Security Options, SPI Firewall | LevelOne FBR-1404TX manual

LevelOne Broadband VPN Gateway User Guide

Security Options

This screen allows you to set Firewall and other security-related options.

Figure 41: Security Options Screen

Data - Security Options Screen

SPI Firewall

Enable DoS	If enabled, DoS (Denial of Service) attacks will be detected and
Firewall	blocked. The default is enabled. It is strongly recommended that this
	setting be left enabled.

Note:

•A DoS attack does not attempt to steal data or damage your PCs, but overloads your Internet connection so you can not use it - the service is unavailable.

•This device uses "Stateful Inspection" technology. This system can detect situations where individual TCP/IP packets are valid, but collectively they become a DoS attack.

Threshold	This setting affects the number of "half-open" connections allowed.
	• A "half-open" connection arises when a remote client contacts the
	Server with a connection request, but then does not reply to the
	Server's response.
	• While the optimum number of "half-open" connections allowed
	(the "Threshold") depends on many factors, the most important
	factor is the available bandwidth of your Internet connection.
	• Select the setting to match the bandwidth of your Internet connec-
	tion.

62

Image 65

LevelOne FBR-1404TX user manual Data Security Options Screen, SPI Firewall

Contents

LevelOne Table of Contents Upgrade Firmware Remote AdministrationGeneral Problems Internet Access Internet Access Features LevelOne Broadband VPN Gateway Features Configuration & Management LAN FeaturesSecurity Features Advanced Internet Functions Package Contents Front-mounted LEDs Physical Details Rear Panel Choose an Installation Site ProcedureRequirements Connect LAN Cables Check the LEDs Power UpConnect WAN Cable To Do this Refer to Overview Preparation Configuration ProgramUsing UPnP If you cant connect Using your Web Browser Common Connection Types Setup WizardCable Modems DSL Modems SingTel RAS Other Modems e.g. Broadband WirelessBig Pond Cable Australia Navigation & Data Input Home Screen Buttons LAN ScreenData LAN Screen Using another Dhcp Server Using the LevelOne Broadband VPN Gateway s Dhcp ServerTo Configure your PCs to use Dhcp What Dhcp Does Password Screen Windows Clients TCP/IP Settings Overview Using Specify an IP Address Checking TCP/IP Settings Windows 9x/MEUsing Dhcp Gateway Tab Win 95/98 Windows NT4.0 TCP/IP Checking TCP/IP Settings Windows NT4.0 Specify an IP Address Obtain an IP address from a Dhcp Server Windows NT4.0 Add Gateway Windows NT4.0 DNS Network Configuration Win Checking TCP/IP Settings Windows TCP/IP Properties Win Using a fixed IP Address Use the following IP Address Network Configuration Windows XP Checking TCP/IP Settings Windows XP TCP/IP Properties Windows XP Accessing AOL Internet AccessFor Windows 9x/ME/2000 For Windows XP Linux Clients Macintosh ClientsOther Unix Systems Fixed IP Address Status Screen Operation System Data Status ScreenInternet Data PPPoE Screen Connection Status PPPoEConnection Connection Log Message Description Connection Log Messages Pptp Status Connection Status PptpData Pptp Screen Connection Status Connection Status Telstra Big PondData Telstra Big Pond Screen RAS Plan Connection Details SingTel RASData SingTel RAS Screen DNS IP Address Default GatewayDhcp Client Release/Renew Data Fixed/Dynamic IP address Screen Connection Details Fixed/Dynamic IP Address Update the data shown on screen Internet Features Data WAN Port Screen WAN Port Configuration ScreenIdentification IP Address Login Communication Applications Advanced Internet ScreenMAC Address Communication Applications Special Applications Screen Special ApplicationsData Special Applications Screen Send incoming calls to Incoming Using a Special ApplicationPorts Outgoing URL Filter Screen URL FilterData URL Filter Screen Filter Strings Dynamic DNS Domain Name Server Ddns ServiceDynamic DNS Screen Data Dynamic DNS Screen Ddns Data Password Domain NameUser Name Ddns Status IP Address seen by Internet Users Virtual Servers Virtual Servers Screen Connecting to the Virtual ServersDefining your own Virtual Servers Data Virtual Servers Screen Internet Options Backup DNSData Options Screen MTU size Security Configuration Access Control Screen Access ControlTo use this feature Data Access Control Screen Internet Access Group Members Screen Access Control LogDate/Time Source IP address Firewall Rules This feature is for advanced administrators onlyFirewall Rules Screen Data Firewall Rules Screen Edit DataMove Delete Data Firewall Rule Screen Firewall RuleType Source IP Log Dest IPAction Data Logs Screen Enable LogsLogs Syslog Server Mail Logs SPI Firewall Security OptionsData Security Options Screen Options Data Define Schedule Screen SchedulingDefine Schedule Screen Data Services Screen ServicesAvailable Services Add New Service Cancel IPSec LevelOne Broadband VPN Gateway always uses Tunnel Mode Policies VPN Configuration Client PC to VPN Gateway Common VPN SituationsVPN Pass-through Connecting 2 VPN Gateways Connecting 2 LANs via VPN VPN Policies Screen VPN PoliciesData VPN Policies Screen VPN List Copy Enable/DisableAdding a New Policy Enable Policy General SettingsEndpoint Keys Local IP addresses VPN Wizard Traffic Selector Manual Key Exchange Remote IP addresses Tion is enabled ESP AuthenticationManually assigned Keys ESP Encryption IKE Phase 1 IKE SA IKE Phase IKE Phase 2 IPsec SA Want to enable both ESP Encryption and ESP Authentication Self Certificates CertificatesTrusted Certificates Adding a Self Certificate Adding a Trusted Certificate Signature Key Length Hash AlgorithmSignature Algorithm Add Self Certificate To add a New CRL CRLs Current VPN SAs VPN StatusData VPN Status Screen Configuration Settings Example 1 Connecting 2 LevelOne Broadband VPN GatewaysSetting LAN a Gate LAN B Gate Way Examples IPSec SA Parameters DES Example 2 Windows 2000/XP Client to LAN LevelOne Broadband VPN Gateway ConfigurationSetting Value Windows 2000/XP Local Security Settings Windows Client Configuration Windows 2000/XP Policy Properties Filter Properties Addressing New Rule Properties Filter Action Modify Security Method VPN Setting Windows Setting Tunnel Setting Windows 2000/XP Client to LevelOne Broadband VPN Gateway Filter List Filter Action Modify Security Method DUT to Win2K Properties Properties General Tab IKE Security Algorithms Key Exchange Security Methods Example 3 Windows 2000 Server to VPN Gateway Setting Single Client Server/Gateway Windows 2000 Server Addressing Windows 2000 Server Configuration Upgrade AdministrationRemote Firmware PC Database Screen PC Database Known PCs Data PC Database ScreenGenerate Report Advanced PC Properties PC Database AdminData PC Database Admin Screen Add as New Update SelectedEntry Clear Form Data Remote Administration Screen Remote AdministrationRemote Administration To connect from a remote PC via the Internet Routing Using this ScreenOverview Routing Screen Static Routing Data Routing Screen Other Routers on the Local LAN Configuring Other Routers on your LANLocal Router For Router Bs Default Route For Router As Default RouteStatic Routing Example For the LevelOne Broadband VPN Gateway s Routing Table To perform the Firmware Upgrade Upgrade Firmware UPnP UPnPData Upnp Screen Internet Access General Problems Appendix a Troubleshooting FCC Statement LevelOne Broadband VPN Gateway FCC Radiation Exposure Statement CE Marking Warning