1. Home
    2. /
  2. Manuals
    3. /
  3. DrayTek
    4. /
  4. Vigor-2920
    5. /
  5. 22
Page 106 / 251 Scroll up to view Page 101 - 105
Vigor2920 Series User’s Guide
96
Local IP Address
Display the private IP address of the local host offering the service.
Status
Display the state for the corresponding entry. X or V is to represent
the
Inactive
or
Active
state.
To add or edit port settings, click one index number on the page. The index entry setup page
will pop up. In each index entry, you can specify
10
port ranges for diverse services.
Enable Open Ports
Check to enable this entry.
Comment
Make a name for the defined network application/service.
WAN IP
Specify the WAN IP address that will be used for this entry. This
setting is available when WAN IP Alias is configured.
Local Computer
Enter the private IP address of the local host or click
Choose PC
to
select one.
Choose PC
Click this button and, subsequently, a window having a list of
private IP addresses of local hosts will automatically pop up. Select
the appropriate IP address of the local host in the list.
Protocol
Specify the transport layer protocol. It could be
TCP
,
UDP
, or
-----
(none) for selection.
Start Port
Specify the starting port number of the service offered by the local
host.
End Port
Specify the ending port number of the service offered by the local
host.
VoIPon
www.voipon.co.uk
Tel: +44 (0)1245 808195
Fax: +44 (0)1245 808299
Page 107 / 251
Vigor2920 Series User’s Guide
97
4.4 Firewall
4.4.1 Basics for Firewall
While the broadband users demand more bandwidth for multimedia, interactive applications,
or distance learning, security has been always the most concerned. The firewall of the Vigor
router helps to protect your local network against attack from unauthorized outsiders. It also
restricts users in the local network from accessing the Internet. Furthermore, it can filter out
specific packets that trigger the router to build an unwanted outgoing connection.
Firewall Facilities
The users on the LAN are provided with secured protection by the following firewall facilities:
z
User-configurable IP filter (Call Filter/ Data Filter).
z
Stateful Packet Inspection (SPI): tracks packets and denies unsolicited incoming data
z
Selectable Denial of Service (DoS) /Distributed DoS (DDoS) attacks protection
IP Filters
Depending on whether there is an existing Internet connection, or in other words “the WAN
link status is up or down”, the IP filter architecture categorizes traffic into two:
Call Filter
and
Data Filter
.
z
Call Filter -
When there is no existing Internet connection,
Call Filter
is applied to all
traffic, all of which should be outgoing. It will check packets according to the filter rules.
If legal, the packet will pass. Then the router shall
“initiate a call”
to build the Internet
connection and send the packet to Internet.
z
Data Filter
- When there is an existing Internet connection,
Data Filter
is applied to
incoming and outgoing traffic. It will check packets according to the filter rules. If legal,
the packet will pass the router.
The following illustrations are flow charts explaining how router will treat incoming traffic
and outgoing traffic respectively.
VoIPon
www.voipon.co.uk
Tel: +44 (0)1245 808195
Fax: +44 (0)1245 808299
Page 108 / 251
Vigor2920 Series User’s Guide
98
Stateful Packet Inspection (SPI)
Stateful inspection is a firewall architecture that works at the network layer. Unlike legacy
static packet filtering, which examines a packet based on the information in its header, stateful
inspection builds up a state machine to track each connection traversing all interfaces of the
firewall and makes sure they are valid. The stateful firewall of Vigor router not just examine
the header information also monitor the state of the connection.
Denial of Service (DoS) Defense
The
DoS Defense
functionality helps you to detect and mitigate the DoS attack. The attacks
are usually categorized into two types, the flooding-type attacks and the vulnerability attacks.
The flooding-type attacks will attempt to exhaust all your system's resource while the
vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the
protocol or operation system.
The
DoS Defense
function enables the Vigor router to inspect every incoming packet based on
