25

Chapter 5: Configuring the Wireless-G Broadband Router

The Access Restrictions Tab - Internet Access

Wireless-G Broadband Router with SRX

5.

Click the appropriate option,

Deny

or

Allow

, depending on whether you want to block or allow Internet access

for the PCs you listed on the

List of PCs

screen (shown in Figure 5-26).

6.

Decide which days and what times you want this policy to be enforced. Select the individual days during

which the policy will be in effect, or select

Everyday

. Then enter a range of hours and minutes during which

the policy will be in effect, or select

24 Hours

.

7.

You can filter access to various services accessed over the Internet, such as FTP or telnet, by selecting

services from the drop-down menus next to

Blocked Services

. (You can block up to 20 services.)

Then enter the range of ports you want to filter.

If the service you want to block is not listed or you want to edit a service’s settings, then click the

Add/Edit

Service

button. Then the

Port Services

screen will appear.

To add a service, enter the service’s name in the

Service Name

field. Select its protocol from the

Protocol

drop-down menu, and enter its range in the

Port Range

fields. Then click the

Add

button.

To modify a service, select it from the list on the right. Change its name, protocol setting, or port range. Then

click the

Modify

button.

To delete a service, select it from the list on the right. Then click the

Delete

button.

When you are finished making changes on the

Port Services

screen, click the

Apply

button to save changes.

If you want to cancel your changes, click the

Cancel

button. To close the

Port Services

screen and return to

the

Access Restrictions

screen, click the

Close

button.

8.

If you want to block websites with specific URL addresses, enter each URL in a separate field next to

Website

Blocking by URL Address

.

9.

If you want to block websites using specific keywords, enter each keyword in a separate field next to

Website

Blocking by Keyword

.

10. Click the

Save Settings

button to save the policy’s settings. To cancel the policy’s settings, click the

Cancel

Changes

button.

Figure 5-27: Port Services

ftp

: a protocol used to transfer files over a TCP/IP network

telnet

: a user command and TCP/IP

protocol used for accessing remote PCs

url

: the address of a file located on the Internet

Figure 5-26: List of PCs

26

Chapter 5: Configuring the Wireless-G Broadband Router

The Applications and Gaming Tab - Port Range Forward

Wireless-G Broadband Router with SRX

The Applications and Gaming Tab - Port Range Forward

The Applications and Gaming Tab allows you to set up public services on your network, such as web servers, ftp

servers, e-mail servers, or other specialized Internet applications. (Specialized Internet applications are any

applications that use Internet access to perform functions such as videoconferencing or online gaming. Some

Internet applications may not require any forwarding.)

To forward a port, enter the information on each line for the criteria required. Descriptions of each criteria are

described here.

Application

. In this field, enter the name you wish to give the application. Each name can be up to 12 characters.

Start/End

. This is the port range. Enter the number that starts the port range under

Start

and the number that

ends the range under

End

.

Protocol

. Enter the protocol used for this application, either

TCP

or

UDP

, or

Both

.

IP Address

. For each application, enter the IP Address of the PC running the specific application.

Enable

. Click the

Enable

checkbox to enable port forwarding for the relevant application.

Change these settings as described here and click the

Save Settings

button to apply your changes or

Cancel

Changes

to cancel your changes.

The Applications and Gaming Tab - Port Triggering

Port Triggering is used for special applications that can request a port to be opened on demand. For this feature,

the Gateway will watch outgoing data for specific port numbers. The Gateway will remember the IP address of the

computer that sends a transmission requesting data, so that when the requested data returns through the

Gateway, the data is pulled back to the proper computer by way of IP address and port mapping rules.

•

Application. Enter the name you wish to give each application.

•

Start Port and End Port. Enter the starting and ending Triggered Range numbers and the Forwarded Range

numbers of the port you wish to forward.

After entering the information, click the

Enable

box to enable that port.

When finished making your changes on this tab, click the

Save Settings

button to save these changes, or click

the

Cancel Changes

button to undo your changes.

Figure 5-28: Applications and Gaming Tab -

Port Range Forward

Figure 5-29: Applications and Gaming Tab -

Port Triggering

27

Chapter 5: Configuring the Wireless-G Broadband Router

The Applications and Gaming Tab - DMZ

Wireless-G Broadband Router with SRX

The Applications and Gaming Tab - DMZ

The DMZ feature allows one network user to be exposed to the Internet for use of a special-purpose service such

as Internet gaming or videoconferencing. DMZ hosting forwards all the ports at the same time to one PC. The Port

Range Forward feature is more secure because it only opens the ports you want to have opened, while DMZ

hosting opens all the ports of one computer, exposing the computer to the Internet.

Any PC whose port is being forwarded must have its DHCP client function disabled and should have a new static

IP address assigned to it because its IP address may change when using the DHCP function.

To expose one PC, select

Enable

. Then, enter the computer's IP address in the

DMZ Host IP Address

field.

Change these settings as described here and click the

Save Settings

button to apply your changes or

Cancel

Changes

to cancel your changes.

