Carrier Access MSR/Adit 3K GUI Security Levels

Adit 3000 (Rel. 1.6) and MSR Card (Rel 2.0) GUI 4-5

Security

General

The important thing to note is that it is the origin of the request, not subsequent responses to this request,

that determines whether a session can be established or not.

You can choose from among three pre-defined security levels: Minimum, Typical (default setting), and

Maximum. The following table defines the behavior of the Adit for each of the three security levels.

NOTE: Using the Minimum Security setting may expose the network to significant security

risks, and thus should only be used when necessary, for short periods of time.

Security Levels

The following are the security levels available:

Security Level Requests Originating

in the WAN

Requests Originating

in the LAN

Maximum Blocked: No access to network

from Internet, except as configured

in the Local Servers, DMZ host and

Remote Access screens.

Limited: Only commonly-used services,

such as Web-browsing and e-mail, are

permitted. These services include Telnet,

FTP, HTTP, HTTPS, DNS, IMAP, POP3,

Ping and SNMP.

Typical (Default) Blocked: No access to network

from Internet, except as configured

in the local Servers, DMZ host and

Remote Access screens.

Unrestricted: All services are permitted,

except as configured in the Access Control

screen.

Minimum Unrestricted: Permits full access

from Internet to network; all

connection attempts permitted.

Unrestricted: All services are permitted,

except as configured in the Access Control

screen.

Field Definition

Block IP Fragments Checking this box will protect your network from a common type of hacker

attack that could make use of fragmented data packets to sabotage your

network. Note: VPN over IPSec and some UDP-based services make

legitimate use of IP fragments. You will need to allow IP fragments to pass

into the home network in order to make use of these selected services.

Contents

Main Page P Safety Information CAUTION! NOTE: Preface Notices DANGER! CAUTION! WARNING! NOTE: TABLE OF CONTENTS Preface 1 2 Page 3 4 5 6 Glossary Index Web Based Management Overview of Supported Products Adit 3104 IP Business Gateway Adit 3200 Business Router Adit 3500 Trunk Gateway Multi-Service Router (MSR) Card (for the Adit 600 Platform) Accessing the GUI NOTE: Page Navigation Pane Icons Action Icons (for Managing Lists) Home Network Map LAN WAN Host Information Window Page Quick Setup Web Based Management Internet Connection Connection Type Page Page Page Page NOTE: Page Page Page Network Connections Page Security Web Based Management Voice over IP NOTE: WARNING! Page Page Page Page Page Advanced Page ARP Certificates Digital Certificates X.509 Certificate Format Obtaining and Loading an X.509 Certificate Page Page Page Page Page Page Page Setting the Date and Time Page Page Page DNS Static Entries Viewing the DNS Table Page Modifying an Entry in the DNS Table Dynamic DNS Using Dynamic DNS 1. Select Advanced/ Dynamic DNS. 2. Specify the Dynamic DNS operating parameters: 3. Select Apply or OK to save the configuration. Advanced IP Address Distribution (DHCP) Summary of Services NOTE: Editing DHCP Server Settings Page Page Page IPSec (IP Security) General IPSec Settings Key Management Log Settings Page Page Network Objects Page Page RADIUS Client Configuring RADIUS Remote Administration Page Restore Defaults Restoring Default Settings Routing Static Routing Page Page Page Page Page Page OSPF Field Definitions When the Open Shortest Past First (OSPF) option is enabled, the window displays additional fields: Page Page Page Scheduler Rules Page Page Simple Network Management Protocol Configuring the Adits SNMP Agent Page Page Page Page Defining an Outgoing Mail Server Technical Information Page Advanced Configuration File WARNING! Upgrade From a Local Computer Upgrading the Software Page Adding a User Page Configuring E-mail Notification for Users VLAN Configuration Page Page Page Page Page Network Connections Adit 3000 Connections Adit MSR Connections Page Preconfigured Connections Ethernet 1 Configuring Ethernet 1 Internet Protocol DNS Static Entries Network Connections NOTE: IP Address Distribution Routing Internet Connection Configuring DHCP Options Page Configuring Ethernet 2 Network Connections NOTE: IP Address Distribution Additional IP Addresses Routing Serial 1 (Adit 3000 Only) T1 1 - T1 4 (Adit 3000 Only) Configuring a T1 (1-4) T1 Configuration Network Connections Log Button See, System Monitoring/T1 Log (Adit 3000 Only) on page 5-7. Performance Button See, System Monitoring/T1 Performance (Adit 3000 Only) on page 5-10. Connections that Require Configuration Multilink Page The following are field definitions for the Configure Multilink 1 window: PPP PPP Authentication PPP Encryption NOTE: Serial (PPPoDS0) Page The following are field definitions for the Configure Serial 1 window: PPP - PPP Authentication PPP Encryption Internet Protocol DNS Static Entries Routing Internet Connection Additional IP Addresses Page Page New Connection Page Network Connections Point-to-Point Protocol over DS0 (Serial) NOTE: Page Page Multilink Point-to-Point Protocol over DS0 (Multilink) NOTE: Page Point-to-Point Tunneling Protocol (PPTP) Point-to-Point Tunneling Protocol Server (PPTP Server) Page Layer Two Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) Page OSPF Configuration on the Network Connection NOTE: Page 4. Set the OSPF interface parameters as needed: Page Page Security Page Page General Security NOTE: Security Levels Access Control Page NOTE: Modifying an Access Control Rule Page 4. Configure the Service port protocol: Page Local Servers NOTE: Adding a Local Server Security NOTE: Modifying a Local Server Security DMZ Host WARNING! Page Port Triggering Page Page Page Security Remote Administration WARNING! Configuring Remote Administration Page Adding an Address/Hostname to the Restricted List Page Advanced Filtering Input and Output Rule Sets Page Page Page Page Security NAT Bypass Adding/Modifying a NAT Bypass Rule NOTE: Security Log The following are the events and event types that are automatically recorded in the Security Log: Page Security Log Settings Security Firewall Implementation Network Connection Configuration Network Type LAN WAN Routing Mode NAPT Route Internet Connection Firewall Security Firewall Processing Sequence Inbound Firewall Processing Outbound Firewall Processing System Monitoring Page Page Page Page Page Page System Monitoring SIP Log The SIP Log displays all SIP related alarms and events. System Monitoring PRI Log The PRI Log displays all PRI related alarms and events. Page Page Page Voice Over IP WARNING! Page Dialing Parameters Digit Map FXS Digit Map Gateway IP Address VoIP Signaling Protocol UDP - User Datagram Protocol. Proxy Servers Codecs Configuring the Digit Map Page Digit Map Pattern Page Page Page Page Page Phone Settings Page Page Identification Packet Processing None - A Modem call would be treated as a normal voice call. Bypass - Causes the line to transmit in G.711 mode, with echo Static - Maintain a static average delay, through the jitter buffer. Page Page Page Phone Book Destination Page Page The following table defines the fields displayed in the Line Monitoring window: Page Page Page Identification Packet Processing more voice channels. Voice Processing Calling Features Digit Map New Entry - See Call Destination window below. Page Page Page Page The following table defines the fields displayed in the Trunk Monitoring window: Voice over IP Trunk Registration NOTE: The Trunk Registration tab displays all configured PBX phone lines. Page Page Page G Page Page Page Page Page Page Page Page Page Page Page Page Page I