Page 46 / 138 Scroll up to view Page 41 - 45
Firewall Tab
41
1.
In the
Application Name
field, enter a name for the application profile. You can enter any name you like,
although it’s recommended that you use the name of the application (for example, Redwing Game
Server).
2.
In the Definition panel, create a definition for your application.
A definition consists of a series of protocol-specific ports that are to be allowed through the firewall.
This information should be contained in the documentation provided by the company that produces the
application.
a.
In the
Protocol
field, select the
TCP
or
UDP
radio button. If the application you are adding requires
both, you must create a separate definition for each.
b.
In the
Port (or Range)
field, enter the port or port range the application uses.
For example, some applications may require only one port to be opened (such as TCP port 500);
others may require that all TCP ports from 600 to 1000 be opened.
c.
In the
Protocol Timeout (seconds)
field, you may optionally enter a value for the amount of time that
can pass before the application “times out.” You can also leave the field blank, in which case the
system uses the default values (86,400 seconds for the TCP protocol; 600 seconds for the UDP
protocol).
d.
In the
Map to Host Port
field, enter a value that will map the port range you established in step b to
the local computer. For example, if you set the value to 4000 and the range being opened is 100 to
108, the forwarded data to the first value in the range will be sent to 4000. Subsequent ports will
be mapped accordingly; 101 will be sent to 4001, 102 will be sent to 4002, etc.
e.
From the
Application Type
drop-down menu, select the application type. If you do not know the
application type, select None (Default).
3.
Click
ADD DEFINTION
to add the values to the profile definition list.
4.
Click
DONE
.
Repeat these steps for each port or range of ports required for the application profile.
To edit or delete an application profile:
Open a Web browser and access the 2Wire gateway user interface by entering
Click the
Firewall
tab.
Click the Firewall Settings
link under the tab to open the Edit Firewall Settings page.
Page 47 / 138
Firewall Tab
42
In the Applications panel, click the
Edit or delete user-defined application
link. The Select a Hosted
Application page opens.
Figure 19. Select a Hosted Application Page
1.
In the User-Defined Application Profiles panel, highlight the application you wish to edit or delete.
f.
To edit the application profile, click
EDIT
. The Edit Application screen appears. Make the necessary
changes to the application profile and click
DONE
.
g.
To delete the application profile, click
DELETE
.
Allowing all Applications (DMZplus)
DMZplus is a special firewall mode that is used for hosting applications if you cannot get an application to
work properly using the “Allow individual application(s)” option. When in DMZplus mode, the designated
computer:
Shares your gateway’s IP address (Router Address).
Appears as if it is directly connected to the Internet.
Has all of the unassigned TCP and UDP ports opened and pointed to it.
Can receive unsolicited network traffic from the Internet.
Although the computer in DMZplus mode appears to Internet users as though it is directly connected to the
Internet, it is still protected by your system firewall. All traffic is inspected by the firewall’s Stateful Packet
Inspection engine and all known hacker attacks continue to be blocked.
Page 48 / 138
Firewall Tab
43
Because all filtered traffic is forwarded to the designated computer, you should use DMZplus mode with
caution. A computer in DMZplus mode is less secure because all available ports are open and all incoming
Internet traffic is directed to this computer.
To configure DMZplus:
Open a Web browser and access the 2Wire gateway user interface by entering
Click the
Firewall
tab.
Click the Firewall Settings
link under the tab to open the Edit Firewall Settings page.
Figure 20. Edit Firewall Settings Page
1.
From the
Select a computer
pull-down menu, select the computer to which you would like to have all data
sent.
2.
Click
Allow all applications (DMZplus mode)
.
Page 49 / 138
Firewall Tab
44
3.
Click
DONE
.
4.
Access the computer that you selected in step 1.
5.
Confirm that the computer is configured for DHCP
. If it is not, configure it for DHCP
.
6.
Restart the computer. When the computer restarts, it receives a special IP address from the system
and all unassigned TCP and UDP ports are forwarded to it.
To stop DMZplus:
1.
From the
Select a computer
pull-down menu, select the computer for which you would like to disable
DMZplus.
2.
In the Edit firewall settings for this computer pane, click
Maximum protection
.
3.
Click
DONE
.
4.
Access the computer that you selected in step 1. If the computer will continue to automatically obtain
an IP address, proceed to step 5. If the computer will have a static IP address, configure it with a valid
static IP address.
5.
Restart the computer.
Viewing the Firewall Log
The 2Wire gateway keeps a log of all firewall-related events that occur. Each log entry contains the date and
time the event occurred, the severity level of the event, and details about the event.
To view the log:
Open a Web browser and access the 2Wire gateway user interface by entering
Click the
Firewall
tab.
Page 50 / 138
Firewall Tab
45
Click the Firewall Log
link under the tab to open the View Firewall Log page.
Figure 21. View Firewall Log Page
The following table provides additional information about the log entries.
Click
CLEAR LOG
to clear the log.
Severity
Info. Informational only—the event does not imply a
threat to network security.
Low. Occurs when the firewall detects a low-level threat
to the network, such as an invalid IP header or invalid
packet length.
Medium. Occurs when a medium-level threat is detected,
such as an invalid IP fragment offset.
High. Occurs when an attack is launched against the
network (for example, a SYN Flood).
Details
Includes the following information:
The IP address from which the packet originated.
The destination IP address of the packet.
The action that was taken.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top