Firewall and Access Control | Billion Electric Company 800VGT

Billion 800VGT Router

Firewall and Access Control

Your router includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet access from your LAN, as well as helping to prevent attacks from hackers. In addition to this, when using NAT, the router acts as a “natural” Internet firewall, as all PCs on your LAN will use private IP addresses that cannot be directly accessed from the Internet.

Firewall: Prevents access from outside your network. The router provides three levels of security support:

NAT natural firewall: This masks LAN users’ IP addresses making them invisible to outside users on the Internet, thus making it much more difficult for a hacker to target any machine on your network. This natural firewall is on when NAT function is enabled.

When using the Virtual Servers function, your PCs will be exposed to the degree specified in your Virtual Server settings, provided that the ports specified are opened in your firewall packet filter settings.

Firewall Security and Policy (General Settings): Inbound direction of Packet Filter rules to prevent unauthorized WAN computers or applications accessing your local network from the Internet.

Intrusion Detection: Enable Intrusion Detection to detect, prevent and log malicious attacks.

Access Control: Prevents access from computers on your local network:

Firewall Security and Policy (General Settings): Outbound direction of Packet Filter rules to prevent unauthorized LAN computers or applications accessing the Internet.

URL Filter: Blocks computers on your local network from unwanted websites.

Here are the items within the Firewall section: General Settings, Packet Filter, Intrusion Detection, URL Filter, IM/P2P Blocking and Firewall Log.

