Configuring Firewall Settings | SMC Networks SMC7204BRA manual

Configuring Firewall Settings

2.Configure any of the following settings that figure in the [Firewall Global Information] table:

Field	Description

Blacklist Status:	If you want the device to maintain and use a black list,
	click [Enable]. Click [Disable] if you do not want to maintain
	a list.

Blacklist Period(min):	This field specifies the number of minutes that a
	computer'sIP address will remain on the black list (i.e., all
	traffic originating from that computer will be blocked from
	passing through any interface on the ADSL Barricade).
	For more information, see Managing the Black List on
	page 134.

Attack Protection:	Click the [Enable] radio button to use the built-in firewall
	protections that prevent the following common types of
	attacks.
	IP Spoofing: Sending packets over the WAN interface
	using an internal LAN IP address as the source address.
	Tear Drop: Sending packets that contain overlapping
	fragments.
	Smurf and Fraggle: Sending packets that use the WAN or
	LAN IP broadcast address as the source address.
	Land Attack: Sending packets that use the same address
	as the source and destination address.
	Ping of Death: Illegal IP packet length.

Dos Protection:	Click the [Enable] radio button to use the following denial
	of service protections: SYN DoS, ICMP DoS, Per-host
	DoS protection.

Max Half open TCP	This field sets the percentage of concurrent IP sessions
Conn.:	that can be in the half-open state. In ordinary TCP
	communication, packets are in the half-open state only
	briefly as a connection is being initiated; the state
	changes to active when packets are being exchanged, or
	closed when the exchange is complete. TCP connections
	in the half-open state can use up the available IP
	sessions. If the percentage is exceeded, then the half-open
	sessions will be closed and replaced with new sessions
	as they are initiated.

