Security Options, Firewall, Threshold | Planet Technology VRT-401

Security Configuration

Security Options

This screen allows you to set Firewall and other security-related options.

Figure 40: Security Options Screen

Data - Security Options Screen

SPI Firewall

	Enable DoS	If enabled, DoS (Denial of Service) attacks will be detected and
	Firewall	blocked. The default is enabled. It is strongly recommended that
	Firewall	this setting be left enabled.
		this setting be left enabled.
		Note:
		∙ A DoS attack does not attempt to steal data or damage your
		PCs, but overloads your Internet connection so you can not
		use it - the service is unavailable.
		∙ This device uses "Stateful Inspection" technology. This
		system can detect situations where individual TCP/IP pack-
		ets are valid, but collectively they become a DoS attack.
	Threshold	This setting affects the number of "half-open" connections al-
		lowed.
		∙ A "half-open" connection arises when a remote client con-
		tacts the Server with a connection request, but then does not
		reply to the Server's response.
		∙ While the optimum number of "half-open" connections
		allowed (the "Threshold") depends on many factors, the
		most important factor is the available bandwidth of your
		Internet connection.
		∙ Select the setting to match the bandwidth of your Internet
		connection.

65

Image 69

Planet Technology VRT-401 user manual Data Security Options Screen, SPI Firewall Enable DoS, Threshold

