security Levels FirewallFirewall Snooze Control DMZ SettingsDMZ Configuration Options To enable DMZ and specify an accessible computer Cloning a Rule Definition To disable DMZOn the Firewall DMZ Configuration screen, click Disable DMZ Custom IP Filter RulesFill in the following information Firewall Simple Setup screenCustom IP Filter Configuration Creating Custom IP Filter RulesSpecify Destination Port Operator options Select a protocol to filterIf TCP/UDP chosen in , select the desired rule options Specify Source Port Operator optionsTypes of Attack BackgroundADS Configuration Options To filter, or drop, a packet type To enable ADSSelect Enable Attack Detection To save the new settingsRFC2684 RFC2684 Configuration OptionsTo configure RFC2684 settings UPnP Universal Plug and Play Bridge ModeUPnP Configuration Options To configure UPnP settingsRIP Routing Information Protocol RIP Configuration OptionsTo enable bridge mode System Log To configure RIP settingsLAN Servers To configure the System Log RebootSystem Log Configuration Options To update the router firmware ResetFirmware Update To reset the routerClick Run Diagnostics at the bottom of the screen DiagnosticsTo cancel the reset System Summary Viewing Status ScreensInterface Map Interface Map screen displays Interface MapFirewall Log To display the Interface MapTo display the System Log screen To update the displayStatus and Statistics Screens ATM/AAL Status/StatisticsEthernet Status/Statistics DSL Status/StatisticsRoutes USB Status/StatisticsInterpreting the LED Display TroubleshootingBasic Troubleshooting Steps Pwr LED Not Lit Resolving Specific IssuesContacting Technical Support Attack Detection System Configuration Data SheetsAdministrative User Setup Firewall Custom IP Filter Configuration Firewall DMZ Firewall Snooze Control Firewall LevelPPP Login Static Route RIPUPnP Technical Specifications Protocol Firewall Security LevelsNeed for Speed VNC Acronyms Acronyms and Technical ConceptsPPPoE Rx ErrorsMAC address OctetTechnical Concepts Dhcp Dynamic Host Configuration Protocol Icsa 3.0a-compliancy PPP Point-to-Point Protocol Index Data Sheets See Configuration Data Sheets PPP Network TCP