132

Image 130

SMC Networks SMC7204BRA manual Configuring Firewall Settings

Contents

Page February Table of Contents Configuring Dynamic Host Configuration Protocol Getting Started with the Configuration ManagerConfiguring the LAN Ports Configuring Network Address Translation Configuring the Routing Information Protocol Configuring DNS Server AddressesConfiguring IP Routes Configuring the ATM Virtual Circuit Configuring IPoA Interfaces Configuring PPP InterfacesConfiguring EOA Interfaces Configuring Bridging Appendix a Viewing DSL Line Information Administrative TasksAppendix B Features Introduction Introduction Using this DocumentSystem Requirements Notational conventions Typographical conventions Using this DocumentSpecial messages Package Contents Getting to Know Adsl Barricade Front Panel Hardware DescriptionGetting to Know the Adsl Barricade Rear Panel Connecting the Hardware Quick Start Quick Start Connect the Adsl cable Power up your systems Configuring Your ComputersAttach the power connector Connect the Ethernet cable Windows XP Windows Windows Me Windows 95 Quick Start Windows NT Assigning static Internet Information to your PCs Configuring the Adsl Barricade Configuring the Adsl BarricadeLogging into the Adsl Barricade Quick Configuration With your ISP Path that your connection uses to communicate with your ISP You have used to log in to Configuration Manager Configuration of your devicePassword Bridge Default Router Settings Addresses Description of the NAT service Internet. See ConfiguringLAN Ports on page 33 for a Getting Started with the Configuration Manager Accessing the Configuration Manager Getting Started with the Configuration Manager Login Screen Commonly used buttons Functional LayoutFunctional Layout Browser window. Help is available from any main topic Home Page and System View Table System View Table Home Page and System View Table Modifying Basic System Information Time Zone Modifying Basic System InformationDaylight Committing Changes and Rebooting Committing your changes Committing Changes and Rebooting Rebooting the device using Configuration Manager Just committed Reboot from LastConfiguration Session Connecting via Ethernet ConfiguringConfiguring the LAN Port IP Address Configuring the LAN Ports LAN Configuration Configuring the LAN Port IP Address Configuring the LAN Ports Configuring the LAN Port IP Address Viewing System IP Addresses and IP Performance Statistics Viewing the Adsl Barricades IP Addresses Viewing System IP Addresses and IP Performance Statistics Viewing IP Performance Statistics Viewing IP Performance Statistics What is DHCP? Configuring Dynamic Host Configuration ProtocolOverview of Dhcp Why use DHCP? Configuring Dynamic Host Configuration ProtocolAdsl Barricade Dhcp modes Configuring Dhcp Server Configuring Dhcp ServerGuidelines for creating Dhcp server address pools Configuring Dynamic Host Configuration Protocol Adding Dhcp Server Address Pools For distribution to your LAN computers Start IP AddressEnd IP Address Mac Address Addresses in this pool. This is used for reference only As explained onDomain Name Gateway Viewing, modifying, and deleting address pools Dhcp Server Pool Modify Excluding IP addresses from a pool Viewing current Dhcp address assignments These terms Configuring Dhcp RelayNetmask Mac Configuring Dhcp Relay Dynamic Host Configuration Protocol Dhcp Relay Configuration Setting the Dhcp Mode Dynamic Host Configuration Protocol Dhcp Setting the Dhcp Mode Configuring Network Address Translation Overview of NAT Configuring Network Address Translation Viewing NAT Global Settings and Statistics Viewing NAT Global Settings and Statistics Time specified in TCP Idle Timeout TCP Def TimeoutActive state, where the connection is being used to When in the establishing state, the session will timeout NAT Rule Global Statistics Network Address Translation NAT Rule Configuration Viewing NAT Rules and Rule Statistics Viewing Current NAT Translations Viewing Current NAT Translations Protocol Is enabledWas invoked from the rule definition TCP, UDP, Icmp Translated Out PortsPorts Number was translated Adding NAT Rules Adding NAT Rules NAT Rule-Add Page Napt Flavor RDR rule Allowing external access to a LAN computer NAT Rule Add Page RDR Flavor Configuring Network Address Translation Adding NAT Rules Basic rule Performing 11 translations NAT Rule Add Page Basic Flavor Adding NAT Rules NAT Rule Add Page Filter Flavor Adding NAT Rules Bimap rule Performing two-way translations NAT Rule Add Page Bimap Flavor NAT Rule Add Page Pass Flavor Adding NAT Rules About DNS Configuring DNS Server AddressesAssigning DNS Addresses Configuring DNS Relay Configuring DNS Server Addresses Configuring DNS Relay Domain Name Service DNS Configuration IP routing versus telephone switching Configuring IP RoutesOverview of IP Routes Configuring IP Routes Hops and gateways Overview of IP Routes Using IP routes to define default gatewaysDo I need to define IP routes? Viewing the IP Routing Table IP Route Table Viewing the IP Routing Table Adding IP Routes IP Route-Add Adding IP Routes Configuring the Routing Information Protocol RIP Overview Configuring the Routing Information Protocol Configuring the Adsl Barricades Interfaces with RIPWhen should you configure RIP? Configuring the Adsl Barricades Interfaces with RIP Routing Information Protocol RIP