Page 56 / 138 Scroll up to view Page 51 - 55
Firewall Tab
51
Allowing Inbound and Outbound Traffic
The Inbound and Outbound Control pane displays some common protocol types. When one of the Inbound
protocol boxes is checked, the firewall allows the corresponding protocol to pass through from the Internet
to the network. If one of the Outbound protocol boxes is checked, the firewall allows the traffic from the
network to pass through the firewall to the Internet.
To block an Inbound or Outbound protocol:
Open a Web browser and access the 2Wire gateway user
interface by entering http://gateway.2Wire.net.
Click the
Firewall
tab.
Click the Advanced Settings
link under the tab to open the
Edit Advanced Firewall Settings page.
1.
In the Inbound and Outbound Control pane, deselect the
checkbox of the protocol you wish to block.
2.
Click
SAVE
.
Disabling Attack Detection
By default, the 2Wire gateway firewall rules block the attack
types listed in the Attack Detection pane. There are some
applications and devices that require the use of specific data
ports through the firewall. The gateway allows users to open the necessary ports through the firewall using
the Firewall Settings page. If the user requires that a computer have all incoming traffic available to it, this
computer can be set to the DMZplus mode. While in DMZplus mode, the computer is still protected against
numerous broadband attacks (for example, SYN Flood or Invalid TCP flag attacks).
I
n rare cases, the incoming traffic may be inadvertently blocked by the firewall (for example, when
integrating with external third-party firewalls or VPN servers). You may need to disable one or more of the
attack detection capabilities for any device placed in the DMZplus. In this case, the third-party server
provides the attack protection normally provided by the gateway.
Note:
If you configure the firewall to block an Inbound protocol, you may disable support for
hosted applications that require that type of protocol.
Page 57 / 138
Firewall Tab
52
The following table lists the attacks for which the gateway firewall filters continuously check.
To disable attack detection for a specific port:
Open a Web browser and access the 2Wire gateway user interface by entering
Click the
Firewall
tab.
Attack
Description and Action Taken
Excessive Session Detection
When enabled, the firewall will detect applications on the
local network that are creating excessive sessions out to
the Internet. This activity is likely due to a virus or “worm”
infected computer (for example, Blaster Worm). When the
event is detected, the gateway displays a HURL warning
page.
TCP/UDP Port Scan
A port scan is a series of messages sent by someone
attempting to break into a computer to learn which
computer network services, each associated with a well-
known port number (such as UDP and TCP), the computer
provides. When enabled, the firewall detects UDP and TCP
port scans, and drops the packet.
Invalid Source/Destination IP
address
When enabled, the firewall will verify IP addresses by
checking for the following:
IP source address is broadcast or multicast — drop
packet.
TCP destination IP address is not unicast — drop packet.
IP source and destination address are the same — drop
packet.
Invalid IP source received from private/home network —
drop packet.
Packet Flood (SYN/UDP/ICMP/
Other)
When enabled, the firewall will check for SYN, UDP
, ICMP
,
and other types of packet floods on the local and Internet
facing interfaces and stop the flood.
Invalid TCP Flag Attacks (NULL/
XMAS/Other)
When enabled, the firewall will scan inbound and
outbound packets for invalid TCP Flag settings, and drop
the packet to prevent SYN/FIN, NULL, and XMAS attacks.
Invalid ICMP Detection
The firewall checks for invalid ICMP/code types, and drops
the packet.
Miscellaneous
The firewall checks for the following:
Unknown IP protocol — drop packet.
Port 0 attack detected — drop packet.
TCP SYN packet — drop packet.
Not a start session packet — drop packet.
ICMP destination unreachable — terminate session.
Page 58 / 138
Firewall Tab
53
Click the Advanced Settings
link under the tab to open the Edit Advanced Firewall Settings page.
Figure 23. Edit Advanced Firewall Settings Page
1.
In the Attack Detection panel, deselect the appropriate checkbox.
2.
Click
SAVE
.
Page 59 / 138
54
Management and Diagnostic Console
This chapter describes the 2Wire gateway Management and Diagnostic Console (MDC). The Management
and Diagnostic Console provides information about the status of the 2Wire gateway, its broadband network
connections, attached home networking devices, system and security information, and a running log of any
error conditions.
You can use the tools provided to:
View configuration and service provisioning information.
View operation logs.
Perform diagnostic tests.
Configure the gateway.
The following sections describe how to access the Management and Diagnostic Console, use the
diagnostic and configuration tools, and modify settings.
Accessing the MDC
To access the MDC from your in-home or office network, enter the following URL:
Using the MDC
After you access the Management and Diagnostic Console, a navigation bar allows you to quickly select
pages on the site. The navigation bar consists of the following links:
Note:
The MDC pages available are dependent on the 2Wire gateway software release. The
MDC pages shown in this chapter are for 2Wire gateways running software release 4.21.x. If
your gateway is running a software release earlier than 4.21.x, some of these pages may not
be available.
Group
Link
Summary
System Summary
Broadband Link
Summary
Statistics
Detailed Statistics
Configure
Local Network
Status
Statistics
Page 60 / 138
Management and Diagnostic Console
55
Local Network
Device List
Wireless
Configure
Firewall
Settings
Detailed Information
Advanced Settings
Voice
Summary
Configure Server
Configure Line Association
Troubleshooting
DSL Diagnostics
Event Log
Network Tests
Upgrade History
Resets
Advanced
Syslog Settings
Provisioning Info
Configure Time Services
Configure Services
Static Routes
DNS Resolve
Traffic Shaping
Link Manager
Detailed Log
Note:
The link groups that display are dependent on the 2Wire gateway model. For example,
DSL Diagnostics will display only if a user has a gateway that connects to the Internet via DSL.
Group
Link

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top