The Applications and Gaming Tab - UPnP Forwarding

The

UPnP Forwarding

screen provides options for customization of port services for applications. Make sure that

you have UPnP enabled on your computer to use UPnP Forwarding.

UPnP Forwarding

Application

. In this field, enter the name you wish to give the application. Each name can be up to 12

characters.

Protocol

. Enter the protocol used for this application, either

TCP

or

UDP

, or

Both

.

External Port

. Enter the number of the external port used by the server. Check with the Internet application

documentation for more information.

Internal Client

. For each application, enter the IP Address of the server that you want the Internet users to be

able to access.

Internal Port

. Enter the number of the internal port used by the server. Check with the Internet application

software documentation for more information.

Enabled

. Click the

Enabled

checkbox to enable UPnP forwarding for the relevant application.

Figure 5-30: Applications and Gaming Tab - DMZ

Figure 5-31: Applications and Gaming Tab - UPnP

Forwarding

28

Chapter 5: Configuring the Wireless-G Broadband Router

The Administration Tab - Management

Wireless-G Broadband Router with SRX

When you have finished making changes to the screen, click the

Save Settings

button to save the changes, or

click the

Cancel Changes

button to undo your changes. For help information, click

More

.

The Administration Tab - Management

This section of the Administration tab allows the network’s administrator to manage specific Router functions for

access and security.

Local Router Access

. You can change the Router’s password from here. Enter a new Router password and then

type it again in the

Re-enter to confirm

field to confirm.

Remote Router Access

. To access the Router remotely, from outside the network, verify that

Enable

is selected.

Then, enter the port number that will be open to outside access. You will need to enter the Router’s password

when accessing the Router this way, as usual.

SNMP

Simple Network Management Protocol provides network administrators with the ability to monitor the status of

the Router and receive notification of any critical events as they occur on the network. To enable SNMP, check the

Enabled

box. To configure SNMP, complete all fields. To disable SNMP, remove the checkmark.

Contact

. Enter the name of the network administrator for the Router, and a contact number or e-mail address.

Device Name

. Enter the name of the Router.

Location

. Enter the location of the Router. For example, you could include the name of the building, floor number,

and room location, such as Head Office - Floor 5 - Networking 3.

Get Community

. Enter the password that allows read-only access to the Router’s SNMP information. The default

name is

public

.

Set Community

. Enter the password that allows read/write access to the Router’s SNMP information.The default

name is

private

. A name must be entered in this field.

SNMP Trap-Community

. Enter the password required by the remote host computer that will receive trap

messages or notices sent by the Router.

SNMP Trap-Destination

. Enter the IP address of the remote host computer that will receive the trap messages.

Figure 5-32: Administration Tab - Management

29

Chapter 5: Configuring the Wireless-G Broadband Router

The Administration Tab - Log

Wireless-G Broadband Router with SRX

UPnP

UPnP

. UPnP allows Windows XP and Windows Me to automatically configure the Router for various Internet

applications, such as gaming and videoconferencing.To enable UPnP, check the

Enabled

box. Because allowing

this may present a risk to security, this feature is disabled by default.

Change these settings as described here and click the

Save Settings

button to apply your changes or

Cancel

Changes

to cancel your changes.

The Administration Tab - Log

When you click the Administration tab, you will see the

Log

screen. The

Log

screen provides you with options for

system, Firewall, WAN Connection, and New Traffic logs. of all incoming and outgoing URLs or IP addresses for

your Internet connection. To enable the Router’s log function, click the radio button beside

Enabled

, and check

the box next to the type of log that you want.Then, click

Show Log

to view the log. If you do not wish to have logs,

click the radio button beside

Disabled

.

System Log

.You can view logs for events relating to your system: Unauthorized Login Attempt, Update Time By

NTP Client, and Authorized Login.

Firewall Log

. You can view logs for specific types of Internet attacks and events: Syn Flooding, IP Spoofing, Deny

Policies, Allow Policies, Content Filtering, ICMP Redirect, TCP Null Scan, Smurf Attack, RIP Detect, UDP Flood, and

ICMP flood.

WAN Connection Log

. You can view outgoing connection logs for: Failed Connection and Successful Connection

New Traffic Log

. You can view outgoing and Incoming traffic logs: WAN to LAN and LAN to WAN.

When you have finished making changes on this screen, click the

Save Settings

button to save the changes, or

click the

Cancel Changes

button to undo your changes.

The Administration Tab - Diagnostics

The diagnostic tests (Ping and Traceroute) allow you to check the connections of your network components.

Ping Test

. The Ping test will check the status of a connection. To start the test, enter the IP address of the PC

whose connection you wish to test, how many times you wish to test it, and the size of the packet for testing.

Then, click the

Start Test

button. The test field will show if the test was successful. To stop the test, click the

Abort Test

button. Click the

Clear

button to clear the field.

Figure 5-34: Administration Tab - Diagnostics

Figure 5-33: Administration Tab - Log