Carrier Access MSR/Adit 3K GUI DMZ Host

Adit 3000 (Rel. 1.6) and MSR Card (Rel 2.0) GUI 4-17

Security

DMZ Host

DMZ Host

The DMZ (Demilitarized Zone) Host feature allows one local computer to be exposed to the Internet.

Designate a DMZ host when:

Using a special-purpose Internet service, such as a video-conferencing program, that is not

present in the Local Servers list and where no port range information is available.

You are not concerned with security and choose to expose one computer to all services without

restriction.

The DMZ host is an NAPT function. It only applies to packets whose destination address is the Adit's

own WAN IP address. It only is utilized when there are no matching Local Servers or Remote

Administration matches. When the DMZ Host configuration is applied, packets are redirected from the

Adit WAN IP address to the DMZ host's IP address. Note: The DMZ Host is only active if the firewall

is enabled on the WAN interface, regardless of whether the WAN interface routing type is set for NAPT

or Routing.

WARNING! A DMZ HOST IS NOT PROTECTED BY THE FIREWALL AND MAY BE VULNERABLE TO

ATTACK. IT MAY ALSO PUT OTHER COMPUTERS IN THE NETWORK AT RISK. WHEN DESIGNATING A

DMZ HOST, YOU MUST CONSIDER THE SECURITY IMPLICATIONS AND PROTECT IT IF NECESSARY.

An incoming request for access to a service at the Adit WAN IP address, such as a Web-server, is fielded

by the Adit and forwarded to either:

a matching configured Local Server, or

a permitted Remote Management session, or

the DMZ host (if one is designated)

Contents

Main Page P Safety Information CAUTION! NOTE: Preface Notices DANGER! CAUTION! WARNING! NOTE: TABLE OF CONTENTS Preface 1 2 Page 3 4 5 6 Glossary Index Web Based Management Overview of Supported Products Adit 3104 IP Business Gateway Adit 3200 Business Router Adit 3500 Trunk Gateway Multi-Service Router (MSR) Card (for the Adit 600 Platform) Accessing the GUI NOTE: Page Navigation Pane Icons Action Icons (for Managing Lists) Home Network Map LAN WAN Host Information Window Page Quick Setup Web Based Management Internet Connection Connection Type Page Page Page Page NOTE: Page Page Page Network Connections Page Security Web Based Management Voice over IP NOTE: WARNING! Page Page Page Page Page Advanced Page ARP Certificates Digital Certificates X.509 Certificate Format Obtaining and Loading an X.509 Certificate Page Page Page Page Page Page Page Setting the Date and Time Page Page Page DNS Static Entries Viewing the DNS Table Page Modifying an Entry in the DNS Table Dynamic DNS Using Dynamic DNS 1. Select Advanced/ Dynamic DNS. 2. Specify the Dynamic DNS operating parameters: 3. Select Apply or OK to save the configuration. Advanced IP Address Distribution (DHCP) Summary of Services NOTE: Editing DHCP Server Settings Page Page Page IPSec (IP Security) General IPSec Settings Key Management Log Settings Page Page Network Objects Page Page RADIUS Client Configuring RADIUS Remote Administration Page Restore Defaults Restoring Default Settings Routing Static Routing Page Page Page Page Page Page OSPF Field Definitions When the Open Shortest Past First (OSPF) option is enabled, the window displays additional fields: Page Page Page Scheduler Rules Page Page Simple Network Management Protocol Configuring the Adits SNMP Agent Page Page Page Page Defining an Outgoing Mail Server Technical Information Page Advanced Configuration File WARNING! Upgrade From a Local Computer Upgrading the Software Page Adding a User Page Configuring E-mail Notification for Users VLAN Configuration Page Page Page Page Page Network Connections Adit 3000 Connections Adit MSR Connections Page Preconfigured Connections Ethernet 1 Configuring Ethernet 1 Internet Protocol DNS Static Entries Network Connections NOTE: IP Address Distribution Routing Internet Connection Configuring DHCP Options Page Configuring Ethernet 2 Network Connections NOTE: IP Address Distribution Additional IP Addresses Routing Serial 1 (Adit 3000 Only) T1 1 - T1 4 (Adit 3000 Only) Configuring a T1 (1-4) T1 Configuration Network Connections Log Button See, System Monitoring/T1 Log (Adit 3000 Only) on page 5-7. Performance Button See, System Monitoring/T1 Performance (Adit 3000 Only) on page 5-10. Connections that Require Configuration Multilink Page The following are field definitions for the Configure Multilink 1 window: PPP PPP Authentication PPP Encryption NOTE: Serial (PPPoDS0) Page The following are field definitions for the Configure Serial 1 window: PPP - PPP Authentication PPP Encryption Internet Protocol DNS Static Entries Routing Internet Connection Additional IP Addresses Page Page New Connection Page Network Connections Point-to-Point Protocol over DS0 (Serial) NOTE: Page Page Multilink Point-to-Point Protocol over DS0 (Multilink) NOTE: Page Point-to-Point Tunneling Protocol (PPTP) Point-to-Point Tunneling Protocol Server (PPTP Server) Page Layer Two Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) Page OSPF Configuration on the Network Connection NOTE: Page 4. Set the OSPF interface parameters as needed: Page Page Security Page Page General Security NOTE: Security Levels Access Control Page NOTE: Modifying an Access Control Rule Page 4. Configure the Service port protocol: Page Local Servers NOTE: Adding a Local Server Security NOTE: Modifying a Local Server Security DMZ Host WARNING! Page Port Triggering Page Page Page Security Remote Administration WARNING! Configuring Remote Administration Page Adding an Address/Hostname to the Restricted List Page Advanced Filtering Input and Output Rule Sets Page Page Page Page Security NAT Bypass Adding/Modifying a NAT Bypass Rule NOTE: Security Log The following are the events and event types that are automatically recorded in the Security Log: Page Security Log Settings Security Firewall Implementation Network Connection Configuration Network Type LAN WAN Routing Mode NAPT Route Internet Connection Firewall Security Firewall Processing Sequence Inbound Firewall Processing Outbound Firewall Processing System Monitoring Page Page Page Page Page Page System Monitoring SIP Log The SIP Log displays all SIP related alarms and events. System Monitoring PRI Log The PRI Log displays all PRI related alarms and events. Page Page Page Voice Over IP WARNING! Page Dialing Parameters Digit Map FXS Digit Map Gateway IP Address VoIP Signaling Protocol UDP - User Datagram Protocol. Proxy Servers Codecs Configuring the Digit Map Page Digit Map Pattern Page Page Page Page Page Phone Settings Page Page Identification Packet Processing None - A Modem call would be treated as a normal voice call. Bypass - Causes the line to transmit in G.711 mode, with echo Static - Maintain a static average delay, through the jitter buffer. Page Page Page Phone Book Destination Page Page The following table defines the fields displayed in the Line Monitoring window: Page Page Page Identification Packet Processing more voice channels. Voice Processing Calling Features Digit Map New Entry - See Call Destination window below. Page Page Page Page The following table defines the fields displayed in the Trunk Monitoring window: Voice over IP Trunk Registration NOTE: The Trunk Registration tab displays all configured PBX phone lines. Page Page Page G Page Page Page Page Page Page Page Page Page Page Page Page Page I