Page 56 / 109 Scroll up to view Page 51 - 55
46
alternative routes, the one with the lowest hop count is
considered the fastest path.
4)
Select
Send Mode
and
Receive Mode
.
z
The
Send Mode
setting indicates the RIP version this
interface will use when it sends its route information to
other devices.
z
The
Receive Mode
setting indicates the RIP version(s) in
which information must be passed to the MT800 in order
for it to be accepted into its routing table.
5)
Click the
Add
button. The new RIP entry will display in the
table.
6)
Click the
Enable
radio button to enable the RIP feature.
±
Note:
z
RIP version 1 is the original RIP protocol. Select RIP1 if you have devices that
communicate with this interface that understand RIP version 1 only.
z
RIP version 2 is the preferred selection because it supports "classless" IP
addresses (which are used to create subnets) and other features. Select RIP2 if
all other routing devices on your LAN support this version of the protocol.
III.
Save
z
Click the
Submit
button to save the settings in the RAM.
z
To save these configuration changes permanently, enter
the
Save & Reboot
page, select
Save
and click
Submit
button to save new settings.
Page 57 / 109
47
4.12
Firewall Configuration
4.12.1
Configuration of Global Firewall
The Firewall enables you to protect the system against denial of
service (DoS) attacks and other types of malicious accesses to your
LAN. You can also specify how to monitor attempted attacks, and
who should be automatically notified.
Click the
Firewall
of
Advanced Function
in the Wizard Column
to set the RIP.
I.
Configuration page
Figure 4-23
Firewall configuration
Page 58 / 109
48
II.
Parameter explanation
Follow these instructions to configure global firewall settings.
Configure any of the following settings that display in the
Firewall Global Configuration
table:
z
Blacklist Status:
If you want the device to maintain and
use a black list, click
Enable
. Click
Disable
if you do not
want to maintain a list.
z
Blacklist Period(min):
Specifying the number of minutes
that a computer's IP address will remain on the black list
(i.e., all traffic originating from that computer will be
blocked from passing through any interface on the MT800).
For more information, see Managing the Black List below.
z
Attack Protection
: Click the
Enable
radio button to use
the built-in firewall protections that prevent the following
common types of attacks:
z
IP Spoofing
: Sending packets over the WAN
interface using an internal LAN IP address as the
source address.
z
Tear Drop
: Sending packets that contain overlapping
fragments.
z
Smurf and Fraggle
: Sending packets that use the
WAN or LAN IP broadcast address as the source
address.
z
Land Attack
: Sending packets that use the same
address as the source and destination address.
z
Ping of Death
: Illegal IP packet length.
z
DoS Protection
: Click the
Enable
radio button to use the
following denial of service protections: SYN DoS, ICMP
DoS, Per-host DoS protection.
Page 59 / 109
49
z
Max Half open TCP Connection
: Set the percentage of
concurrent IP sessions that can be in the half-open state.
In ordinary TCP communication, packets are in the
half-open state only briefly as a connection is being
initiated; the state changes to active when packets are
being exchanged, or closed when the exchange is
complete. TCP connections in the half-open state can use
up the available IP sessions. If the percentage is exceeded,
then the half-open sessions will be closed and replaced
with new sessions as they are initiated.
z
Max ICMP Connection
: Set the percentage of concurrent
IP sessions that can be used for ICMP messages. If the
percentage is exceeded, then older ICMP IP sessions will
be replaced by new sessions as they are initiated.
z
Max Single Host Connection
: Set the percentage of
concurrent IP session that can originate from a single
computer. This percentage should take into account the
number of hosts on the LAN.
III.
Save
z
Click the
Submit
button to save the settings in the RAM.
z
To save these configuration changes permanently, enter
the
Save & Reboot
page, select
Save
and click
Submit
button to save new settings.
4.12.2
Managing the Blacklist
If data packets are received that violate the firewall settings or
any of the IP Filter rules, then the source IP address of the offending
packets can be blocked from such accesses for a specified period of
time. The source computer remains on the black list for the period of
Page 60 / 109
50
time that you specify. You can enable or disable use of the black list
using the settings described above.
To view the list of currently blacklisted computers, click the
Black List
button at the bottom of the Firewall Configuration page.
The table displays the following information for each entry.
z
Host IP Address
: The IP address of the computer that
sent the packet(s) that caused the violation.
z
Reason
: A short description of the type of violation. If the
packet violated an IP Filter rule, the custom text from the
Log Tag field will display.
z
IPF Rule ID
: If the packet violated an IP Filter rule, this field
will display the ID assigned to the rule.
4.13
IP Filter Configuration
The IP filter feature enables you to create rules that control the
forwarding of incoming and outgoing data between your LAN and the
Internet and within your LAN.
4.13.1
IP Filter Global Settings
The IP Filter Configuration page displays global settings that
you can modify. And the IP Filter rule table shows all currently
established rules.
Click the
IP Filter
of
Advanced Function
in the Wizard Column
to set the IP filter.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top