B

Advanced Pages • Advanced DMZ Host Page

Motorola SURFboard SBG941 Series Wireless Cable Modem Gateways • User Guide

38

570280-001-a

End Port

The ending port number of the Port Trigger range.

Target Range

Start Port

End Port

The starting port number of the Port Trigger range.

The ending port number of the Port Trigger range.

Protocol

Select

TCP

,

UDP

, or

Both

from the drop-down list.

Enable

Select to activate the IP port triggers.

Advanced DMZ Host Page

This page allows you to specify the default recipient of WAN traffic that NAT is unable to

translate to a known local PC. The DMZ (De-militarized Zone) hosting (also commonly

referred to as “Exposed Host”) can also be described as a computer or small

sub-network that is located outside the firewall between the trusted internal private LAN

and the untrusted public Internet. It prevents direct access by outside users to private

data.

For example, you can set up a web server on a DMZ computer to enable outside users

to access your website without exposing confidential data on your network.

A DMZ can also be useful to play interactive games that may have a problem running

through a firewall. You can leave a computer used for gaming only exposed to the

Internet while protecting the rest of your network. For more information, see

Gaming

Configuration Guidelines.

Setting Up the DMZ Host

1.

Enter the computer’s IP address.

2.

Click

Apply

to activate the selected computer as the DMZ host.

B

Advanced Pages • Advanced Routing Information Protocol Setup Page

Motorola SURFboard SBG941 Series Wireless Cable Modem Gateways • User Guide

39

570280-001-a

Advanced Routing Information Protocol Setup Page

This page allows you to configure Routing Information Protocol (RIP) parameters related

to authentication, destination IP address/subnet mask, and reporting intervals. RIP

automatically identifies and uses the best known and quickest route to any given

destination address. To help reduce network congestion and delays, the Advanced RIP

setup is used in WAN networks to identify and use the best known and quickest route to

given destination addresses.

RIP is a protocol that requires negotiation from both sides of the network (i.e., CMRG

and CMTS). The ISP would normally set this up to match their CMTS settings with the

configuration in the CMRG.

Note:

RIP messaging will only be sent upstream when running in Static IP Addressing

mode on the Basic Setup page. You must enable Static IP Addressing and then set the

WAN IP network information!

Field Descriptions for the Advanced RIP Setup Page

Field

Description

RIP Enable

Enables or disables the RIP protocol.

This protocol helps the router dynamically adapt to the

changes in the network. RIP is obsolete since newer routing

protocols, such as OSPF and ISIS, have been introduced.

RIP Authentication

If enabled, a plain text password or a shared key

authentication is added to the RIP packet in order for the

CPE and the wireless router to authenticate each other.

B

Advanced Pages • Advanced Routing Information Protocol Setup Page

Motorola SURFboard SBG941 Series Wireless Cable Modem Gateways • User Guide

40

570280-001-a

RIP Authentication Key

Used to encrypt the plain text password that is enclosed in

each RIP packet.

If you are using the shared key authentication in RIP, you will

need to provide a key.

RIP Authentication Key ID

An unsigned 8-bit field in the RIP packet. This field identifies

the key used to create the authentication data for the RIP

packet, and it also indicates the authentication algorithm.

RIP Reporting Interval

Determines how long before a RIP packet is sent to the CPE.

RIP Destination IP Address

Location where the RIP packet is sent to update the routing

table in your CPE.

RIP Destination IP Subnet Mask

Specifies which CPE you want to receive the RIP packet.

B

Firewall Pages • Advanced Routing Information Protocol Setup Page

Motorola SURFboard SBG941 Series Wireless Cable Modem Gateways • User Guide

41

570280-001-a

8

Firewall Pages

The SBG941 Firewall Pages allow you to configure the SBG941 firewall filters and

firewall alert notifications. The SBG941 firewall protects the SBG941 LAN from

undesired attacks and other intrusions from the Internet. It provides an advanced,

integrated stateful-inspection firewall supporting intrusion detection, session tracking,

and denial-of-service attack prevention. The firewall:

•

Maintains state data for every TCP/IP session on the OSI network and transport

layers.

•

Monitors all incoming and outgoing packets, applies the firewall policy to each one,

and screens for improper packets and intrusion attempts.

•

Provides comprehensive logging for all:

User authentications

Rejected internal and external connection requests

Session creation and termination

Outside attacks (intrusion detection)

You can configure the firewall filters to set rules for port usage. For information about

choosing a predefined firewall policy template, see the Firewall Pages.

You can click any Firewall submenu option to view or change the firewall configuration

information for that option.

For information about how the firewall can affect gaming, see

Gaming Configuration

Guidelines

.

The predefined policies provide outbound Internet access for computers on the SBG941

LAN. The SBG941 firewall uses stateful-inspection to allow inbound responses when

there already is an outbound session running that corresponds to the data flow. For

example, if you use a web browser, outbound HTTP connections are permitted on port

80. Inbound responses from the Internet are allowed because an outbound session is

established.

When required, you can configure the SBG941 firewall to allow inbound packets without

first establishing an outbound session. You also need to configure a port forwarding

entry on the

Advanced Port Forwarding Page

or a DMZ client on the

Advanced DMZ

Host Page

.

B

Firewall Pages • Firewall Web Content Filter Page

Motorola SURFboard SBG941 Series Wireless Cable Modem Gateways • User Guide

42

570280-001-a

Firewall Web Content Filter Page

This page allows you to configure the firewall by enabling or disabling various Web filters

related to blocking or exclusively allowing different types of data through the

Configuration Manager from the WAN to the LAN.

Java Applets, Cookies, ActiveX controls, popup windows, and Proxies can be blocked

from this page. Firewall Protection turns on the Stateful Packet Inspection (SPI) firewall

features. Block Fragmented IP packets prevent all fragmented IP packets from passing

through the firewall. Port Scan Detection detects and blocks port scan activity originating

on both the LAN and WAN. IP Flood Detection detects and blocks packet floods

originating on both the LAN and WAN.

Select each Web filter you want to enable for the firewall and then click

Apply

. The Web

filters activate without having to reboot the SBG941 Configuration Manager.

Note:

At least one Web filter or feature must be enabled for the firewall to be active.

Make sure the firewall is not disabled.