Page 21 / 30 Scroll up to view Page 16 - 20
38
Manually Configuring your Modem
Manually Configuring your Modem
39
section
2
1
3
4
5
6
7
Firewall
The Modem’s firewall
enables access control
of client PCs, blocks
common hacker attacks,
including IP Spoofing,
Land Attack, Ping of
Death, IP with zero length,
Smurf Attack, UDP port
loopback, Snork Attack,
TCP null scan, and TCP
SYN flooding.
Access Control
Access Control allows users to define the outgoing traffic permitted or
not-permitted through the WAN interface.
The Modem can also limit the access of hosts within the local area
network (LAN). The MAC Filtering Table allows the Modem to enter up
to 32 MAC addresses that are not allowed access to the WAN port.
The following items are displayed on the Access Control screen:
Parameter
Description
Enable Filtering
Enables or disables the filtering function. Function
Normal Filtering
Table
Displays the IP address (or an IP address range)
filtering table.
Click Add PC on the Access Control screen to view the following page.
Access Control Add PC
The settings in the screen
shot below will block
all email sending and
receiving.
Define the appropriate
settings for client PC
services (as shown
above). Click “OK” to save
your settings. The added
PC will now appear in the
Access Control page.
MAC Filter
Use this page to block
access to your network
using MAC addresses.
The Modem can also limit
the access of hosts within
the local area network
(LAN). The MAC Filtering
Table allows the Modem
to enter up to 32 MAC
addresses that are allowed
access to the WAN port.
All other devices will be
denied access.
Page 22 / 30
40
Manually Configuring your Modem
Manually Configuring your Modem
41
section
2
1
3
4
5
6
7
URL Blocking
To configure the URL
Blocking feature, use the
table below to specify the
web sites (www.somesite.
com) and/or keywords
you want to filter on your
network.
To complete this
configuration, you will
need to create or modify
an access rule in “Access
Control”. To modify an
existing rule, click the Edit
option next to the rule you
want to modify. To create a new rule, click on the Add PC option.
From the Access Control Page, Add PC section, check the option for
“WWW with URL Blocking” in the Client PC Service table to filter out
the web sites and keywords selected below, on a specific PC.
The Modem allows the user to block access to web sites from a
particular PC by entering either a full URL address or just a keyword.
This feature can be used to protect children from accessing violent or
pornographic web sites.
Schedule Rule
You may filter Internet
access for local clients
based on rules.
Each access control rule
may be activated at a
scheduled time. Define the
schedule on the Schedule
Rule page, and apply the
rule on the Access Control
page.
Click Add Schedule Rule.
Edit Schedule Rule
You can create and edit
schedule rules on this
page.
Define the appropriate
settings for a schedule
rule (as shown on the
above screen). The rule
in the screen shot above
prohibits emailing after
8.00am to 11.59pm. Upon
completion, click “OK” to
save your schedule rules.
Intrusion Detection
The Modem’s firewall
inspects packets at
the application layer,
maintains TCP and UDP
session information
including timeouts and
number of active sessions,
and provides the ability to
detect and prevent certain
types of network attacks
such as Denial-of-Service
(DoS) attacks.
Page 23 / 30
42
Manually Configuring your Modem
Manually Configuring your Modem
43
section
2
1
3
4
5
6
7
Network attacks that deny
access to a network device
are called DoS attacks.
DoS attacks are aimed
at devices and networks
with a connection to the
Internet. Their goal is not
to steal information, but
to disable a device or
network so users no longer
have access to network
resources.
The Modem protects
against DoS attacks
including: Ping of Death
(Ping flood) attack, SYN
flood attack, IP fragment
attack (Teardrop Attack),
Brute-force attack, Land
Attack, IP Spoofing
attack, IP with zero length,
TCP null scan (Port
Scan Attack), UDP port
loopback, Snork Attack.
Note: The firewall does not
significantly affect system
performance, so we advise
enabling the prevention
features to protect your
network.
Parameter
Defaults
Description
Enable SPI
and Anti-
DoS firewall
protection
Yes
The Intrusion Detection feature of
the VoIP Modem limits the access
of incoming traffic at the WAN port.
When the Stateful Packet Inspection
(SPI) feature is turned on, all incoming
packets are blocked except those
types marked with a check in the
Stateful Packet Inspection section at
the top of the screen.
