Efficient Networks 5200 Series Custom IP Filter Rules, Cloning a Rule Definition, To disable DMZ

Page 38

SpeedStream Router User Guide

To disable DMZ:

1.On the Firewall – DMZ Configuration screen, click Disable DMZ.

2.To accept the settings, click Apply.

Custom IP Filter Rules

You can configure the SpeedStream Router firewall to perform IP filtering and stateful inspection of packets. The firewall supports a rules database to allow sophisticated access tailoring. A network conversation is first authorized by verifying the packet against the current rules database configured within the firewall. If the first packet of a conversation is allowed, then a dynamic state engine takes over and tracks that conversation. All protocols are tracked whether they are stream-based or not; i.e., ICMP, UDP, TCP, GRE.

The filtering rules database gives you control over the configurable firewall rules. Rules can be filter- based on any of the following:

Source and destination router interfaces

IP protocols

Direction of traffic flow

Source and destination network/host IP address

Protocol-specific attributes such as ICMP message types

Source and destination port ranges (for protocols that support them), and support for port comparison operators such as less than, greater than, and equal to.

Rules can specifically allow or deny packets to flow through the router. Default actions taken when no specific rule applies can also be configured.

Note You must have previously selected Custom Level in the Firewall - Simple Setup & Control

screen.

Cloning a Rule Definition

You can create a new set of custom IP filter rules from one of the existing preconfigured firewall levels. (See screenshot on next page.)

To clone an IP filter rule:

1.In the Clone Rules Definitions box, select the firewall level to copy.

2.Click Clone Rule Set. The Rules table refreshes to display the new rules for that level.

3.If you Want to change any of a rule’s criteria, click Edit in the row of that rule, and then complete steps 1 through 5 as relevant (refer to the following section for detailed instructions.)

30

Image 38
Contents Router User Guide Software License General Provisions Contents Viewing Status Screens Iii List of Illustrations 51-57SpeedStream Router User Guide Introduction Hardware DescriptionFeatures and Benefits About the SpeedStream RouterSession Tracking General Safety GuidelinesFirewall Security Basic Installation Procedure Installing the RouterHardware Installation Minimum System RequirementsIn-Line Filter Installing Line FiltersRecording System Settings Two-to-One Adapter Connecting the CablesWall-Mount Filter Ethernet Installation Method USB Installation Method TCP/IP Properties dialog box displays Configuring Computer Network SettingsWindows 95 / 98 / ME TCP/IP Properties dialog box, click the IP Address tab Windows NT Windows Double-clickNetwork and Dial-up ConnectionsWindows XP Level Getting StartedNavigating the Web Interface SnoozeLog Screen Navigation ElementsIP Filter Rules Logging On to the Web Interface To log on to the Web interface for the first timeEntering the Network Password Logging On to a PPP SessionAccess Concentrator Service NameClick Save Settings Customizing Router SettingsTo specify the host configuration settings HostDhcp Configuration Options To specify the Dhcp configuration settings User Setup System Login To change the user name or passwordTime Client Time Client Configuration OptionsTo configure the Time Client Static RoutesTo enable NAT and specify a destination IP address To access the NAT/NAPT Configuration screenTo disable NAT and Napt NAT/NAPT ServerPort Forwarding Port Forwarding Configuration OptionsTo enable Napt To delete all entries in the table To edit an existing port forwarding configurationTo delete an existing entry To add a port forwarding entryFirewall Firewall Security LevelsFirewall Snooze Control DMZ SettingsDMZ Configuration Options To enable DMZ and specify an accessible computer Custom IP Filter Rules To disable DMZOn the Firewall DMZ Configuration screen, click Disable DMZ Cloning a Rule DefinitionCreating Custom IP Filter Rules Firewall Simple Setup screenCustom IP Filter Configuration Fill in the following informationSpecify Source Port Operator options Select a protocol to filterIf TCP/UDP chosen in , select the desired rule options Specify Destination Port Operator optionsBackground Types of AttackADS Configuration Options To save the new settings To enable ADSSelect Enable Attack Detection To filter, or drop, a packet typeRFC2684 RFC2684 Configuration OptionsTo configure RFC2684 settings To configure UPnP settings Bridge ModeUPnP Configuration Options UPnP Universal Plug and PlayRIP Routing Information Protocol RIP Configuration OptionsTo enable bridge mode System Log To configure RIP settingsLAN Servers To configure the System Log RebootSystem Log Configuration Options To reset the router ResetFirmware Update To update the router firmwareClick Run Diagnostics at the bottom of the screen DiagnosticsTo cancel the reset Viewing Status Screens System SummaryTo display the Interface Map Interface MapFirewall Log Interface Map Interface Map screen displaysATM/AAL Status/Statistics To update the displayStatus and Statistics Screens To display the System Log screenDSL Status/Statistics Ethernet Status/StatisticsUSB Status/Statistics RoutesInterpreting the LED Display TroubleshootingBasic Troubleshooting Steps Resolving Specific Issues Pwr LED Not LitContacting Technical Support Attack Detection System Configuration Data SheetsAdministrative User Setup Firewall Custom IP Filter Configuration Firewall DMZ Firewall Level Firewall Snooze ControlPPP Login RIP Static RouteUPnP Technical Specifications Firewall Security Levels ProtocolNeed for Speed VNC Acronyms and Technical Concepts AcronymsOctet Rx ErrorsMAC address PPPoETechnical Concepts Dhcp Dynamic Host Configuration Protocol Icsa 3.0a-compliancy PPP Point-to-Point Protocol Index Data Sheets See Configuration Data Sheets PPP Network TCP