Manuals / Brands / Computer Equipment / Network Card / ZyXEL Communications / Computer Equipment / Network Card

ZyXEL Communications 794M Firewall, 6.1 Overview, 6.2 Types of Firewalls, 6.2.1Packet Filtering Firewalls, 6.2.2 Application-levelFirewalls

1 119

Download 119 pages, 5.18 Mb

64

Prestige 794M User’s Guide

CHAPTER 6

Firewall

This chapter gives some background information on firewalls.

6.1 Overview

Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term firewall is a system or group of systems that enforces an access-control policy between two networks. It may also be defined as a mechanism used to protect a trusted network from an untrusted network. Of course, firewalls cannot solve every security problem. A firewall is one of the mechanisms used to establish a network security perimeter in support of a network security policy. It should never be the only mechanism or method employed. For a firewall to guard effectively, you must design and deploy it appropriately. This requires integrating the firewall into a broad information-security policy. In addition, specific policies must be implemented within the firewall itself.

6.2 Types of Firewalls

There are three main types of firewalls:

1Packet Filtering Firewalls

2Application-level Firewalls

3Stateful Inspection Firewalls

6.2.1Packet Filtering Firewalls

Packet filtering firewalls restrict access based on the source/destination computer network address of a packet and the type of application.

6.2.2 Application-level Firewalls

Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data. Application-level gateways have a number of general advantages over the default mode of permitting application traffic directly to internal hosts:

Chapter 6 Firewall

64

Contents

User’s Guide Copyright Disclaimer Trademarks Federal Communications Commission (FCC) Interference Statement Notice Certifications Safety Warnings ZyXEL Limited Warranty Note Safety Warnings Customer Support Page Table of Contents Page Page QoS (Quality of Service) Static Route Page Page List of Figures Page List of Tables Page Preface About This User's Guide Related Documentation User Guide Feedback Syntax Conventions Graphics Icons Key Introduction 1.1 About Your Prestige 1.2 Features Multi-ModeStandard 10/100M Auto-negotiatingEthernet/Fast Ethernet Interface(s) Multiplexing Full Network Management Universal Plug and Play (UPnP) Network Address Translation (NAT) Firewall 1.3 Applications 1.3.1 Internet Access 1.3.2 Firewall for Secure Broadband Internet Access 1.3.3 VPN Application 1.3.4 LAN-to-LANApplication 1.4 Hardware Connection 1.4.1 Front Panel 1.5 Rear Panel The Web Configurator 2.1 Overview 2.2Accessing the Web Configurator 2.3 Resetting the Prestige 2.3.1 Procedure To Use The Reset Button 2.4Navigating the Web Configurator 2.4.1 The Status Screen 2.5System Status 2.6 ARP Table 2.6.1 How ARP Works 2.7 Routing Table 2.7.1 PPTP Status 2.7.2 IPSec Status 2.7.3 L2TP Status 2.7.4 Email Status 2.7.5 Event Log 2.7.6 Error Log 2.7.7 NAT Sessions 2.8 Internet Access Quick Start Setup Page 2.8.1 Auto Scan LAN 3.1 Overview 3.2 LAN TCP/IP 3.2.1 Factory LAN Defaults 3.2.2 IP Address and Subnet Mask 3.3The Ethernet Screen 3.4 Ethernet Client Filter 3.4.1 Ethernet Client Filter Candidates 3.5 Port Setting 3.6 DHCP 3.6.1 IP Pool Setup 3.6.2 DNS Servers 3.6.3DHCP Setup 3.6.3.1 Disable DHCP 3.6.3.2 DHCP Server Setup Page 3.6.4 DHCP Relay Agent DHCP Relay WAN 4.1 Overview 4.1.1 Encapsulation Types 4.1.1.1 RFC 4.1.1.2 PPPoE 4.2 ISP 4.2.1 Edit Settings 4.2.1.1 Advanced PPP Options Page 4.2.2 Change Connection Type 4.3DNS 4.4 SHDSL Parameters Table 25 SHDSL Page System 5.1 Overview 5.2 Time Zone 5.3 Remote Access 5.4 Firmware Upgrade 5.5Backup/Restore 5.6 Restart Router 5.7 User Management 5.7.1 Create a New User Account Page Firewall 6.1 Overview 6.2 Types of Firewalls 6.2.1Packet Filtering Firewalls 6.2.2 Application-levelFirewalls 6.2.3Stateful Inspection Firewalls 6.3 General Settings 6.4 Packet Filter Policy Firewall: General Settings 6.4.1 Add a New TCP/UDP Packet Filter 6.4.2 Add a New Raw Packet Filter 6.5 Intrusion Detection Intrusion Detection 6.6 URL Filter 6.6.1 Keywords Filtering 6.6.2 Domain Filtering 6.7 Firewall Log Page VPN 7.1 Overview 7.2 PPTP 7.2.1 PPTP Summary 7.2.2 Creating a PPTP VPN Rule 7.2.2.1 Remote Access Connection Page 7.2.2.2 LAN to LAN Connection Page 7.3 IPSec 7.3.1 AH (Authentication Header) 7.3.2 ESP (Encapsulating Security Payload) 7.3.3 Perfect Forward Secrecy (PFS) 7.3.4 Pre-SharedKey 7.3.5 IPSec VPN Summary 7.3.6 IPSec VPN Configuration Page 7.4 L2TP 7.4.1 Creating a New L2TP Rule 7.4.1.1 Remote Access L2TP Connection Page 7.4.1.2 LAN to LAN L2TP Connection Page Page 7.5 VPN Example 7.5.1 Example: Remote PPTP VPN Dial-inConnection 7.5.2 Example: Remote PPTP VPN Dial-outConnection MUST QoS (Quality of Service) 8.1 Overview 8.1.1 Prioritization Page 8.2 IP Throttling Page 8.3 QoS Example 8.3.1 Example Prioritization with QoS 8.3.2 Rate Limiting with IP Throttling Example 8.4 Time Schedule 8.4.1 Configuring a Time Schedule Page Static Route 9.1 Overview 9.2 Configuration Page Dynamic DNS 10.1 Overview 10.1.1 Configuration Page Check Emails 11.1 Overview 11.2 Configuring Page Device Management 12.1 Overview 12.1.1 Universal Plug and Play (UPnP) 12.1.1.1 How do I know if I'm using UPnP 12.1.1.2 Cautions with UPnP 12.1.2.1SNMPv3 12.1.2.2 SNMP Traps and MIBs 12.2 The Device Management Screen WAN Page 12.3 IGMP Numerics Index