Page 41 / 71 Scroll up to view Page 36 - 40
Page 38
Schedule Rule
You may filter Internet access for local clients based on rules
Each access control rule may be activated at a scheduled time. Define the schedule on the Schedule Rule
page, and apply the rule on the Access Control page.
Click ‘Add Schedule Rule’ to add a new rule and bring up the following page.
Edit Schedule Rule
You can create and edit schedule rules on this page.
Define the appropriate settings for a schedule rule (as shown on the above screen). The rule in the screen shot
above prohibits emailing after 3.00pm to 11.00pm. Upon completion, click ‘OK’ to save your schedule rules.
Chapter 5 :
Advanced Setup
BoB
TM
Advanced Setup Method
Page 42 / 71
Page 39
Intrusion Detection
The router’s firewall inspects packets at the application layer, maintains TCP and UDP session information
including timeouts and number of active sessions, and provides the ability to detect and prevent certain types
of network attacks such as Denial-of-Service (DoS) attacks.
Network attacks that deny access to a network
device are called DoS attacks DoS attacks are aimed
at devices and networks with a connection to the
Internet. Their goal is not to steal information, but to
disable a device or network so users no longer have
access to it.
The router protects against DoS attacks including:
Ping of Death (Ping f lood) attack, SYN f lood attack, IP
fragment attack (Teardrop Attack), Brute-force attack,
Land Attack, IP Spoofing attack, IP with zero length,
TCP null scan (Port Scan Attack), UDP port loopback.
Note:
The firewall does not significantly affect system
performance, so we advise enabling the prevention
features to protect your network
Parameter Description
Enable SPI and Anti-DoS firewall protection:
The Intrusion Detection feature of the router limits
the access of incoming traffic at the WAN port. When
the Stateful Packet Inspection (SPI) feature is turned
on, all incoming packets are blocked except those
types marked with a check in the Stateful Packet
Inspection section at the top of the screen
Stateful Packet Inspection:
This option allows you to select different application
types that are using dynamic port numbers. If you
wish to use Stateful Packet Inspection (SPI) for
blocking packets, click on the Yes radio button in
the ‘Enable SPI and Anti-DoSfirewall protection’ field
and then check the inspection type that you need,
such as Packet Fragmentation, TCP Connection, UDP
Session, 323 Service, and TFTP Service.
It is called a ‘stateful’ packet inspection because it
examines the contents of the packet to determine
the state of the communication; it ensures that
the stated destination computer has previously
requested the current communication. This is a way
of ensuring that all communications are initiated by
the recipient computer and are taking place only with
sources that are known and trusted from previous
interactions. In addition to being more rigorous
in their inspection of packets, stateful inspection
firewalls also close off ports until a connection to the
specific port is requested.
When particular types of traffic are checked, only the
particular type of traffic initiated from the internal
LAN will be allowed. For example, if the user only
checks FTP Service in the Stateful Packet Inspection
section, all incoming traffic will be blocked except for
FTP connections initiated from the local LAN.
Chapter 5 :
Advanced Setup
BoB
TM
Advanced Setup Method
Page 43 / 71
Page 40
DoS Detect Criteria
Total incomplete TCP/UDP sessions HIGH:
Defines the rate of new un-established sessions
that will cause the software to start deleting half-
open sessions.
Total incomplete TCP/UDP sessions LOW:
Defines the rate of new un-established sessions
that will cause the software to stop deleting.
Incomplete TCP/UDP sessions (per min.) HIGH:
Maximum number of allowed incomplete TCP/UDP
sessions per minute.
Incomplete TCP/UDP sessions (per min.) LOW:
Minimum number of allowed incomplete TCP/UDP
sessions per minute.
Maximum incomplete TCP/UDP sessions
number from same host:
Maximum half-open
fragmentation packet number from same host.
Incomplete TCP/UDP sessions detect sensitive
time period:
of time before an incomplete TCP/
UDP session is detected as incomplete.
Maximum half-open fragmentation packet
number from same host:
Maximum number of
incomplete TCP/UDP sessions from the same host.
Half-open fragmentation detect sensitive
time period:
Length of time before a half-open
fragmentation session is detected as half-open.
DMZ
If you have a client PC that cannot run an Internet application properly from behind the firewall, you can open
the client up to unrestricted two-way Internet access. Enter the IP address of a DMZ (Demilitarized Zone) host
on this screen. Adding a client to the DMZ may expose your local network to a variety of security risks, so only
use this option as a last resort.
Chapter 5 :
Advanced Setup
BoB
TM
Advanced Setup Method
Page 44 / 71
Page 41
SNMP
On this page you can enable the SNMP (Simple Network Management Protocol) functions for LAN, WAN or both
LAN and WAN. By default it is set to disabled.
Community
Use the SNMP configuration screen to display and modify parameters for the Simple Network Management
Protocol (SNMP). A computer attached to the network, called a Network Management Station (NMS), can
be used to access this information.
Access rights to the agent are controlled by community strings. To
communicate with the router, the NMS must first submit a valid community string for authentication.
Parameter
Description
Community
A Community name authorised for management access
Access
Management access is restricted to Read or Write
Valid
Enables or disables the entry
Note:
Up to 5 community names may be entered
Chapter 5 :
Advanced Setup
BoB
TM
Advanced Setup Method
Page 45 / 71
Page 42
Trap
Parameter Description
IP Address:
Traps are sent to this address when errors or specific events occur on the network.
Community:
A community string (password) specified for trap management. Enter a word, something other
than public or private, to prevent unauthorized individuals from reading information on your system.
Version: Sets the trap status to disabled, or enabled with V1 or V2c.
The v2c protocol was proposed in late 1995 and includes enhancements to v1 that are universally accepted.
These include a get-bulk command to reduce network management traffic when retrieving a sequence of MIB
variables, and a more elaborate set of error codes for improved reporting to a Network Management Station.
ADSL
ADSL Parameters
We recommend leaving the Operation Mode at the default Automatic setting unless you are having line sync
issues, to automatically negotiate with remote DSLAM.
Parameter Description
Operation Mode
Automatic
T1.413 Issue 2
G.992.1 (G.DMT)
G.922.2 (G.Lite)
G.922.3 (ADSL2)
G.922.5 (ADSL2+)
G.922.5 (ADSL2+M)
Chapter 5 :
Advanced Setup
BoB
TM
Advanced Setup Method

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top