B

6 •

Advanced Pages

50

automatically identifies and uses the best known and quickest route to any given

destination address. To help reduce network congestion and delays, the Advanced RIP

setup is used in WAN networks to identify and use the best known and quickest route to

given destination addresses.

RIP is a protocol that requires negotiation from both sides of the network (i.e., CMRG

and CMTS). The ISP would normally set this up to match their CMTS settings with the

configuration in the CMRG.

Note:

RIP messaging will only be sent upstream when running in Static

IP Addressing mode on the Basic

Setup page. You must enable Static

IP Addressing and then set the WAN IP network information! RIP is

normally a function that is tightly controlled via the ISP. RIP

Authentication Keys and IDs are normally held as secret information

from the end user to prevent unauthorized RIP settings.

Field Descriptions for the Advanced RIP Setup Page

Field

Description

RIP Enable

Enables or disables the RIP protocol.

This protocol helps the router dynamically adapt to the

changes in the network. RIP is now considered obsolete

since newer routing protocols, such as OSPF and ISIS, have

been introduced.

RIP Authentication

If this field is enabled, a plain text password or a shared key

authentication is added to the RIP packet in order for the CPE

and the wireless router to authenticate each other.

RIP Authentication Key

Used to encrypt the plain text password that is enclosed in

each RIP packet.

If you are using the shared key authentication in RIP, you will

need to provide a key.

RIP Authentication Key ID

An unsigned 8-bit field in the RIP packet. This field identifies

the key used to create the authentication data for the RIP

B

6 •

Advanced Pages

51

Field

Description

packet, and it also indicates the authentication algorithm.

RIP Reporting Interval

Determines how long before a RIP packet is sent out to the

CPE.

RIP Destination IP Address

Location where the RIP packet is sent to update the routing

table in your CPE.

RIP Destination IP Subnet

Mask

Specifies which CPE you want to receive the RIP packet.

B

7 •

Firewall Pages

52

7

Firewall Pages

The SBG901 Firewall Pages allow you to configure the SBG901 firewall filters and

firewall alert notifications. The SBG901 firewall protects the SBG901 LAN from

undesired attacks and other intrusions from the Internet. It provides an advanced,

integrated stateful-inspection firewall supporting intrusion detection, session tracking,

and denial-of-service attack prevention. The firewall:

•

Maintains state data for every TCP/IP session on the OSI network and transport

layers.

•

Monitors all incoming and outgoing packets, applies the firewall policy to each one,

and screens for improper packets and intrusion attempts.

•

Provides comprehensive logging for all:

•

User authentications

•

Rejected internal and external connection requests

•

Session creation and termination

•

Outside attacks (intrusion detection)

You can configure the firewall filters to set rules for port usage. For information about

choosing a predefined firewall policy template, see the Firewall Pages.

You can click any Firewall submenu option to view or change the firewall configuration

information for that option.

For information about how the firewall can affect gaming, see

Gaming Configuration

Guidelines

.

The predefined policies provide outbound Internet access for computers on the SBG901

LAN. The SBG901 firewall uses

stateful-inspection

to allow inbound responses when

there already is an outbound session running that corresponds to the data flow. For

example, if you use a web browser, outbound HTTP connections are permitted on port

80. Inbound responses from the Internet are allowed because an outbound session is

established.

When required, you can configure the SBG901 firewall to allow inbound packets without

first establishing an outbound session. You also need to configure a port forwarding

entry on the

Advanced Port Forwarding Page

or a DMZ client on the

Advanced DMZ

Host Page

.

B

7 •

Firewall Pages

53

Firewall Web Content Filter Page

This page allows you to configure the firewall by enabling or disabling various Web filters

related to blocking or exclusively allowing different types of data through the

Configuration Manager from the WAN to the LAN.

Java Applets, Cookies, ActiveX controls, popup windows, and Proxies can be blocked

from this page. Firewall Protection turns on the Stateful Packet Inspection (SPI) firewall

features. Block Fragmented IP packets prevent all fragmented IP packets from passing

through the firewall. Port Scan Detection detects and blocks port scan activity originating

on both the LAN and WAN. IP Flood Detection detects and blocks packet floods

originating on both the LAN and WAN.

Checkmark

Enable

for each Web filter you want to set for the firewall, and then click

Apply

. The Web filters will activate without having to reboot the SBG901 Configuration

Manager.

Note:

At least one Web filter or feature must be enabled for the firewall

to be active. Make sure the firewall is not disabled.

B

7 •

Firewall Pages

54

Firewall Local Log Page

This page allows you to set up how to send notification of the firewall event log in either

of the following formats:

•

Individual e-mail alerts sent out automatically each time the firewall is under attack

•

Local log is stored within the modem and displayed in table form on the Local Log

page

Field Descriptions for the Firewall Local Log Page

Field

Description

Contact Email Address

Your email address

SMTP Server Name

Name of the e-mail (Simple Mail Transfer Protocol)

server.

The firewall page needs your email server name to

send a firewall log to your email address. You can

obtain the SMTP server name from your Internet

service provider.

E-mail Alerts

Enable or disable e-mailing firewall alerts.