Manuals / SMC Networks / Computer Equipment / Network Router

SMC Networks SMC7904BRB2 manual 4-42, Firewall

Models: SMC7904BRB2

1 126

Download 126 pages 37.06 Kb

Page 80

FIREWALL

CONFIGURING THE BARRICADETM

FIREWALL

The Barricade Router’s firewall inspects packets at the application layer, maintains TCP and UDP session information including time-outs and the number of active sessions, and provides the ability to detect and prevent certain types of network attacks.

Network attacks that deny access to a network device are called Denial-of-Service (DoS) attacks. DoS attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.

The Barricade protects against the following DoS attacks: IP Spoofing, Land Attack, Ping of Death, IP with zero length, Smurf Attack, UDP port loopback, Snork Attack, TCP null scan, and TCP SYN flooding.

(For details see page 4-49.)

The firewall does not significantly affect system performance, so we advise enabling the function to protect your network.

Select Enable and click the SAVE SETTINGS button.

4-42

Image 80

SMC Networks SMC7904BRB2 manual 4-42, Firewall

Contents

Page Page From SMC’s line of award-winning connectivity solutions Router with built-in ADSL2/2+ Modem38 Tesla AugustTrademarks LIMITED WARRANTY LIMITED WARRANTY COMPLIANCES Federal Communication Commission Interference StatementReorient or relocate the receiving antenna Increase the separation between the equipment and receiverEC Conformance Declaration COMPLIANCESSafety Compliance Wichtige Sicherheitshinweise Germany COMPLIANCESCOMPLIANCES TABLE OF CONTENTS InstallationConfiguring Client PC IntroductionConfiguring the BarricadeTM TABLE OF CONTENTSTroubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 viii TABLE OF CONTENTSAbout the Barricade Features and BenefitsCHAPTER INTRODUCTION Applications Wired LANInternet Access Shared IP AddressVirtual Server DMZ Host SupportSecurity Virtual Private Network VPNPoint-to-Point Tunneling Protocol - Provides a secure tunnel for remote client access to a PPTP security gateway. PPTP includes provisions for call origination and flow control required by ISPs CHAPTER INSTALLATION Package ContentsSystem Requirements Hardware DescriptionDescription SMC7904BRA2 contains the following ports on the rear panelFigure 2-1. SMC7904BRA2 Rear Panel Description SMC7904BRB2 contains the following ports on the rear panelFigure 2-2. SMC7904BRB2 Rear Panel LED Indicators SMC7904BRA2 Figure 2-3. SMC7904BRA2 Front PanelStatus DescriptionLED Indicators SMC7904BRB2 Figure 2-4. SMC7904BRB2 Front PanelStatus DescriptionConnect the ADSL Line ISP SettingsConnect the System Attach to Your Network Using Ethernet Cabling Connect the Power AdapterCONNECT THE SYSTEM The connection diagram shows how to connect the BarricadeConnection Illustration 2-10 INSTALLATIONTCP/IP Configuration CHAPTER 3 CONFIGURING CLIENT PCProperties WindowsDial-Up Connections Accessories/ Command Prompt Disable HTTP ProxyObtain IP Settings from Your Barricade CONFIGURING CLIENT PC 4. Close the Command Prompt windowYour computer is now configured to connect to the Barricade Windows XP Obtain IP Settings from Your Barricade Configuring Your Macintosh Computer System PreferencesInternet Explorer CONFIGURING YOUR MACINTOSH COMPUTER 3. Uncheck all check boxes and click OK3-10 CONFIGURING CLIENT PCCHAPTER CONFIGURING THE BARRICADETM Navigating the Management Interface CONFIGURING THE BARRICADETMMaking Configuration Changes NAVIGATING THE MANAGEMENT INTERFACESETUP WIZARD Time ZoneParameter Setting SETUP WIZARDParameter Setting - Country or ISP Not Listed Click NEXT to continue to the “Confirm” settings screen PPPoEParameter DescriptionClick NEXT to continue to the “Confirm” settings screen PPPoAParameter