Page 86 / 132 Scroll up to view Page 81 - 85
Management and Diagnostic Console
81
To create an application profile:
1.
Click the Add a new user-defined application link. The Edit Application page opens.
Figure 36. MDC Firewall Edit Application Page
2.
In the Application Name field, enter a name for the application profile.
3.
In the Protocol field, click the
TCP
or
UDP
radio button. If both protocols are required, you must create a
definition for each.
4.
In the Port (or Range) field, enter the port or port range used by the application.
5.
In the Protocol Timeout (seconds) field, enter the amount of time (in seconds) that the connection in
the specified range should remain open when there is no data transfer. In most cases the default value
is appropriate.
6.
In the Map to Host Port field, enter the value that provides the mapping offset to the local computer. For
example, if this value is set to 4000 and the range being opened is 100 to 108, the forwarded data to
the first value in the range will be sent to 4000. Subsequent ports will be mapped accordingly; 101 will
be sent to 4001, 102 will be sent to 4002, etc.
Page 87 / 132
Management and Diagnostic Console
82
7.
From the Application Type pull-down menu, select the application type: None (Default), File Transfer
Protocol (FTP), Microsoft Games, H.323-based Internet telephony, IRC (Internet relay chat) server, or
PPTP virtual private network server.
8.
Click the
Add Definition
button.
9.
Repeat the previous step for each port or range of ports required for the application profile.
Allowing all applications
DMZplus is used for hosting applications if an application will not operate properly using the “Allow
individual application(s)” option. When in DMZplus mode, the designated computer:
Shares the gateway’s IP address.
Appears as if it is directly connected to the Internet.
Has all of the unassigned TCP and UDP ports opened and pointed to it.
Can receive unsolicited network traffic from the Internet.
To configure a computer on the user’s network for DMZplus mode:
1.
Select the computer to which the user wishes to have all data sent.
2.
Click the
Allow all applications (DMZplus mode)
radio button.
3.
Click
Submit
.
4.
Access the selected computer.
5.
Confirm that the computer is configured for DHCP
. If it is not, configure it for DHCP
.
6.
Restart the computer.
When the computer restarts, it receives a special IP address from the system and all unassigned TCP and
UDP ports are forwarded to it.
Note:
DMZplus can only be configured for one computer on the local network at a time.
Page 88 / 132
Management and Diagnostic Console
83
Firewall - Detailed Information Page
The Firewall - Detailed Information page shows detailed information about the gateway’s firewall.
Figure 37. MDC Firewall Detailed Information Page
Pinholes
A pinhole is a configuration setting in the firewall that allows access to specific services running on the
network. For example, in order for users outside the network to access a specific application (such as a
game), a pinhole must be opened on the gateway firewall to allow requests to the application.
The Pinholes pane shows the number of pinholes that are currently open. There are 192 pinholes available.
NAT Sessions
The NAT Sessions pane shows the number of NAT sessions currently running.
Note:
To access this page, your organization must have the Remote Management feature
enabled. If the feature is not enabled, an error message will display when you click the link to
access this page.
Page 89 / 132
Management and Diagnostic Console
84
Firewall - Advanced Settings Page
The Firewall - Advanced Settings page allows you to configure the gateway’s firewall.
Figure 38. MDC Firewall Advanced Settings Page
Note:
To access this page, your organization must have the Remote Management feature
enabled. If the feature is not enabled, an error message will display when you click the link to
access this page.
Page 90 / 132
Management and Diagnostic Console
85
Enabling Security Features
The Security pane allows you to configure the gateway’s firewall to provide additional security features.
Following are descriptions of the features.
Stealth Mode.
Enabling Stealth Mode suppresses error responses (for example, TCP resets).
Block Ping.
Enabling Block Ping blocks ping responses.
Strict UDP Session Control.
Enabling Strict UDP Session Control prevents another source from
“piggybacking” onto a UDP session.
Controlling Inbound and Outbound Traffic
If an Inbound box is checked, the firewall allows the corresponding protocol to pass through from the
Internet to the network. If an Outbound box is checked, the firewall allows the traffic from the network to
pass through the firewall to the Internet. You must click the
Submit
button for changes to take effect.
Disabling Attack Detection
By default, the 2Wire gateway firewall rules block the attack types listed in the Attack Detection pane. Some
hosted applications require that the user open specific ports (for example, TCP or UDP) to allow outside
users to access their network. The Attack Detection pane allows you to configure the gateway’s firewall
rules to allow traffic through on the specified ports.
To disable attack detection for a specific port, deselect the corresponding checkbox and click the
Submit
button.
Enabling Full Logging
To log all packets, check the
Enable Full Logging
checkbox.
Note:
Allowing inbound traffic does not mean that the firewall automatically allows this type of
traffic to pass through the firewall to the network. Even if a particular protocol/application type
is allowed, the firewall still checks and blocks all unsolicited traffic from the Internet unless the
firewall is configured to allow the traffic through using an application profile.
Note:
When full logging is enabled, the gateway logs every packet. This will significantly
reduce overall system performance because the log buffer capacity will be reached more
quickly.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top