Page 61 / 216 Scroll up to view Page 56 - 60
61
The following table is the simplified version of VOIP line/hook/etc. states during different conditions.
The following table provides the state changes during the boot-up procedure.
VOIP
Line 1/2
Hook state
WAN IP
Reg-state
FXS
Voltage
Tone
LED
Disable
On/Off-hook
UP
Idle
OFF
N/A
off
Enabled
On-hook
UP
Registered
ON
N/A
Solid
Enabled
Off-hook
UP
Registered
ON
DIAL TONE
Blink
Enabled
On/off hook
UP
Failure
OFF
N/A
off
Enabled
On/off hook
DOWN
Idle
OFF
N/A
off
VOIP
Line 1/2
WAN
Status
Hook State
Reg-state
FXS
Voltage
Tone
LED
Disable
Down
Off-hook
Idle
On-to-off
off
off
Enabled
Down
On/Off-hook
Idle
ON
Congestion
off
Enabled
Up
Off-hook
Registered
ON
Congestion.
Dial Tone
played after
the hook state
is changed.
ON
Page 62 / 216
Administrator’s Handbook
62
Firewall
When you click the
Firewall
tab, the
Firewall
Status page appears. The Firewall page displays the status of your
system firewall elements.
All computer operating systems are vulnerable to attack from outside sources, typically at the operating system or
Internet Protocol (IP) layers. Stateful Inspection firewalls intercept and analyze incoming data packets to deter-
mine whether they should be admitted to your private LAN, based on multiple criteria, or blocked. Stateful inspec-
tion improves security by tracking data packets over a period of time, examining incoming and outgoing packets.
Outgoing packets that request specific types of incoming packets are tracked; only those incoming packets consti-
tuting a proper response are allowed through the firewall.
Stateful inspection is a security feature that prevents unsolicited inbound access when NAT is disabled. You can
configure UDP and TCP “no-activity” periods that will also apply to NAT time-outs if stateful inspection is enabled
on the interface. Stateful Inspection parameters are active on a WAN interface only if enabled on your system.
Stateful inspection can be enabled on a WAN interface whether NAT is enabled or not.
The center section displays the following:
The links at the top of the Firewall page access a series of pages to allow you to configure security features of
your device. The following sections give brief descriptions of these pages.
Packet Filter
” on page
63
NA
T/Gaming
” on page
69
IP
Passthrough
” on page
75
Firewall
Advanced
” on page
78
Packet Filter
May be On or Off
IP Passthrough
May be On or Off
NAT Default Server
May be On or Off
Firewall Advanced
May be On or Off
Page 63 / 216
63
Link: Packet Filter
When you click the
Packet Filter
link the
Packet Filter
screen appears.
Security should be a high priority for anyone administering a network connected to the Internet. Using packet fil-
ters to control network communications can greatly improve your network’s security. The Packet Filter engine
allows creation of a maximum of eight Filtersets. Each Filterset can have up to eight rules configured.
WARNING:
Before attempting to configure filters and filtersets, please read and understand this entire section
thoroughly. The Motorola Gateway incorporating NAT has advanced security features built in.
Improperly adding filters and filtersets increases the possibility of loss of communication with the
Gateway and the Internet. Never attempt to configure filters unless you are local to the Gateway.
Although using filtersets can enhance network security, there are disadvantages:
• Filters are complex. Combining them in filtersets introduces subtle interactions, increasing the like-
lihood of implementation errors.
• Enabling a large number of filters can have a negative impact on performance. Processing of pack-
ets will take longer if they have to go through many checkpoints in addition to NAT.
• Too much reliance on packet filters can cause too little reliance on other security methods. Filter-
sets are not a substitute for password protection, effective safeguarding of passwords, and general
awareness of how your network may be vulnerable.
Motorola’s packet filters are designed to provide security for the Internet connections made to and from your net-
work. You can customize the Gateway’s filtersets for a variety of packet filtering applications. Typically, you use fil-
ters to selectively admit or refuse TCP/IP connections from certain remote networks and specific hosts. You will
also use filters to screen particular types of connections. This is commonly called firewalling your network.
Before creating filtersets, you should read the next few sections to learn more about how these powerful security
tools work.
Page 64 / 216
Administrator’s Handbook
64
Parts of a filter
A filter consists of criteria based on packet attributes. A typical filter can match a packet on any one of the follow-
ing attributes:
The source IP address (where the packet was sent from)
The destination IP address (where the packet is going)
The type of higher-layer Internet protocol the packet is carrying, such as TCP or UDP
Other filter attributes
There are three other attributes to each filter:
The filter’s order (i.e., priority) in the filterset
Whether the filter is currently active
Whether the filter is set to forward packets or to block (discard) packets
Design guidelines
Careful thought must go into designing a new filterset. You should consider the following guidelines:
Be sure the filterset’s overall purpose is clear from the beginning. A vague purpose can lead to a faulty set, and
that can actually make your network less secure.
Be sure each individual filter’s purpose is clear.
Determine how filter priority will affect the set’s actions. Test the set (on paper) by determining how the filters
would respond to a number of different hypothetical packets.
Consider the combined effect of the filters. If every filter in a set fails to match on a particular packet, the
packet is:
• Forwarded if all the filters are configured to discard (not forward)
• Discarded if all the filters are configured to forward
• Discarded if the set contains a combination of forward and discard filters
An approach to using filters
The ultimate goal of network security is to prevent unauthorized access to the network without compromising
authorized access. Using filtersets is part of reaching that goal.
Each filterset you design will be based on one of the following approaches:
That which is not expressly prohibited is permitted.
That which is not expressly permitted is prohibited.
It is strongly recommended that you take the latter, and safer, approach to all of your filterset designs.
Page 65 / 216
65
Working with Packet Filters
To work with filters, begin by accessing the
Packet Filter
page.
Packet Filter
Enable/Disable Packet Filters
– Click this button to globally turn your filters on or off.
Packet Filter Rules
Buttons:
Click either
Add a ‘Drop’ Rule
or
Add a ‘Pass’ Rule
button.
Action
:
drop
: If you select
drop
, the specified packets will be blocked.
pass
: If you select
pass
, the specified packets will be forwarded.

Rate

4 / 5 based on 3 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top