Configuration Configuring the Routing Information Protocol Configuring the Adsl Barricades Interfaces with RIP Viewing RIP Statistics RIP Global Statistics Configuring the ATM Virtual Circuit Viewing Your ATM VC Use an aal5-type interface Configuring the ATM Virtual CircuitSoftware and identify the type of traffic that can be Vpi Adding ATM VCs Adding ATM VCs Modifying ATM VCs Modifying ATM VCs ATM VC Interface Modify Configuring PPP Interfaces Inactivity TimeOut mins Viewing Your Current PPP ConfigurationConfiguring PPP Interfaces Ignore WAN to LAN traffic while monitoring inactivity Viewing Your Current PPP Configuration Under way e.g., password authorization or Disable, LAN hosts will use the DNS addressPreconfigured in the Dhcp pool see Configuring Device will acquire IP addresses for other Viewing PPP Interface Details Viewing PPP Interface Details Service Name EnabledRebooted Each requiring a different login and other On the user name and/or password provided By changing the Configuration Manager settingsWith the timeout period specified on the PPP ISP issued a special packet type to terminate Adding a PPP Interface Definition PPP Interface Add Modifying and Deleting PPP Interfaces Modifying and Deleting PPP Interfaces 114 Configuring EOA Interfaces Overview of EOA Viewing Your EOA Setup Configuring EOA Interfaces Viewing Your EOA Setup Problem with the DSL connection Default RouteEnable or disable the interface a red ball may indicate a Adding EOA Interfaces Adding EOA Interfaces EOA Interface Add 120 Configuring Ipoa Interfaces Viewing Your IPoA Interface Setup Configuring IPoA Interfaces Adding IPoA Interfaces Enable or disable the interface a down interface mayIndicate a problem with the DSL connection Adding IPoA Interfaces 124 Configuring Bridging Overview of Bridges Configuring Bridging When to Use the Bridging Feature When to Use the Bridging FeatureDefining Bridge Interfaces 128 Deleting a Bridge Interface Deleting a Bridge Interface Configuring Firewall Settings Configuring Global Firewall Settings Configuring Firewall Settings Configuring Global Firewall Settings ID assigned to the rule Managing the Black ListIts automatic timed expiration Configuring IP Filters and Blocked Protocols Configuring IP Filters Configuring IP Filters and Blocked Protocols Viewing Your IP Filter Configuration Configuring IP Filters Configuring IP Filter Global Settings Creating IP Filter Rules Incoming refers to packets coming from the LAN External computers from accessing your LANThat are incoming or outgoing on the selected interface Outgoing refers to packets going to the Internet Choosing the appropriate interface for various rule types Option is valid only for the outgoing direction Low, then the rule will be inactive Log Option to Enable if you configure a Log TagSecurity Blacklist Lt any source IP address that is numerically less than Rule to be invoked on packets containingAny any source IP address Specified address An ongoing communication, etc. This option provides Unwelcome attempt to gain access to a networkStore State Received in the anticipated state. Such packets can signify That have options specified in their packet headers IP filter rule examples Example 146 Viewing IP Filter Statistics Managing Current IP Filter Sessions IP Filter Rule Statistics Filter rule, are assigned a session index Blocked ProtocolsBlocked Protocols Time to expire 150 Your ISP before blocking this protocol Address Resolution Protocol. Computers on a LAN use ARP toComputers when they only know their IP addresses Is often used for handling e-mail, mailing lists Large networks Viewing DSL Line Information DSL Status Viewing DSL Line Information DSL Parameter 155 156 Configuring User Names and Passwords Administrative TasksChanging Login Passwords Administrative Tasks User Configuration Viewing System Alarms Viewing System AlarmsViewing the Alarm Table Image Upgrade Upgrading the Software Using Diagnostics Using DiagnosticsFile 162 Modifying Port Settings Modifying Port SettingsOverview of IP port numbers Modifying the Adsl Barricade’s port numbers 165 IP Addresses Appendix aStructure of an IP address Appendix a Network ID Host ID Network classes Network classes Subnet masks Subnet masks Binary Numbers Appendix BDefinition binary numbers Bits and bytes Appendix BDefinition bit and byte Troubleshooting Troubleshooting Internet Access My PC cannot access Internet My LAN PCs cannot display web pages on the Internet My changes to Configuration Manager are not being retained Diagnosing Problem using IP Utilities 179 180 Technical Specifications Technical Specifications Chap Operating System Support Power DissipationEnvironmental Operating Range Dimensions Power InputWeight Safety Terminology AuthenticateAnalog Terminology Digital Ethernet Domain nameDownload Filtering Hop FirewallGbps Hop count Internet HostIn-line filter Intranet 191 Microfilter MaskMbps NAT rule Packet Network maskPort Protocol Pots splitterRemote Splitter RoutingRule Splitterless Subnet Subnet mask Twisted pair TelnetUpstream Web browser Web Web site FCC Class B CompliancesFCC Part Compliances EC Conformance Declaration Class B Safety Compliance Wichtige Sicherheitshinweise Germany Compliances SMCs Limited Warranty Statement Legal Information Contacts Legal Information and Contacts Limitation of Liability Is subject to change without notice