Firewall Tab

41

•

In the Applications panel, click the

Edit or delete user-defined application

link. The Select a Hosted

Application page opens.

Figure 19. Select a Hosted Application Page

1.

In the User-Defined Application Profiles panel, highlight the application you wish to edit or delete.

f.

To edit the application profile, click

EDIT

. The Edit Application screen appears. Make the necessary

changes to the application profile and click

DONE

.

g.

To delete the application profile, click

DELETE

.

Allowing all Applications (DMZplus)

DMZplus is a special firewall mode that is used for hosting applications if you cannot get an application to

work properly using the “Allow individual application(s)” option. When in DMZplus mode, the designated

computer:

•

Shares your gateway’s IP address (Router Address).

•

Appears as if it is directly connected to the Internet.

•

Has all of the unassigned TCP and UDP ports opened and pointed to it.

•

Can receive unsolicited network traffic from the Internet.

Although the computer in DMZplus mode appears to Internet users as though it is directly connected to the

Internet, it is still protected by your system firewall. All traffic is inspected by the firewall’s Stateful Packet

Inspection engine and all known hacker attacks continue to be blocked.

Because all filtered traffic is forwarded to the designated computer, you should use DMZplus mode with

caution. A computer in DMZplus mode is less secure because all available ports are open and all incoming

Internet traffic is directed to this computer.

Firewall Tab

42

To configure DMZplus:

•

Open a Web browser and access the 2Wire gateway user interface by entering

•

Click the

Firewall

tab.

•

Click the Firewall Settings

link under the tab to open the Edit Firewall Settings page.

Figure 20. Edit Firewall Settings Page

1.

From the

Select a computer

pull-down menu, select the computer to which you would like to have all data

sent.

2.

Click

Allow all applications (DMZplus mode)

.

3.

Click

DONE

.

Note:

DMZplus can only be configured for one computer on your home network at a time.

Firewall Tab

43

4.

Access the computer that you selected in step 1.

5.

Confirm that the computer is configured for DHCP

. If it is not, configure it for DHCP

.

6.

Restart the computer. When the computer restarts, it receives a special IP address from the system

and all unassigned TCP and UDP ports are forwarded to it.

To stop DMZplus:

1.

From the

Select a computer

pull-down menu, select the computer for which you would like to disable

DMZplus.

2.

In the Edit firewall settings for this computer pane, click

Maximum protection

.

3.

Click

DONE

.

4.

Access the computer that you selected in step 1. If the computer will continue to automatically obtain

an IP address, proceed to step 5. If the computer will have a static IP address, configure it with a valid

static IP address.

5.

Restart the computer.

Viewing the Firewall Log

The 2Wire gateway keeps a log of all firewall-related events that occur. Each log entry contains the date and

time the event occurred, the severity level of the event, and details about the event.

To view the log:

•

Open a Web browser and access the 2Wire gateway user interface by entering

•

Click the

Firewall

tab.

Firewall Tab

44

•

Click the Firewall Log

link under the tab to open the View Firewall Log page.

Figure 21. View Firewall Log Page

The following table provides additional information about the log entries.

Click

CLEAR LOG

to clear the log.

Severity

•

Info. Informational only—the event does not imply a

threat to network security.

•

Low. Occurs when the firewall detects a low-level threat

to the network, such as an invalid IP header or invalid

packet length.

•

Medium. Occurs when a medium-level threat is detected,

such as an invalid IP fragment offset.

•

High. Occurs when an attack is launched against the

network (for example, a SYN Flood).

Details

Includes the following information:

•

The IP address from which the packet originated.

•

The destination IP address of the packet.

•

The action that was taken.

Firewall Tab

45

Configuring the Firewall (Advanced)

The Edit Advanced Firewall Settings page allows you to configure advanced features on your firewall.

Figure 22. Edit Advanced Firewall Settings Page

Enabling Advanced Security

Your 2Wire gateway firewall already provides a high level of security. You can configure the firewall to provide

advanced security features, including stealth mode, strict UDP

, or block pings.

Note:

These features should be used only if you are thoroughly familiar with firewalls and

networking.