Stateful Packet
Inspection
This option allows you to select
different application types that are
using dynamic port numbers. If you
wish to use Stateful Packet Inspection
(SPI) for blocking packets, click on the
Yes radio button in the “Enable SPI and
Anti-DoS firewall protection” field and
then check the inspection type that you
need, such as Packet Fragmentation,
TCP Connection, UDP Session, FTP
Service, H.323 Service, and TFTP
Service. It is called a “Stateful” packet
inspection because it examines the
contents of the packet to determine
the state of the communication; i.e.,
it ensures that the stated destination
computer has previously requested the
current communication. This is a way
of ensuring that all communications are
initiated by the recipient computer and
are taking place only with sources that
are known and trusted from previous
interactions. In addition to being more
rigorous in their inspection of packets,
stateful inspection firewalls also
close off ports until a connection to
the specific port is requested.
When
particular types of traffic are checked,
only the particular type of traffic
initiated from the internal LAN will be
allowed. For example, if the user only
checks FTP Service in the Stateful
Packet Inspection section, all incoming
traffic will be blocked except for FTP
connections initiated from the local
LAN.
Discard Ping
from WAN
Discard
Prevents a ping on the Modem’s WAN
port from being routed to the network.
Page 24 / 30
44
Manually Configuring your Modem
Manually Configuring your Modem
45
section
2
1
3
4
5
6
7
RIP Defect
Enabled
If the Modem does not reply to an
IPX RIP request packet, it will stay in
the input queue and not be released.
Accumulated packets could cause
the input queue to fill, causing severe
problems for all protocols. Enabling
this feature prevents the packets
accumulating.
Your E-mail
Address
Enter your email address.
SMTP Server
Address
Enter your SMTP server address
(usually the part of the email address
following the “@” sign).
POP3 Server
Address
Enter your POP3 server address
(usually the part of the email address
following the “@” sign).
User Name
Enter your email account user name.
Password
Enter your email account password.
Fragmentation
half-open wait
10 secs
Configures the number of seconds
that a packet state structure remains
active. When the timeout value expires,
the Modem drops the unassembled
packet, freeing that structure for use
by another packet.
TCP SYN wait
30 secs
Defines how long the software will
wait for a TCP session to reach an
established state before dropping the
session.
TCP FIN wait
5 secs
Specifies how long a TCP session will
be managed after the firewall detects a
FIN-exchange.
TCP connection
idle timeout
3600 secs (1 hour) The length of
time for which a TCP session will be
managed if there is no activity.
UDP session
idle timeout
30 secs
The length of time for which a UDP
session will be managed if there is no
activity.
H.323 data
channel idle
timeout
180 secs
The length of time for which an H.323
session will be managed if there is no
activity.
Total
incomplete
TCP/UDP
sessions HIGH
300
sessions
Defines the rate of new un-established
sessions that will cause the software to
start deleting half-open sessions.
Total
incomplete
TCP/UDP
sessions LOW
250
sessions
Defines the rate of new un-established
sessions that will cause the software to
stop deleting half-open sessions.
Incomplete
TCP/UDP
sessions (per
min.) HIGH
250
sessions
Maximum number of allowed
incomplete TCP/UDP sessions per
minute.
Incomplete
TCP/UDP
sessions (per
min.) LOW
200
sessions
Minimum number of allowed
incomplete TCP/UDP sessions per
minute.
Maximum
incomplete
TCP/UDP
sessions
number from
same host
10
Maximum half-open fragmentation
packet number from same host
Incomplete
TCP/UDP
sessions detect
sensitive time
period
300 secs
Length of time before an incomplete
TCP/UDP session is detected as
incomplete
Maximum
half-open
fragmentation
packet number
from same host
30
Maximum number of half-open
fragmentation packets from the same
host.
Page 25 / 30
46
Manually Configuring your Modem
Manually Configuring your Modem
47
section
2
1
3
4
5
6
7
Maximum
number of
half-open
fragmentation
packets from
the same host.
1 secs
Length of time before a half-open
fragmentation session is detected as
half-open.
Flooding
cracker block
time
300 secs
Length of time from detecting a flood
attack to blocking the attack.
DMZ
If you have a client PC
that cannot run an Internet
application properly from
behind the firewall, you
can open the client up
to unrestricted two-way
Internet access. Enter
the IP address of a DMZ
(Demilitarized Zone) host
on this screen. Adding
a client to the DMZ
may expose your local
network to a variety of
security risks, so it is only
recommended that this is used option as a last resort.
It is also recommended that you disable and software firewall installed
on your PC, this will continue to block ports even if the PC is entered
into the DMZ.
ADSL
ADSL Parameters
We recommend leaving
the Operation Mode at
the default Automatic
setting, to automatically
negotiate with remote
DSLAM (Digital Subscriber
Line Access Multiplexer).
A DSLAM is owned and
managed by your ISP,
if the Modem is having
problems connecting to
the Internet, it may be
necessary to force the
Operation Mode to your ISP’s preferred connection.
Operation Mode
Automatic
T1.413 Issue 2
G.992.1 (G.DMT)
G.922.2 (G.Lite)

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top