Manuals / SMC Networks / Computer Equipment / Network Router

SMC Networks SMC7404BRA EU manual 4-42, Enable SPI and, Anti-DoS firewall, protection

Models: SMC7404BRA EU

1 130

Download 130 pages 9.51 Kb

Page 67

CONFIGURING THE BARRICADE

The Barricade’s firewall inspects packets at the application layer, maintains TCP and UDP session information including timeouts and number of active sessions, and provides the ability to detect and prevent certain types of network attacks such as DoS attacks.

Network attacks that deny access to a network device are called Denial-of-Service (DoS) attacks. Denial of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.

The Barricade protects against the following DoS attacks: Ping of Death (Ping flood) attack, SYN flood attack, IP fragment attack (Teardrop Attack), Brute-force attack, Land Attack, IP Spoofing attack, IP with zero length, TCP null scan (Port Scan Attack), UDP port loopback, Snork Attack etc.

Note: The firewall does not significantly affect system performance, so we advise enabling the prevention features to protect your network.

Parameter	Defaults	Description
Enable SPI and	Yes	The Intrusion Detection feature of the Barricade
Anti-DoS firewall		limits the access of the incoming traffic at the
protection		WAN port. When the SPI feature is turned on,
		all incoming packets are blocked except those
		types marked with a check in the Stateful Packet
		Inspection section at the top of the screen.

4-42

Image 67

SMC Networks SMC7404BRA EU manual 4-42, Enable SPI and, Anti-DoS firewall, limits the access of the incoming traffic at the