Contents

Broadband VPN Router Copyright Table of Contents Remote Administration 111 Using Certificates 101106 107 Internet Access Features VRT-401 Features Configuration & Management LAN FeaturesSecurity Features Advanced Internet Functions Package Contents Front-mounted LEDs Physical Details Rear Panel To Clear All Data and restore the factory default values Choose an Installation Site ProcedureRequirements Connect LAN Cables Power Up Using the DMZ PortConnect WAN Cable Check the LEDs To Do this Refer to Overview Using UPnP Configuration ProgramUsing your Web Browser Preparation If you cant connect Password Dialog Common Connection Types Config WizardCable Modems DSL Modems Other Modems e.g. Broadband Wireless Big Pond Cable AustraliaSingTel RAS Navigation & Data Input Home Screen Data LAN Screen LAN Screen Using another Dhcp Server Using VRT-401’s Dhcp ServerTo Configure your PCs to use Dhcp What Dhcp Does Windows Clients TCP/IP Settings Overview Checking TCP/IP Settings Windows 9x/ME Using DhcpUsing Specify an IP Address Gateway Tab Win 95/98 Windows NT4.0 TCP/IP Checking TCP/IP Settings Windows NT4.0 Specify an IP Address Obtain an IP address from a Dhcp Server Windows NT4.0 Add Gateway Windows NT4.0 DNS Network Configuration Win Checking TCP/IP Settings Windows TCP/IP Properties Win Using a fixed IP Address Use the following IP Address Network Configuration Windows XP Checking TCP/IP Settings Windows XP TCP/IP Properties Windows XP Accessing AOL Internet AccessFor Windows 9x/ME/2000 For Windows XP Linux Clients Macintosh ClientsOther Unix Systems Fixed IP Address Status Screen Operation Data Status Screen Data PPPoE Screen Connection Status PPPoEConnection Physical Address PPPoE Link Status Connection Log Messages Operation and Status Data Pptp Screen Connection Status PptpConnection Physical Ad Dress Data Telstra Big Pond Screen Connection Status Telstra Big Pond Connection Status Connection Details SingTel RAS Data SingTel RAS Screen Connection Details Fixed/Dynamic IP Address Data Fixed/Dynamic IP address ScreenInternet Physical Ad Buttons Release/Renew Internet Screen Advanced Internet Screen Communication Applications Special ApplicationsSpecial Applications Screen Using a Special Application Data Special Applications ScreenCheckbox Name Incoming Ports Outgoing Ports URL Filter DMZ Data URL Filter Screen URL Filter Screen Service works as follows Dynamic DNS Domain Name ServerDynamic DNS Screen Password Domain Name Ddns ServiceData Dynamic DNS Screen Ddns Data User Name IP Address seen by Internet Users Virtual Servers Using the DMZ port for Virtual Servers Virtual Servers ScreenData Virtual Servers Screen Backup DNS IP Address Connecting to the Virtual ServersOptions Defining your own Virtual Servers MTU size MTU Admin Login Screen Admin Login Password Dialog Access Control Access Control ScreenTo use this feature Data Access Control Screen View Log Group Members Screen Access Control Log Security Configuration This feature is for advanced administrators only Firewall RulesFirewall Rules Screen Data Firewall Rules Screen Data Define Firewall Rule Screen Define Firewall RuleType Source IP Dest IP ActionLog Logs Enable Logs DoS AttacksData Logs Screen Internet Connec Syslog Server Enable Syslog Access ControlFirewall Rules Timezone Include Security Options SPI Firewall Enable DoSData Security Options Screen Firewall Allow IPsec Options Respond toAllow Pptp Allow L2TP Scheduling Define Schedule ScreenData Define Schedule Screen Data Services Screen Services Buttons Delete VRT-401 does not support Transport Mode VRT-401 always uses Tunnel ModeIPSec Policies VPN Configuration Common VPN Situations VPN Pass-throughClient PC to VPN Gateway Connecting 2 VPN Gateways Connecting 2 LANs via VPN VPN Configuration VPN Policies ScreenData VPN Policies Screen Able/Disable Copy Adding a New PolicyOperations Add Enable Policy General SettingsEndpoint Keys Local IP addresses Type VPN Wizard Traffic Selector Manual Key Exchange Remote IP addresses Type Manually assigned Keys Tication is enabledESP Encryption ESP Authentica IKE Phase Local IdentityRemote Identity Encryption AuthenticationIKE Exchange Mode AH Authentication IKE Phase 2 IPsec SA IPsec SA LifeTime IPSec PFS Configuration Settings Example 1 Connecting 2 VRT-401sSetting LAN a Gateway LAN B Gateway Examples IPSec SA Parameters DES VRT-401 Configuration Setting ValueExample 2 Windows 2000/XP Client to LAN Windows 2000/XP Local Security Settings Windows Client Configuration Windows 2000/XP Policy Properties Filter Properties Addressing New Rule Properties Filter Action Modify Security Method VPN Setting Windows Setting Tunnel Setting Windows 2000/XP Client to VRT-401 Filter List Filter Action Modify Security Method DUT to Win2K Properties Properties General Tab IKE Security Algorithms Key Exchange Security Methods Example 3 Windows 2000 Server to VPN Gateway Setting Single Client Server/Gateway Windows 2000 Server Addressing Windows 2000 Server Configuration Using Certificates Adding a Self Certificate Adding a Trusted Certificate Signature Algorithm Hash AlgorithmSignature Key Length To add a New CRL CRLs Upload CRL Upgrade Administra Tion RoutingPC Database Remote PC Database Screen PC Database Data PC Database Screen PC Database Admin Data PC Database Admin ScreenPC Properties Name ∙ Dchp Client Reserved IP Address Select this if the PC Update SeButtons Add as New Entry Remote Administration Data Remote Administration ScreenTo connect from a remote PC via the Internet Routing Using this ScreenOverview Routing Screen Enable RIP Data Routing ScreenStatic Routing Static Routing Table Entries Local Router Configuring Other Routers on your LAN Static Routing Example For Router As Default RouteOther Routers on the Local LAN For VRT-401’s Routing Table Firmware Upgrade For Router Bs Default RouteTo perform the Firmware Upgrade Data Upnp Screen General Problems Internet AccessProblem 1 Cant connect to VRT-401 to configure it 119 FCC Statement VRT-401 FCC Radiation Exposure Statement CE Marking Warning