Manuals / Brands / Power Tools / Router / Motorola / Power Tools / Router

Motorola 6161252-00-01, Enterprise Series Routers Stateful Inspection

1 340

Download 340 pages, 2.33 Mb

System Conﬁguration 3-3

Stateful Inspection

Stateful inspection is a security feature that prevents unsolicited inbound access when NAT is disabled.

Stateful inspection can be enabled on a Connection Proﬁle whether NAT is enabled or not. You can conﬁgure

UDP and TCP “no-activity” periods that will also apply to NAT time-outs if stateful inspection is enabled on the

interface. Stateful Inspection parameters are active on a WAN interface only if enabled on your Gateway.

•UDP no-activity time-out: The time in seconds after which a UDP session will be terminated, if there is no

trafﬁc on the session.

•TCP no-activity time-out: The time in seconds after which an TCP session will be terminated, if there is no

trafﬁc on the session.

•DoS Detect: If you toggle this option to Yes, the device will monitor packets for Denial of Ser vice (DoS)

attack. Offending packets may be discarded if it is determined to be a DoS attack.

•Add Exposed Address List: Accesses the Add Exposed Address List screen. See “Add Exposed Address

List” on page 3-3.

•Exposed Address Associations: Accesses the Exposed Address Associations screen. See “Exposed

Address Associations” on page 3-7. The hosts speciﬁed in Exposed addresses will be allowed to receive

inbound trafﬁc even if there is no corresponding outbound trafﬁc. This is active only if NAT is disabled on a

WAN interface. An Exposed Address List can be associated with a Connection Proﬁle only if NAT is disabled

and Stateful Inspection is enabled on the proﬁle.

Add Exposed Address List

You can specify the IP addresses you want to expose by selecting Add Exposed Address List from the Stateful

Inspection menu and pressing Return.

Stateful Inspection

UDP no-activity timeout (sec): 180

TCP no-activity timeout (sec): 14400

DoS Detect: No

Add Exposed Address List...

Exposed Address Associations...

Return/Enter goes to new screen.

Return/Enter to configure Xposed IP addresses.