the attack signature database. Any malicious packet that might duplicate itself to paralyze the
host in the secure LAN will be strictly blocked and a Syslog message will be sent as warning, if
you set up Syslog server.
Also the Vigor router monitors the traffic. Any abnormal traffic flow violating the pre-defined
parameter, such as the number of thresholds, is identified as an attack and the Vigor router will
activate its defense mechanism to mitigate in a real-time manner.
The below shows the attack types that DoS/DDoS defense function can detect:
1. SYN flood attack
2. UDP flood attack
3. ICMP flood attack
4. Port Scan attack
5. IP options
6. Land attack
7. Smurf attack
8. Trace route
9. SYN fragment
10. Fraggle attack
11. TCP flag scan
12. Tear drop attack
13. Ping of Death attack
14. ICMP fragment
15. Unknown protocol
Below shows the menu items for Firewall.
VoIPon
www.voipon.co.uk
Tel: +44 (0)1245 808195
Fax: +44 (0)1245 808299
Page 109 / 251
Vigor2920 Series User’s Guide
99
4.4.2 General Setup
General Setup allows you to adjust settings of IP Filter and common options.
Here you can
enable or disable the
Call Filter
or
Data Filter
. Under some circumstance, your filter set can
be linked to work in a serial manner. So here you assign the
Start Filter Set
only. Also you
can configure the
Log Flag
settings,
Apply IP filter to VPN incoming packets
, and
Accept
incoming fragmented UDP packets
.
Click
Firewall
and click
General Setup
to open the general setup page.
Call Filter
Check
Enable
to activate the Call Filter function. Assign a start filter
set for the Call Filter.
Data Filter
Check
Enable
to activate the Data Filter function. Assign a start filter
set for the Data Filter.
Filter
Select
Pass
or
Block
for the packets that do not match with the filter
rules.
IM/P2P Filter
Select a CSM profile for global IM/P2P application blocking. All the
hosts in LAN must follow the standard configured in the CSM
profile selected here. For detailed information, refer to the section of
CSM profile setup. For troubleshooting needs, you can specify to
record information for IM/P2P by checking the Log box. It will be
sent to Syslog server. Please refer to section
Syslog/Mail Alert
for
more detailed information.
URL Content Filter
Select one of the
URL Content Filter
profile settings (created in
CSM>> URL Content Filter
) for applying with this router. Please
VoIPon
www.voipon.co.uk
Tel: +44 (0)1245 808195
Fax: +44 (0)1245 808299
Page 110 / 251
Vigor2920 Series User’s Guide
100
set at least one profile for choosing in
CSM>> URL Content Filter
web page first. For troubleshooting needs, you can specify to record
information for
URL Content Filter
by checking the Log box. It
will be sent to Syslog server. Please refer to section
Syslog/Mail
Alert
for more detailed information.
Web Content Filter
Select one of the
Web Content Filter
profile settings (created in
CSM>> Web Content Filter
) for applying with this router. Please
set at least one profile for anti-virus in
CSM>> Web Content Filter
web page first. For troubleshooting needs, you can specify to record
information for
Web Content Filter
by checking the Log box. It
will be sent to Syslog server. Please refer to section
Syslog/Mail
Alert
for more detailed information.
Syslog
For troubleshooting needs you can specify the filter log and/or CSM
log here by checking the box. The log will be displayed on DrayTek
Syslog window.
Advance Setting
Click
Edit
to open the following window. However, it is
strongly
recommended
to use the default settings here.
Codepage
- This function is used to compare the characters
among different languages. Choose correct codepage can help the
system obtaining correct ASCII after decoding data from URL and
enhance the correctness of URL Content Filter. The default value
for this setting is ANSI 1252 Latin I. If you do not choose any
codepage, no decoding job of URL will be processed. Please use
the drop-down list to choose a codepage.
If you do not have any idea of choosing suitable codepage, please
open Syslog. From Codepage Information of Setup dialog, you
will see the recommended codepage listed on the dialog box.
VoIPon
www.voipon.co.uk
Tel: +44 (0)1245 808195
Fax: +44 (0)1245 808299

Rate

4.5 / 5 based on 2 votes.

Popular DrayTek Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top