Siemens CL-110 Firewall, Filtering by IP address, Select the direction to filter packets

Page 87

Chapter 5:Connection Mode

Firewall

The firewall is a software that interrupts the data between the Internet and your computer. It is the TCP/IP equivalent of a security gate at the entrance to your company. All data must pass through it, and the firewall (functions as a security guard) will allow only authorized data to be passed into the LAN.

What the firewall can do? It can:

deny or permit any packet from passing through explicitly

distinguish between various interfaces and match on the following fields:

source and destination IP address

port

To keep track of the performance of IP Filter, a logging device is used which supports logging of the TCP/UDP and IP packet headers and the first 129 bytes of the packet (including headers) when a packet is successfully passed through, a packet is blocked from passing through and it matches a rule setup to look for suspicious packets

Filtering by IP address

An example for firewall setup:

This picture is the most common and easiest way to employ the firewall. Basically, you can install a packet-filtering router at the Internet gateway and then configures the filter rule in the router to block or filter protocols and addresses. The systems behind the router usually have a direct access to the Internet, however some dangerous services such as NIS and NFS are usually blocked.

For the security of your router, set the firewall is an important issue.

Choose Disabled to disable the firewall function. Click Enabled to invoke the settings that you set in this web page.

To open the IP Filtering, please click the Enabled radio button. The web page will be shown as the right picture.

Select the direction to filter packets:

The way of the data transmission. In Bound means the data is transferred from outside onto your computer. Out Bound means the data is transferred from your computer onto outside through Internet. Please choose Outbound traffic or Inbound traffic as the direction for filtering packets.

Image 87

Contents Rev 2006/02/09 User’s ManualSafety Notes FCC Preface FeaturesConfiguration and Management Bridging FeaturesRouting Features Security FeaturesUnpacking Subscription for Adsl Service Page Front Panel LED IndicatorsOverview Physical OutlookVAC Rear PanelSystem Requirement and Installation System RequirementChoosing a place for the Adsl Router Connecting the Adsl Router Install the USB Driver For Windows MEFor Windows Page For Windows XP Page Uninstall the USB Driver For Windows Configuration Page Configuration For Windows XP Configuration Page Setting TCP/IP Option 1 If you have no TCP/IP protocol, click Add Configuration Page For Windows ME Highlight TCP/IP Protocol and click OK For Windows NTConfiguration Page For Windows Page Click Internet ProtocolTCP/IP and then click OK Option 1 If you have no TCP/IP Protocol, click InstallPanel and then click Network Internet Connections PropertiesConfigure PC to get IP address from Dhcp Enable Obtain an IP address automatically and then click OK For Windows 98ME Renew IP Address on Client PCFor Windows NT For Windows Configuration Connecting and Accessing Internet PPP over ATM PPPoA Mode ConfigurationDescription Go to Advanced Internet Connections. And click Add PPP over ATM PPPoA IP Extension ModeISP PPP over Ethernet PPPoE ModePPP over Ethernet PPPoE IP Extension Mode Numbered IP over ATM IPoA IP Address Subnet Mask Gateway Numbered IP over ATM IPoA+NAT LAN Primary DNS server Secondary DNS server Unnumbered IP over ATM IPoAIP Address Subnet Mask Gateway Primary IP Address Subnet mask Unnumbered IP over ATM IPoA+NATPage Bridge Mode Using Web-Based Manager Web ConfigurationTo Have the New Settings Take Effect Outline of Web ManagerLanguage Connection Type Quick SetupQuick Start Connect to InternetConnection Mode Choose PPPoA or PPPoE and click Next PPP over ATM/ PPP over EthernetDial on Demand PPP PasswordPPP Username Always OnDhcp Server Off Leased TimeNone IP over ATMSubnet Mask Connection Mode Bridging MTU Overview StatusAdsl BER Test Adsl LineRouting Table Internet ConnectionTraffic Statistics Dhcp TableConnection Mode Advanced Setup Local Network- IP AddressLocal Network Dhcp Server Server and Relay Off Relay OnPage VPI Virtual Path Identifier Internet-Connections SettingLocal Network UPnP Adding a New OnePage Internet Connection Igmp Proxy EnabledInternet-DNS Server Internet-IGMP ProxyIP Routing Static Route Internet Adsl SettingsDestination Configuring Other Routers on Your LANGateway IP Address Remove Static RouteAdsl Router Operation ModeEnabled IP Routing Dynamic RoutingConnection Mode Virtual Server-Port Forwarding IP Address seen by Internet Users Pre-definedUser defined Connecting to the Virtual Servers Virtual Server-Port TriggeringFrom Internet Host IP Address Virtual Server DMZ Host Virtual Server Dynamic DNS Firewall Filtering by IP addressSelect the direction to filter packets Port Range Allow TrafficProtocol Source/Destination IP addressBridge QoS Quality of ServiceSource Port IP type of ServiceIPQoS Source IP Address/ Subnet MaskPort Mapping Destination PortVoice Quality Available Interfaces Group NameManagement DiagnosticsRemote Access Admin AccountConfigure System Log Interntet TimeSystem Log Viewing System Log Snmp Setting Backup Config Update FirmwareReset Router UPnP for XP Page Troubleshooting Problems with LANProblems with WAN Problems with Upgrading Glossary ARP Address Resolution ProtocolVPI Virtual Path Identifier & VCI Virtual Channel Identifier Glossary Page Interface One RJ-11 port for Adsl connection Appendix a SpecificationsPage Getting Client Certificate Appendix B Server Setup for 802.1x ClientYes Appendix C Weee B2C