56

Chapter 4: Configuration

Image 56

Billion Electric Company 800VGT manual Firewall and Access Control

Contents

Billion 800VGT Router Table of Contents 142 VPN Virtual Private Networks Features Introduction to your Router Universal Plug and Play UPnP Network Address Translation NATSoho Firewall Security with DoS and SPI Virtual Server port forwarding Dynamic Host Configuration Protocol Dhcp Client and Server Firmware UpgradeableStatic and RIP1/2 Routing Simple Network Management Protocol Snmp Important note for using this router Package Contents Front LEDs Meaning Power Switch Seconds, and power cycle the router useful if you cannotRear Ports Console Port LAN port Cabling Basic Installation Connecting Your Router Configuring PCs in Window XP Double-clickLocal Area Connection. See Figure Configuring PCs in Windows LAN Connection Status Configuring PC in Windows 95/98/ME Then select the DNS Configuration tab. See Figure Configuring PC in Windows NT4.0 12 TCP / IP Factory Default Settings Information from your ISP PPPoE Configuring with your Web Browser 14 User name & Password Prompt Window Quick Start Configuration Save Config to FlashLogout Configuration Status Wireless Association Table StatusARP Table Routing Table Dhcp Table RIP Routing TableLeased Table Expired Table Pptp Status IPSec Status VoIP Status L2TP StatusEmail Status NAT Sessions Error LogEvent Log Diagnostic UPnP Portmap Quick Start Configuration Bridge Interface ConfigurationLAN Local Area Network Primary IP Address EthernetIP Alias → Active PC in LAN Ethernet Client Filter Default setting is DisableEthernet Client Filter Wireless Parameters Wireless Distribution System WDS Wireless Security WPA-PSK Tkip / WPA-PSK AES Pre-Shared Key WEP →Associated Wireless Clients Wireless Client / MAC Address FilterWireless Client Filter Default setting is Disable Port Setting Dhcp Server WAN Wide Area Network ISP RFC 1483 Routed Connections RFC 1483 Bridged Connections PPPoA Routed Connections Connection Advanced Options PPPoA IPoA Routed Connections PPPoE Connections Advanced Options PPPoE PPPoE multisession PPPoE with Pass-through Connections Connection DNS Adsl Advanced Options System Time Zone Remote Access Firmware Upgrade Way Backup / RestoreRestart Router User Management Firewall and Access Control General Settings Packet Filter Example Predefined Port Filters Rules Predefined Port Filter Packet Filter Add TCP/UDP Filter Packet Filter Add Raw IP Filter Configuring Packet Filter Click DeleteClick Add TCP/UDP Filter Click Add TCP/UDP Filter Configuration Intrusion Detection Block Duration Hacker attack types recognized by the IDS SYN/FIN/RST/ACK URL Filter Always On Configuration IM / P2P Blocking Instant Message Blocking The default is DisabledPeer to Peer Blocking The default is Disabled Firewall Log VPN Virtual Private Networks Pptp Point-to-Point Tunnelling Protocol Pptp Connection Remote Access Dial-out Select Dial out Configuring the Pptp VPN in the OfficeFunction Description Pptp Connection LAN to LAN Example Configuring a Pptp LAN-to-LAN VPN Connection Configuring Pptp VPN in the Head Office Function Description Configuring Pptp VPN in the Branch Office IPSec IP Security Protocol IPSec VPN Connection Advanced Option IKE Proposal Local IDRemote ID Ping to Keep Alive Network Configuration and Security Plan Example Configuring a IPSec LAN-to-LAN VPN Connection Configuring IPSec VPN in the Head Office Configuring IPSec VPN in the Branch Office 69.121.1.3 Example Configuring a IPSec Host-to-LAN VPN Connection Configuring IPSec VPN in the Office L2TP Layer Two Tunnelling Protocol L2TP Connection Remote Access L2TP VPN Connection L2TP over IPSec L2TP/IPSec VPN Connection Dial-in Configuring L2TP VPN in the Office VPNL2TP Configuring the L2TP VPN in the Office Configuration Select Dial out Example Configuring your Router to Dial-in to the Server L2TP Connection LAN to LAN L2TP over IPSec L2TP/IPSec VPN Connection Example Configuring L2TP LAN-to-LAN VPN Connection Configuring L2TP VPN in the Head Office Configuring L2TP VPN in the Branch Office Voice QoS VoIP Voice over Internet ProtocolWizard User-defined Profiles Setting for Phone Port100 101 General SettingsAuthentication Username Same as Phone Number SIP Device Parameters How to register with a SIP Server102 Advanced Parameters Advanced Pstn Environment Adjustment103 104 Login Account ConfigurationPhone Port Volume Control 105Codec Preference Speed Dial 106 Router is Powered DownPstn Dial Plan Dial at Timeout 107Pstn Dial Plan Examples Dial with Prefix Dial at Timeout no Prefix 108 VoIP Dial Plan 109 Prefix Processing 110Dial Plan Rules List Special Dial Plan Examples Description 111Dial-Plan Examples Description 112 Ring & Tone 113Country Specific Ring & Tone Ring Parameters Special Dial Codes 114 QoS Quality of Service PrioritizationClick Clear 115 Dscp Mapping Table Dscp Mapping Table116 Adsl Router Standard Dscp Outbound IP Throttling LAN to WAN 117 Inbound IP Throttling WAN to LAN 118 Connection Diagram Information and SettingsVoIP Normal PCs Restricted PC 119 Advanced setting by using IP throttling Mission-critical applicationsVoice applications Restricted Application Virtual Server known as Port Forwarding 121 Add Virtual Server 122 123 IP Address Edit DMZ Host 124 Global IP Address Edit One-to-One NAT Network Address Translation125 126 Port Number Protocol Description Some Well-known and registered Ports127 Time Schedule 128 Configuration of Time Schedule Click Edit129 Edit a Time Slot 130 AdvancedStatic Route Dynamic DNS 131 Check Email Check Email132 Embedded Web Server 2 Management IP Accounts Device Management133 Snmp Version SNMPv2c and SNMPv3 134Snmp V1 135 Disable Advanced Vlan Setup Example Triple PlayGo to Configuration LAN Bridge Interface Vlan Bridge Bridge Interface Vlan Port Always starts with Go to Configuration WAN ISP137 138 From the example Go to Configuration Advanced Vlan Bridge139 140 Save Configuration to FlashSelect Configuration Advanced Igmp Logout 141 Problems starting up the router Problems with the WAN InterfaceProblems with the LAN Interface Problem Corrective Action 143 Contact Telkom Adsl supportContact SizweBroadband