Contents

User Guide Broadband Router with built-in ADSL ModemPage Broadband Router with built-in ADSL Modem From SMC’s line of award-winning connectivity solutions DecemberPart No 750.9701, UK Pub No 150000035400A FCC - Class B COMPLIANCESFCC - Part Australia AS/NZS 3548 1995 - Class B Industry Canada - Class BCOMPLIANCES COMPLIANCES EC Conformance Declaration - Class BCOMPLIANCES 4 Configuring the Barricade TABLE OF CONTENTS2 Installation 3 Configuring Client PCsTABLE OF CONTENTS 5 Configuring Client TCP/IP6 Configuring Printer Services TABLE OF CONTENTS CHAPTER INTRODUCTION Features and BenefitsAbout the Barricade VPN pass-through IPSec-ESP Tunnel mode, L2TP, PPTP Shared IP Address ApplicationsWired LAN Internet AccessSecurity DMZ Host SupportVirtual Private Network VPN Package Contents CHAPTER INSTALLATIONSystem Requirements Description Hardware DescriptionStatus LEDsVerify Status ConditionConnect the System Connect the ADSL Line Phone Line ConfigurationInstalling a Full-rate Connection Figure 2-1. Installing With a SplitterFigure 2-2. Installing Without a Splitter Installing a Splitterless ConnectionAttach to Your Network Using Ethernet Cabling Connect the Power Adapter CHAPTER 3 CONFIGURING CLIENT PCS TCP/IP ConfigurationCONFIGURING CLIENT PCS CHAPTER CONFIGURING THE BARRICADE Making Configuration Changes Navigating the Web Browser InterfaceTime Zone Setup WizardInternet Sharing CONFIGURING THE BARRICADEParameter Parameter SettingDescription Description CONFIGURING THE BARRICADEFinish ParameterParameter PPPoE & PPPoADescription Parameter FinishDescription Description network, it will forward the packets to the DefaultSETUP WIZARD ParameterDescription Multiple Protocol over ATM Mode4-10 ParameterDescription Finish4-11 ParameterParameter 4-12Description 4-13 Advanced SetupADVANCED SETUP Navigating the Web Browser InterfaceDescription The following table briefly describes the “Advanced Setup” menu items4-14 MenuMAKING CONFIGURATION CHANGES Making Configuration Changes4-15 CONFIGURING THE BARRICADE System Settings4-16 SYSTEM SETTINGS Password Settings4-17 4-18 Remote Management4-19 SYSTEM SETTINGSDescription PPPoE PPP over Ethernet4-20 Parameteridentifies the data channel within that virtual path 4-21Parameter DescriptionDescription then it is automatically forwarded to the default router i.e4-22 ParameterParameter 4-23Description Parameter 4-24Description Parameter 4-25Description 4-26 CONFIGURING THE BARRICADE4-27 Address MappingVirtual Server CONFIGURING THE BARRICADE4-28 4-29 The more common TCP service ports includeStatic Route Routing System4-30 Parameter 4-31Description 4-32 Authentication Required4-33 Routing TableParameter Description 4-34 Firewall4-35 Access ControlFIREWALL 4-36 The following items are on the “Access Control” screen4-37 Access Control Add PCFIREWALL URL Blocking CONFIGURING THE BARRICADE4-38 1. Click “Add Schedule Rule.” You may filter Internet access for local clients based on rulesSchedule Rule 4-39CONFIGURING THE BARRICADE 3. Click “OK” and then click “APPLY” to save your settings4-40 4-41 Intrusion DetectionFIREWALL The Intrusion Detection feature of the Barricade Enable SPI andlimits the access of the incoming traffic at the WAN port. When the SPI feature is turned onDescription Defaults4-43 ParameterParameter Defaultsstate structure remains active. When the timeout 4-44Maximum number of allowed incomplete TCP Parameter Defaults Description4-45 The length of time for which an H.323 session4-46 CONFIGURING THE BARRICADE4-47 SNMPSNMP CommunityParameter A community string password specified for trapTrap 4-48Parameter ADSLADSL 4-49Status CONFIGURING THE BARRICADE4-50 Parameter Maximum fluctuation in the output powerADSL 4-51Parameter 4-52Description Configuration Tools Tools4-53 CONFIGURING THE BARRICADE Firmware Upgrade4-54 4-55 Reset4-56 StatusDescription 4-57The following items are included on this screen Parameter4-58 CONFIGURING THE BARRICADECHAPTER 5 CONFIGURING CLIENT TCP/IP Windows 95/98/Me2. In “Control Panel” double-click the “Network” icon WINDOWS 95/98/ME TCP/IP Configuration SettingInternet Explorer Disable HTTP ProxyWINDOWS 95/98/ME Obtain IP Settings from Your ADSL RouterNetscape Windows NT WINDOWS NT 11. Windows may copy some WINDOWS NT You need to verify that the “HTTP Proxy” feature of your Web browser is disabled. This is so that your browser can view the Barricade’s HTML configuration pages. Determine which browser you use and refer to “Internet Explorer” on page 5-4 or “Netscape” on page5-10 4. Type “EXIT” and press ENTER to close the “Command Prompt” windowYour computer is now configured to connect to the Barricade CONFIGURING CLIENT TCP/IPWINDOWS Windows5-11 3. The connection status screen will open. Click “Properties.”4. Double-click “Internet Protocol TCP/IP.” 5-12Obtain IP Settings from Your Barricade Disable HTTP Proxy5-13 5-14 4. Type “EXIT” and press ENTER to close the “Command Prompt” windowYour computer is now configured to connect to the Barricade CONFIGURING CLIENT TCP/IP2. In “Control Panel” click “Network and Internet Connections.” Windows XP5-15 1. Click “start/Control Panel.”5. Double-click “Internet Protocol TCP/IP.” 5-16WINDOWS XP Disable HTTP ProxyObtain IP Settings from Your Barricade 5-175-18 Type “EXIT” and press ENTER to close the “Command Prompt” windowYour computer is now configured to connect to the Barricade CONFIGURING CLIENT TCP/IPCONFIGURING YOUR MACINTOSH COMPUTER Configuring Your Macintosh Computer5-19 5-20 3. If “Using DHCP Server” is already selected in the “Configure” field, your computer is already configured for DHCP. Close the TCP/IP dialog box, and skip to “Disable HTTP Proxy” on page 5-21.”5-21 Disable HTTP ProxyInternet Explorer 3. Select “Direct Connection to the Internet” and click “OK.” 5-225-23 Obtain IP Settings from Your Barricade5-24 CONFIGURING CLIENT TCP/IPInstall the Printer Port Monitor CHAPTER CONFIGURING PRINTER SERVICESSkip this section if you are using Unix INSTALL THE PRINTER PORT MONITOR CONFIGURING PRINTER SERVICES Configure the Network Printer in Windows 95/98/Me/2000 Configure the Print Server4. Select the monitored port. The default port name is “SMC100.” Click the “Configure Port” button CONFIGURE THE PRINT SERVER Configure the Network Printer in Windows NT2. Follow the prompts to add a local printer to your system Configure the Network Printer in Unix Systems CONFIGURE THE PRINT SERVER APPENDIX A TROUBLESHOOTING Page Page TROUBLESHOOTING Ethernet Cable APPENDIX B CABLESPin Assignments RJ-45 Port Ethernet ConnectionCrossover Wiring Straight-Through WiringADSL Cable Connection Figure B-3. RJ-11 Pinouts Signal NameNot used Not usedCABLES APPENDIX C SPECIFICATIONS Page SMCs Limited Warranty Statement LIMITED WARRANTYLIMITED WARRANTY Contact SMC LIMITED WARRANTYFull Installation Manual Firmware and Drivers