Contents

Main Administrators Handbook Copyright Part Number Contents Page Page Page Page Page Page Page Chapter 1 Introduction Whats New in 8.7.4 Telnet-based Management Telnet Menus Motorola Netopia Motorola Netopia Models Connecting through a Telnet Session Navigating through the Telnet Screens Page Chapter 2 WAN Configuration WAN Configuration Page Page ADSL Line Configuration screen Page Note: Note: Creating a New Connection Profile Page Page Page Page Note: Page Advanced Connection Options Configuration Changes Reset WAN Connection Scheduled Connections Page Page Page Backup Configuration Page Note: Page VRRP Options (WAN Link Failure Detection) Page Chapter 3 System Configuration System Configuration Features IP Setup Filter Sets IP Address Serving Network Address Translation (NAT) Stateful Inspection Add Exposed Address List Page Page Note: Exposed Address Associations Page Page Page VLAN Configuration Overview Ethernet Switching/Policy Setup Page Page Page Page Associating Inter-VLAN Routing Groups Note: Adding a RADIUS Profile Page Adding Port interfaces Note: Note: Page Example: Note: Changing or Deleting a VLAN Changing or Deleting an Authentication Server Configuration Configuring additional Authentication Servers Note: Page Page Page 3-30 Administrators Handbook Page Page Select the SSID 1 port interface. 13. Select COMMIT and press Return. Press Escape. Page Page Page Date and time Note: Wireless configuration Page Note: Wireless Multimedia (WMM) Enable Privacy Page Note: Multiple SSIDs Page MAC Address Authentication Note: Console Configuration SNMP (Simple Network Management Protocol) Security Upgrade Feature Set Router/Bridge Set IGMP (Internet Group Management Protocol) Page Note: Logging Log event dispositions Note: Page Page Page Note: Page Page Page Page Chapter 4 Multi-NAT Features Page WAN Network LAN Network Supported traffic Support for AOL Instant Messenger (AIM) File Transfer Support for Yahoo Messenger } MultiNAT Configuration Easy Setup Profile configuration Server Lists and Dynamic NAT configuration System Configuration Page Page Select Page Multi-NAT 4-13 The Show/Change NAT Map List screen appears. Selecting Show/Change Maps or Delete Map displays the same pop-up menu. 4-14 Administrators Handbook Adding Server Lists 4-16 Administrators Handbook exported services. Page Page Multi-NAT 4-19 The Show/Change NAT Server List screen appears. Deleting a server Binding Map Lists and Server Lists IP profile parameters 4-22 Administrators Handbook will now be bound to this Connection Prole. IP Parameters (WAN Default Profile) now be bound to the default prole. NAT Associations Page IP Passthrough Note: 4-28 Administrators Handbook If you select NAT Options, in either case, the NAT Options screen appears. If you toggle IP Passthrough Enabled to Yes, additional eld(s) appear. Page MultiNAT Configuration Example Page Page Page Page Chapter 5 Virtual Private Networks (VPNs) Page Note: About PPTP Tunnels PPTP configuration Page Page About IPsec Tunnels About L2TP Tunnels L2TP configuration Page About GRE Tunnels Page Page Note: About ATMP Tunnels ATMP configuration Note: Encryption Support MS-CHAP V2 and 128-bit strong encryption ATMP/PPTP Default Profile VPN QuickView Dial-Up Networking for VPN Note: Installing Dial-Up Networking Creating a new Dial-Up Networking profile Configuring a Dial-Up Networking profile Page Windows XP Client Configuration Connecting using Dial-Up Networking Allowing VPNs through a Firewall PPTP example Virtual Private Networks (VPNs) 5-25 Page ATMP example 5-28 Administrators Handbook Page Windows Networking Broadcasts Note: Tunnel 5-32 Administrators Handbook When Router B receives this broadcast, it sends it on its LAN. Note: Page Chapter 6 Internet Key Exchange for VPNs Note: Internet Key Exchange (IKE) Configuration 6-4 Administrators Handbook congured an IKE Phase 1 Prole, the selection ADD PH1 PROFILE allows you to do that now. Adding an IKE Phase 1 Profile Page Note: Page Page Page Page Key Management 6-12 Administrators Handbook A Change Connection Prole screen is shown below. Note: Page Page Page Note: Page Page Page Page IPsec WAN Configuration Screens IPsec Manual Key Entry VPN Quickview WAN Event History Error Reporting Page Page Chapter 7 IP Setup IP Setup Page Page Page Static routes Page Page RIP Options Overview Authentication configuration Page Page Page Page Connection Profiles and Default Profile Page IP Address Serving Page Note: IP Address Pools Page Page Page More Address Serving Options Configuring the IP Address Server options Note: 7-26 Administrators Handbook Page DHCP Relay Agent Page Connection Profiles Page Multicast Forwarding Page Note: Virtual Router Redundancy (VRRP) Page Page Page Additional LANs Page IP Setup 7-41 Page Chapter 8 Line Backup Configuring Backup Connection Profiles Page Page WAN Configuration Page Page Note: Note: Using Scheduled Connections with Backup Backup Default Gateway Backup Configuration screen Note: IP Setup screen Note: Backup Management/Statistics QuickView Chapter 9 Monitoring Tools Quick View Status Overview General status Current status Status lights Statistics & Logs Event Histories Page IP Routing Table General Statistics System Information Simple Network Management Protocol (SNMP) Page Page Page Page Chapter 10 Security Suggested Security Measures Telnet Tiered Access Two Password Levels UPnP Support Page Page Advanced Security Options Page Note: TACACS+ server authentication Note: Warning alerts Security 10-9 Page User access password User menu differences Security 10-13 Page Note: Page Security 10-17 Page Note: Telnet Access About Filters and Filter Sets Whats a filter and whats a filter set? How filter sets work How individual filters work Page Page Working with IP Filters and Filter Sets Note: Adding a filter set Page Page Note: Page Deleting a filter set Note: A sample filter set Page Page Policy-based Routing using Filtersets TOS field matching Firewall Tutorial General firewall terms Basic IP packet components Basic protocol types Firewall design rules Page Filter basics Page Page Page Configuration Management Page Page TFTP Chapter 11 Utilities and Diagnostics Ping Page Trace Route Telnet Client Factory Defaults Transferring Configuration and Software Files with TFTP Page Uploading configuration files Restarting the System Appendix A Troubleshooting Configuration Problems How to Reset the Router to Factory Defaults Power Outages Technical Support How to reach us Online product information Index A B C D F G H I L M N O P Q S T U V W X