Description1483 Bridging DHCP 4-10 1483 Bridging StaticParameter Description4-11 1483 RoutingParameter Description4-12 BridgingParameter Description4-13 SETUP WIZARD1483 Routing DHCP Parameter4-14 ConfirmParameter Description4-15 If the parameters are correct, click FINISH to save these settingsSETUP WIZARD ParameterConfiguration parameters 4-16There are 13 main menu items located on the left side of the screen Each main menu item is described in the following table4-17 MenuDescription DDNSSYSTEM 4-18Time Settings CONFIGURATION PARAMETERS 4-19Password Settings 4-20 Remote ManagementCONFIGURATION PARAMETERS 4-21The following three items are configurable ATM PVC Clone MAC DNS 4-22 Click on the desired VC to configure the connection parametersVC. Encapsulation specifies how to handle multiple protocols at ATM PVC4-23 ATM Interface1483 Bridging Parameter4-24 terminated. This setting only applies when the Connect TypePPPoA Parameter4-25 1483 RoutingParameter Description4-26 PPPoEParameter Description4-27 IP Over RFC1483 bridgedParameter DescriptionClone MAC Address 4-28CONFIGURING THE BARRICADETM 4-29 CONFIGURATION PARAMETERSDescription 4-30Parameter 4-31 VLANVLAN Profile 4-32Configure the VLAN settings in this screen 4-33 CONFIGURATION PARAMETERS4-34 Address MappingVirtual Server 4-35The more common TCP service ports include 4-36 Special ApplicationNAT Mapping Table 4-37CONFIGURATION PARAMETERS Static Route 4-38ROUTING Description 4-39Parameter 4-40 Poison ReverseParameter Description 4-41Routing Table 4-42 FIREWALL4-43 Access Control4-44 To create a new access control rule2. Define the appropriate settings for client PC services 3. Click OK and then click SAVE SETTINGS to save your settings4-45 MAC FilterURL Blocking 4-46CONFIGURING THE BARRICADETM Schedule Rule 4-47CONFIGURATION PARAMETERS 4-48 2. Define the appropriate settings for a schedule rule3. Click OK and then click SAVE SETTINGS to save your settings CONFIGURING THE BARRICADETM4-49 Intrusion Detection Intrusion Detection Feature4-50 CONFIGURING THE BARRICADETM4-51 Stateful Packet Inspection4-52 DefaultsConnection Policy Parameterthat will cause the software to stop deleting half 4-53DoS Criteria and Port Scan Criteria 4-54 CONFIGURING THE BARRICADETM4-55 CONFIGURATION PARAMETERSSNMP Select the SNMP Operation mode from the drop down menu4-56 Community4-57 unauthorized individuals from accessing information on your systemTrap Parameter4-58 UPNP4-59 4-60 CONFIGURING THE BARRICADETMTraffic Mapping Click Add traffic class to set the parameter detailsTraffic Statistics 4-61CONFIGURATION PARAMETERS ADSL Parameters 4-62ADSL 4-63 ADSL Status4-64 The number of Fast Path Cyclic Redundancy Check errorsParameter Description Interleaved Path FEC Correction4-65 DDNSPing Utility 4-66TOOLS 4-67 Trace Route Utility4-68 Configuration Tools4-69 Firmware Upgrade4-70 Reset4-71 CONFIGURATION PARAMETERSSTATUS Scroll down to view more information on the Status screen4-72 CONFIGURING THE BARRICADETM4-73 The following items are included on the Status screenParameter DescriptionFinding the MAC address of a Network Card 4-74WINDOWS NT4/2000/XP MACINTOSHAPPENDIX A TROUBLESHOOTING Troubleshooting ChartSymptom ActionTroubleshooting Chart SymptomTROUBLESHOOTING ActionAction Troubleshooting ChartSymptom TROUBLESHOOTING APPENDIX B CABLES Ethernet CableFigure B-1. RJ-45 Ethernet Connector Pin Numbers RJ-45 Port ConnectionStraight-Through Wiring Pin AssignmentsCrossover Wiring Crossover Cable Pin AssignmentsADSL CABLE ADSL CableFigure B-2. RJ-11 Connector Pin Numbers Figure B-3. RJ-11 Pinouts Signal NameWire Color APPENDIX C SPECIFICATIONS Physical Characteristics PortsADSL Features ATM FeaturesSecurity Features LAN FeaturesWeight 500 g Input Power 12 V 1 A IEEE Standards Safety