4021196 Rev B

51

Configure Security

Configure Security

Security > Firewall

Advanced firewall technology deters hackers and protects the home network from

unauthorized access. Use this page to configure a firewall that can filter out various

types of unwanted traffic on the gateway’s local network.

Select the

Firewall

tab to open the Security Firewall page.

Use the descriptions and instructions in the following table to configure the firewall

for your residential gateway. After you make your selections, click

Save Settings

to

apply your changes or

Cancel Changes

to cancel.

Section

Field Description

Firewall

SPI Firewall Protection

SPI Firewall Protection blocks Denial of Service (DoS) attacks. A DoS attack does not

attempt to steal data or damage your computers, but it overloads your Internet

connection so you cannot use it.

Select the desired option:



Enable

(factory default)



Disable

52

4021196 Rev B

Configure Security

Section

Field Description

Filters

Filter Proxy

Enables/disables filter proxy. If local users have access to WAN proxy servers, they

may be able to circumvent the content filters and access Internet sites blocked by

the device. If you select the Filter Proxy feature, it will block access to any WAN

proxy servers.

Block Pop-Up Windows

Enables/disables popup windows. Some commonly used applications employ

popup windows as part of the application. If you disable popup windows, it may

interfere with some of these applications.

Block Web Page Cookies

Enables/disables cookie blocking. This feature filters the unsolicited delivery of

cookies to devices from the Internet to devices in your private local network.

Cookies are computer files that contain personal information or web surfing

behavior data.

Block Java and ActiveX Scripts

Enables/disables java applets and ActiveX scripts. This feature helps to protect the

devices in your private network from irritating or malicious Java applets that are

sent, unsolicited, to devices in your private network from the Internet. These

applets run automatically when they are received by a PC.

Java is a programming language for websites. If you select the Filter Java Applets

feature, you may not have access to Internet sites created using this programming

language.

This feature also helps to protect the devices in your private network from irritating

or malicious ActiveX controls that are sent, unsolicited, to devices in your private

network from the Internet. These ActiveX controls run automatically when they are

received by a PC.

Block fragmented IP packets

Enables/disables filtering of fragmented IP packets. This feature helps protect your

private local network from Internet based denial of service attacks.

Block Port Scan Detection

Enables/disables the gateway from responding to Internet based port scans. This

feature is designed to protect your private local network from Internet based

hackers who attempt to gain unsolicited access your network by detecting open IP

ports on your gateway.

Block IP Flood Detection

(checked – factory default)

Blocks malicious devices that are attempting to flood devices or networks with

illegal broadcast packets. Also referred to as “broadcast storm.”

Block WAN

Requests

Block Anonymous Internet Requests

(checked – factory default)

Enable this feature to keep your network from being "pinged" or detected by other

Internet users. The Block Anonymous Internet Requests feature also hides your

network ports. Both make it more difficult for outside users to enter your network.

4021196 Rev B

53

Configure Security

Security > VPN Passthrough

Use this page to configure Virtual Private Network (VPN) support. Enabling the

settings on this page allows VPN tunnels using IPsec or PPTP protocols to pass

through the gateway's firewall. Select the

VPN Passthrough

tab to open the Security

VPN Passthrough page.

Use the descriptions and instructions in the following table to configure the VPN

passthrough for your residential gateway. After you make your selections, click

Save

Settings

to apply your changes or

Cancel Changes

to cancel.

Section

Field Description

VPN

Passthrough

IPSec Passthrough

Enables/disables Internet Protocol Security (IPsec). IPsec is a suite of

protocols used to implement secure exchange of packets at the IP layer. If

you enable IPSec Passthrough, applications that use IPsec (IP Security) can

pass through the firewall. To disable IPSec Passthrough select

Disable

.

Select the desired option:



Enable

(factory default)



Disable

PPTP Passthrough

Enables/disables Point-to-Point Tunneling Protocol (PPTP). PPTP allows the

Point-to-Point Protocol (PPP) to be tunneled through an IP network. If you

enable PPTP passthrough, applications that use Point to Point Tunneling

Protocol (PPTP) can pass through the firewall To disable PPTP Passthrough

select

Disable

.

Select the desired option:



Enable

(factory default)



Disable

54

4021196 Rev B

Configure Security

Security > VPN

A Virtual Private Network (VPN) is a connection between two endpoints in different

networks that allows private data to be sent securely over public networks or other

private networks. This is accomplished by creating a "VPN tunnel." A VPN tunnel

connects the two PCs or networks and allows data to be transmitted over the

Internet as if it were on a private network. The VPN tunnel uses IPsec to encrypt the

data sent between the two endpoints and encapsulate the data within a normal

Ethernet/IP frame allowing the data to pass between networks securely and

seamlessly.

A VPN provides a cost-effective and more secure alternative to using a private,

dedicated, leased line for a private network. Using industry standard encryption and

authentication techniques, an IPsec VPN creates a secure connection that operates as

if you were directly connected to your local private network.

For example, a VPN allows users to sit at home and connect to his/her employer's

corporate network and receive an IP address in their private network just as though

they were sitting in their office connected to their corporate LAN.

Select the

VPN

tab to open the Security VPN page.

Use this page to configure the VPN for your residential gateway.

4021196 Rev B

55

Configure Security

Security VPN Tunnel Page Description

Use the descriptions and instructions in the following table to configure the VPN

tunnel for your gateway. After you make your selections, click

Save Settings

to

apply your changes or

Cancel Changes

to cancel.

Section

Field Description

VPN Tunnel

Select Tunnel Entry

Allows you to display a list of created VPN tunnels

Create Button

Click this button to create a new tunnel entry

Delete Button

Click this button to delete all settings for the selected tunnel

Summary Button

Click this button to display the settings and status of all enabled tunnels

IPSec VPN Tunnel

Allows you to enable or disable Internet Security Protocol for the VPN tunnel

Tunnel Name

Enter the name for this tunnel

Local Secure

Group

Select the local LAN user(s) that can use this VPN tunnel. This may be a single IP

address or sub-network. Note that the Local Secure Group must match the remote

gateway's Remote Secure Group.

IP

Enter the IP address of the local network

Mask

If the Subnet option is selected, enter the mask to determine the IP address on the

local network

Remote

Secure

Group

Select the remote LAN user(s) behind the remote gateway who can use this VPN

tunnel. This may be a single IP address, a sub-network, or any addresses. If "Any"

is set, the Gateway acts as responder and accepts requests from any remote user.

Note that the Remote Secure Group must match the remote gateway's Local Secure

Group.

IP

Enter the IP address of the remote network

Mask

If the Subnet option is selected, enter the mask to determine the IP addresses on

the remote network