B

6 • Advanced Pages

36

servers, FTP servers, mail servers, etc. so that they can be accessible from the public

Internet.

Commonly used Port numbers:

•

HTTP: 80

•

FTP: 20, 21

•

Secure Shell: 22

•

Telnet: 23

•

SMTP e-mail: 25

•

SNMP: 161

To map a port, enter the range of port numbers that should be forwarded locally and the

IP address to which traffic to those ports should be sent. To map only a single port, enter

the same port number in the “start” and “end” locations for that IP address.

B

6 • Advanced Pages

37

Advanced Port Triggers Page

Configure dynamic triggers to specific devices on the LAN. This allows for special

applications that require specific port numbers with bi-directional traffic to function

properly. Applications such as video conferencing, voice, gaming, and some messaging

program features may require these special settings.

The Advanced Port Triggers are not static ports held open all the time. When the

Configuration Manager detects outgoing data on a specific IP port number set in the

“Trigger Range,” the resulting ports set in the “Target Range” are opened for incoming

or bi-directional data. If no outgoing traffic is detected on the “Trigger Range” ports for

10 minutes, the “Target Range” ports close. This is a safer method for opening specific

ports for special applications (e.g. video conferencing programs, interactive gaming, file

transfer in chat programs, etc.) because they are dynamically triggered and not held open

constantly or erroneously left open via the router administrator and exposed for potential

hackers to discover.

Field Descriptions for the Advanced Port Triggers Page

Field

Description

Trigger Range

Start Port

End Port

Starting port number of the Port Trigger range.

Ending port number of the Port Trigger range.

Target Range

Start Port

End Port

Starting port number of the Port Trigger range.

Ending port number of the Port Trigger range.

Protocol

Select

TCP

,

UDP

, or

Both

from the drop-down list.

Enable

Select checkbox to activate the IP port triggers.

B

6 • Advanced Pages

38

Advanced DMZ Host Page

Specify the default recipient of WAN traffic that NAT is unable to translate to a known

local PC. The DMZ (De-militarized Zone) is a computer or small sub-network located

outside the firewall, between the trusted internal private LAN and the untrusted public

Internet, that prevents direct access by outside users to private data.

For example, you can set up a web server on a DMZ computer to enable outside users

to access your website without exposing confidential data on your network.

A DMZ is also useful to play interactive games that may have a problem running through

a firewall. You can leave a computer used for gaming only exposed to the Internet while

protecting the rest of your network.

You can configure one PC to be the DMZ host. This setting is generally used for PCs

using problem applications that use random port numbers and do not function correctly

with specific port triggers or the port forwarding setups. If you set up a PC as a DMZ

Host, set this back to zero when you are finished with the needed application, since this

PC will be effectively exposed to the public Internet, though still protected from Denial of

Service (DoS) attacks via the Firewall.

Setting Up the DMZ Host

1.

Enter the computer’s IP address.

2.

Click

Apply

to activate the selected computer as the DMZ host.

Advanced Routing Information Protocol Setup

Page

Configure Routing Information Protocol (RIP) parameters related to authentication,

destination IP address/subnet mask, and reporting intervals. RIP automatically identifies

and uses the best and quickest route to any given destination address. The RIP protocol

requires negotiation from both sides (CMRG and CMTS) of the network. The ISP usually

sets this up to match their CMTS settings with the configuration in the CMRG.

Note:

RIP messaging is sent upstream only when running in Static IP

Addressing mode on the Basic Setup page. You must enable Static IP

Addressing and then set the WAN IP network information! RIP is normally

a function that is tightly controlled via the ISP. RIP Authentication Keys

and IDs are normally held as secret information from the end user to

prevent unauthorized RIP settings.

B

6 • Advanced Pages

39

Field Descriptions for the Advanced RIP Setup Page

Field

Description

RIP Enable

Enables or disables the RIP protocol.

RIP helps the router dynamically adapt to the changes in the

network. Now obsolete by newer routing protocols, such as

OSPF and ISIS.

RIP Authentication

Adds a plain text password or a shared key to the RIP packet

for the CPE and the wireless router to authenticate each

other.

RIP Authentication Key

Encrypts the plain text password that is enclosed in each RIP

packet.

If you are using the shared key authentication in RIP, you

need to provide a key.

RIP Authentication Key ID

Identifies the key to create the authentication data for the RIP

packet and indicates the authentication algorithm.

RIP Reporting Interval

Determines how long before a RIP packet is sent to the CPE.

RIP Destination IP Address

Sets location where the RIP packet is sent to update the

routing table in your CPE.

RIP Destination IP Subnet

Mask

Specifies which CPE you want to receive the RIP packet.

B

7 • Firewall Pages

40

7

Firewall Pages

Use the Firewall Pages to configure the firewall filters and firewall alert notifications. The

firewall protects the SVG1501 LAN from undesired attacks and other intrusions from the

Internet. The firewall:

•

Maintains state data for every TCP/IP session on the OSI network and transport

layers.

•

Monitors all incoming and outgoing packets, applies the firewall policy to each one,

and screens for improper packets and intrusion attempts.

•

Provides comprehensive logging for all:

User authentications

Rejected internal and external connection requests

Session creation and termination

Outside attacks (intrusion detection)

You can configure the firewall filters to set rules for port usage.

Firewall Web Content Filter Page

Configure the firewall by enabling or disabling various Web filters related to blocking or

exclusively allowing different types of data through the Configuration Manager from the

WAN to the LAN.

You can block Java Applets, Cookies, ActiveX controls, popup windows, and Proxies.

Firewall Protection turns on the Stateful Packet Inspection (SPI) firewall features.