Page 31 / 82 Scroll up to view Page 26 - 30
Gateway User Interface
29
Configuring Advanced Firewall Settings
The Edit Advanced Firewall Settings page allows you to configure advanced features on your firewall.
Enabling Advanced Security
The 2Wire gateway firewall already provides a high level of security. You can configure the firewall to provide
advanced security features, including stealth mode, strict UDP
, or block pings.
Stealth Mode. When in stealth mode, the 2Wire gateway firewall does not return information in
response to network queries; that is, it will appear to hackers who are trying to access your network
that your network does not exist. This discourages hackers from further attempts at accessing your
network, because to them it will appear as though there is no active network to access.
Block Ping. Ping is a basic Internet program that, when used without malicious intent, allows a user to
verify that a particular IP address exists and can accept requests. Hackers can use ping to launch an
attack against your network, because ping can determine the number form of the network’s IP address
(for example, 105.246.172.72) from the domain name (for example, www.mynetwork.com). If you
enable Block Ping, your network will block all ping requests.
Page 32 / 82
Gateway User Interface
30
Strict UDP Session Control. Enabling this feature provides increased security by preventing the 2Wire
gateway from accepting packets sent from an unknown source over an existing connection.
The ability
to send traffic based on destination only is required by some applications. Enabling this feature may not
allow some on-line applications to work properly.
Allowing Inbound and Outbound Traffic
The Inbound and Outbound Control pane displays some common protocol types. When one of the Inbound
protocol boxes is checked, the firewall allows the corresponding protocol to pass through from the Internet
to the network. If one of the Outbound protocol boxes is checked, the firewall allows the traffic from the
network to pass through the firewall to the Internet.
Note:
If you configure the firewall to block an Inbound protocol, you may disable support for
hosted applications that require that type of protocol.
Disabling Attack Detection
By default, the 2Wire gateway firewall rules block the attack types listed in the Attack Detection pane. There
are some applications and devices that require the use of specific data ports through the firewall. The
gateway allows users to open the necessary ports through the firewall using the Firewall Settings page. If
the user requires that a computer have all incoming traffic available to it, this computer can be set to the
DMZplus mode. While in DMZplus mode, the computer is still protected against numerous broadband
attacks (for example, SYN Flood or Invalid TCP flag attacks).
I
n rare cases, the incoming traffic may be inadvertently blocked by the firewall (for example, when
integrating with external third-party firewalls or VPN servers). You may need to disable one or more of the
attack detection capabilities for any device placed in the DMZplus. In this case, the third-party server
provides the attack protection normally provided by the gateway.
Following are the attacks for which the gateway firewall filters continuously checks.
Excessive Session Detection. When enabled, the firewall will detect applications on the local network
that are creating excessive sessions out to the Internet. This activity is likely due to a virus or “worm”
infected computer (for example, Blaster Worm). When the event is detected, the gateway displays a
HURL warning page.
TCP/UDP Port Scan. A port scan is a series of messages sent by someone attempting to break into a
computer to learn which computer network services, each associated with a well-known port number
(such as UDP and TCP), the computer provides. When enabled, the firewall detects UDP and TCP port
scans, and drops the packet.
Invalid Source/Destination IP address. When enabled, the firewall will verify IP addresses by checking
for the following:
IP source address is broadcast or multicast — drop packet.
TCP destination IP address is not unicast — drop packet.
IP source and destination address are the same — drop packet.
Invalid IP source received from private/home network — drop packet.
Page 33 / 82
Gateway User Interface
31
Packet Flood (SYN/UDP/ICMP/Other). When enabled, the firewall will check for SYN, UDP
, ICMP
, and
other types of packet floods on the local and Internet facing interfaces and stop the flood.
Invalid TCP Flag Attacks (NULL/XMAS/Other). When enabled, the firewall will scan inbound and
outbound packets for invalid TCP Flag settings, and drop the packet to prevent SYN/FIN, NULL, and
XMAS attacks.
Invalid ICMP Detection. The firewall checks for invalid ICMP/code types, and drops the packet.
Miscellaneous. The firewall checks for the following:
Unknown IP protocol — drop packet.
Port 0 attack detected — drop packet.
TCP SYN packet — drop packet.
Not a start session packet — drop packet.
ICMP destination unreachable — terminate session.
Page 34 / 82
32
Access the Management and Diagnostic
Console
Accessing the Management and Diagnostic Console
The Management and Diagnostic Console (MDC) provides information about the status of the 2Wire
gateway, its broadband network connections, attached home networking devices, system and security
information, and a running log of any error conditions.
To access the MDC locally, in the browser address bar enter
.
After you access the MDC, use the left-hand navigation menu to select specific MDC pages.
System Summary Page
The System Summary page s
hows general information about the 2Wire gateway, its configuration,
and components.
Page 35 / 82
Access the Management and Diagnostic Console
33
Depending on the service provider and the components installed, the System Summary page may include
the following information:
Item
Description
System
Model
2Wire gateway model number (for example, 3700HGV-B).
Serial number
2Wire gateway serial number.
MAC Address
2Wire gateway MAC address.
Hardware Version
2Wire gateway hardware version.
Hardware Options
The type of peripheral device installed.
DSL Modem Type
VDSL.
Current Software
2Wire gateway software version.
Configuration
Key Code
The static key code associated with the current
provisioning settings.
System Time
The day, month, year, and time; or “Retrieving date and
time settings from Internet” if not set.
Time Since Last Boot
The time elapsed since the 2Wire gateway was last
restarted.
Last ID Post
The time elapsed since the 2Wire gateway communicated
with the configuration server.
Components
DSL Modem
Modem software version.
common_en
The language in which the user interface is presented
(common_en = English).
Firewall Rules
Current version of the installed firewall rules database.
Application List
Current version of the application list.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top