Actiontec MI424-WR-Rev-D Router Manual PDF (Setup & Configuration Guide)

Page 106 / 198 Scroll up to view Page 101 - 105

Conﬁguring Security Settings

6.7

Remote Administration

6

106

6.7b

Web Management

Web Management is used to obtain access to the FiOS Router’s GUI and gain

access to all settings and parameters,using a web browser. Both secure (HTTPS)

and non-secure (HTTP) access is available. Select the port to be used by clicking

in the appropriate text box, then click

Apply

.

Note:

Telnet and Web Management remote administration access may be used

to modify or disable firewall settings. Local IP addresses and other settings can

also be changed, making it difficult or impossible to access the FiOS Router

from the local network. Therefore, remote adminstration access to Telnet or Web

Management services should be activated only when absolutely necessary.

6.7c

Diagnostic Tools

Diagnostic Tools are used for troubleshooting and remote system management

by a user or the ISP.

Note:

Encrypted remote administration is performed using a secure SSL

connection, and requires an SSL certificate. When accessing the FiOS Router

for the first time using encrypted remote administration, a warning appears

regarding certificate authentication because the FiOS Router’s SSL certificate is

self-generated. When encountering this message under these circumstances,

ignore it and continue. Even though this message appears, the self-generated

certificate is safe, and provides a secure SSL connection.

Page 107 / 198

FiOS Router User Manual

02/11/09

107

6.8

Static NAT

This option allows multiple public addresses to be designated to devices on the

network. Static NAT allows devices behind a firewall and configured with private

IP addresses appear to have public IP addresses on the Internet. This allows an

internal host, such as a web server, to have an unregistered (private) IP address

and still be accessible over the Internet. To do this:

Select

1.

Static NAT

from any Security screen. The “Static NAT” screen appears.

Click

2.

Add

. The “Add NAT/NAPT Rule” screen appears.

Select a source address from the drop-down list. Usually, this is the public IP

3.

address assigned by the ISP, and will appear in the drop down list.

Select a Destination Address from the appropriate drop-down list.

4.

Select the protocol that needs to be accessible from the public IP address

5.

from the “Protocol” drop-down list.

Page 108 / 198

Conﬁguring Security Settings

6.9

Advanced Filtering

6

108

From the “Operation” drop-down list, select “Static NAT” or “NAPT” (Network

6.

Address Port Translation), depending on the type of rule.

Define when this new rule will occur from the “When should this rule occur?”

7.

drop-down list (for more details about schedule rules, see the “Advanced

Settings” chapter of this manual).

Repeat these steps to add more static IP addresses from the network.

6.9

Advanced Filtering

Advanced filtering is designed to allow comprehensive control over the firewall’s

behavior. Specific input and output rules can be defined, the order of logically

similar sets of rules controlled, and distinctions made between rules that apply

to Internet and rules that apply to local network devices.

To access, select

Advanced Filtering

from any Security screen. The “Advanced

Filtering” screen appears.

Page 109 / 198

FiOS Router User Manual

02/11/09

109

Two sets of rules can be configured: input rules and output rules. Each set of

rules comprises three subsets: initial rules, network devices rules, and final rules.

These subsets determine the sequence by which the rules will be applied.

Following is a description of the set ordering for inbound and outbound

packets.

6.9a

Inbound/Outbound Packets - Rule Sets

There are numerous rules automatically inserted by the firewall to provide

improved security and block harmful attacks. These pre-populated rules

displayed are required for operation on the Verizon network.

To configure advanced filtering rules, click

Add

next to the rule title. The “Add

Advanced Filter” screen appears.

Page 110 / 198

Conﬁguring Security Settings

6.9

Advanced Filtering

6

110

To add an advanced filtering rule, define the following rule parameters:

6.9c

Matching

To apply a firewall rule, a match must be made between IP addresses or ranges

and ports. Use the “Source Address” and “Destination Address” drop-down lists

to define the coupling of source and destination traffic. Port matching will be

defined when selecting protocols. For example, if the FTP protocol is selected,

port 21 will be checked for matching traffic flow between the defined source

and destination IPs.

6.9d

Operation

This is where the action the rule will take is defined. Select one of the following

radio buttons:

Drop

s

- Deny access to packets that match the source and destination IP

addresses and vCP reset to the origination peer.

Accept

s

- Allow access to packets that match the source and destination IP

addresses and protocol ports defined in upper section of the screen. The data

transfer session will be handled using Stateful Packet Inspection (SPI).

Accept Packet

s

- Allow access to packets that match the source and

destination IP addresses and protocol ports defined in upper section of

the screen. The data transfer session will not be handled using Stateful

Packet Inspection (SPI), so other packets that match this rule will not be

automatically allowed access. This setting is useful when creating rules that

allow broadcasting.

6.9e

Logging

Click in this check box to add entries relating to this rule to the security log.

6.9f

Scheduler (When should this rule occur?)

If advanced filtering needs to be active all the time, select

Always

from the

“When should this rule occur?” drop-down list. If the rule will only be active at

certain times select

Specify Schedule

and click

Add

. Then, add a schedule rule

(for more details about schedule rules, see the “Advanced Settings” chapter of

this manual)

Rate

Popular Actiontec Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share