Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless Print Server USB

Firewall

The SBG1000 firewall protects the SBG1000 LAN from undesired attacks and other intrusions from the Internet. It provides an advanced integrated stateful-inspectionfirewall supporting intrusion detection, session tracking, and denial-of-service attack prevention. The firewall:

Maintains state data for every TCP/IP session on the OSI network and transport layers

Monitors all incoming and outgoing packets, applies the firewall policy to each one, and screens for improper packets and intrusion attempts

Provides comprehensive logging for all:

User authentications

Rejected internal and external connection requests

Session creation and termination

Outside attacks (intrusion detection)

You can configure the firewall filters to set rules for port usage. For information about choosing a predefined firewall policy template, see Setting the Firewall Policy”.

DMZ

A de-militarized zone (DMZ) is one or more computers logically located outside the firewall between an SBG1000 LAN and the Internet. A DMZ prevents direct access by outside users to private data.

For example, you can set up a web server on a DMZ computer to enable outside users to access your website without exposing confidential data on your network.

A DMZ can also be useful to play interactive games that may have a problem running through a firewall. You can leave a computer used for gaming only exposed to the Internet while protecting the rest of your network. For more information, see Gaming Configuration Guidelines”.

Port Triggering

When you run a PC application that accesses the Internet, it typically initiates communications with a computer on the Internet. In some applications, especially gaming, the computer on the Internet also initiates communications with your PC. Because NAT does not normally allow these incoming connections to occur, the SBG1000 supports port triggering.

The SBG1000 is preconfigured with port triggering for common applications. You can also configure additional port triggers if needed on the Gateway > PORT TRIGGERS — custom Page.

Wireless Security

Because wireless LAN signals are transmitted using radio signals, it may be possible for your neighbor or someone else you do not want to access your wireless LAN. To prevent unauthorized eavesdropping of data transmitted over the wireless LAN, you must enable wireless security. The default SBG1000 settings provide no security for transmitted data.

The SBG1000 enables you to use the following wireless security measures:

Restrict access to computers having the same unique network name as the SBG1000.

Encrypt data transmitted over the wireless interface by configuring a Wired Equivalency Privacy (WEP) key on the SBG1000 and wireless LAN clients (stations).

Define a MAC access control list to restrict wireless LAN access to clients based on the MAC address.

Home

Print

X

17

SBG1000 User Guide

Exit

 

 

Page 22 Page 24
Page 23
Image 23
ADS Technologies SBG1000 manual Firewall, Port Triggering, Wireless Security
Page 22 Page 24
Top Page Image Contents