ADS Technologies SBG1000 Firewall, , , DMZ, Port Triggering, Wireless Security,

17 SBG1000 User Guide

Home

ExitPrint

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless Print Server USB

Firewall

The SBG1000 firewall protects the SBG1000 LAN from undesired attacks and other intrusions from the Internet. It

provides an advanced integrated stateful-inspection firewall supporting intrusion detection, session tracking, and

denial-of-service attack prevention. The firewall:

•Maintains state data for every TCP/IP session on the OSI network and transport layers

•Monitors all incoming and outgoing packets, applies the firewall policy to each one, and screens for improper

packets and intrusion attempts

•Provides comprehensive logging for all:

— User authentications

— Rejected internal and external connection requests

— Session creation and termination

— Outsi de attacks (intrusion detection)

You can configure the firewall filters to set rules for port usage. For information about choosing a predefined

firewall policy template, see “Setting the Firewall Policy”.

DMZ

A de-militarized zone (DMZ) is one or more computers logically located outside the firewall between an SBG1000

LAN and the Internet. A DMZ prevents direct access by outside users to private data.

For example, you can set up a web server on a DMZ computer to enable outside users to access your website

without exposing confidential data on your network.

A DMZ can also be useful to play interactive games that may have a problem running through a firewall. You can

leave a computer used for gaming only exposed to the Internet while protecting the rest of your network. For more

information, see “Gaming Configuration Guidelines”.

Port Triggering

When you run a PC application that accesses the Internet, it typically initiates communications with a computer on

the Internet. In some applications, especially gaming, the computer on the Internet also initiates communications

with your PC. Because NAT does not normally allow these incoming connections to occur, the SBG1000 supports

port triggering.

The SBG1000 is preconfigured with port triggering for common applications. You can also configure additional

port triggers if needed on the Gateway > PORT TRIGGERS — custom Page.

Wireless Security

Because wireless LAN signals are transmitted using radio signals, it may be possible for your neighbor or

someone else you do not want to access your wireless LAN. To prevent unauthorized eavesdropping of data

transmitted over the wireless LAN, you must enable wireless security. The default SBG1000 settings provide no

security for transmitted data.

The SBG1000 enables you to use the following wireless security measures:

•Restrict access to computers having the same unique network name as the SBG1000.

•Encrypt data transmitted over the w ireless interface by configuring a Wired E quivalency Privacy (WEP) key

on the SBG1000 and wireless LAN clients (stations).

•Define a MAC access control list to restrict wireless LAN access to clients based on the MAC address.