Protecting Your Wireless Network

B

SVG6x82 Series Wireless Voice Gateway

•

User Guide

18

590934-001-a

Basic Firewall

The Web Content Filter page has various settings related to blocking or exclusively allowing different

types of data through the CMRG from the WAN to the LAN. There are three security firewall protection

levels (low, medium, and high) which correspond to the number of services allowed.

Firewall Protection turns ON the Stateful Packet Inspection (SPI) firewall features. Block Fragmented IP

packets prevents all fragmented IP packets from passing through the firewall. Port Scan Detection

detects and blocks port scan activity originating on both the LAN and WAN. IP Flood Detection detects

and blocks packet floods originating on both the LAN and WAN.

You can block Java Applets, Cookies, ActiveX controls, popup windows, and Proxies. Firewall Protection

turns on the Stateful Packet Inspection (SPI) firewall features.

To open the Firewall Basic Web Content Filter page:

1.

Click

Firewall

on the SVG6x82 Menu Options bar.

2.

Click

Basic

from the Status submenu options.

Figure 11 – Firewall Basic Web Content Filter Page

3.

Click the Firewall Protection drop-down to select the protection level or turn OFF security protection.

ο

High

- Safest configuration, highest security

ο

Medium

- Common configuration, modest risk

ο

Low

- Minimum security, higher risk

ο

Off

- No security, highest risk

4.

Click

Enable

for each Web filter you want to set for the firewall and then click

Apply

.

Firewall Web Filter

The Firewall web filter page allows you to filter outbound connections, restrict or grant access to

specified MAC addresses. To open the Firewall Web Filtering page:

1.

Click

Firewall

on the SVG6x82 Menu Options bar.

2.

Click

Web Filter

from the Status submenu options.

3.

Click

Create

and enter the information for each web filter you want to create.

Protecting Your Wireless Network

B

SVG6x82 Series Wireless Voice Gateway

•

User Guide

19

590934-001-a

Figure 12 – Firewall Web Filtering Page

Firewall Local Log

You can set up email to enable automatic email alerts. The Local Event Log can send out firewall attack

reports in two ways:

•

Individual emails are sent out automatically each time the firewall is under attack

•

A local log is stored within the gateway and displayed in table form on the Local Log page

Individual emails will now be sent to the specified address each time an attack is detected.

To open the Firewall Local Log page:

1.

Click

Firewall

on the SVG6x82 Menu Options bar.

2.

Click

Local Log

from the Status submenu options.

Figure 13 – Firewall Local Log Page

3.

Enter your email address for the Contact Email Address field.

4.

Enter the SMTP email account, user name, and password in the next fields.

Note

: The Outgoing) mail server address is provided b your service provider.

5.

Select

Enable

checkbox if you want to receive firewall email alerts, and then click

Apply

.

6.

Click

E-mail Log

to send a summary of the Event Log Table to the contact specified contact email

address.

7.

Click

Clear Log

to clear the table.

Protecting Your Wireless Network

B

SVG6x82 Series Wireless Voice Gateway

•

User Guide

20

590934-001-a

Firewall Remote Log

This Firewall configuration sends firewall attack reports to a standard SysLog server so that multiple

instances can be logged over a period of time. You can select individual attack or configuration items to

send to the SysLog server so that only the items of interest will be monitored. You can log any of the

following:

•

Permitted connections

- Select to have the server e-mail you logs of who is connecting to your

network.

•

Blocked connections

- Select to have the server e-mail you logs of who is blocked from connecting

to your network.

•

Known Internet attack types

- Select to have the server e-mail you logs of known Internet attacks

against your network.

•

Product configuration events

- Select to have the server e-mail you logs of the basic product

configuration events logs.

Note

: The SysLog server must be on the same network as the Private LAN behind the Configuration

Manager (typically

192.168.0.x

).

To open the Firewall Remote Log page:

1.

Click

Firewall

on the SVG6x82 Menu Options bar.

2.

Click

Remote Log

from the Status submenu options.

Figure 14 – Firewall Remote Log Page

3.

Select all the desired event types that you want to monitor.

4.

Enter the last byte (from

10

to

254

) of the IP address of the SysLog server.

Note

: Normally, the IP address of this SysLog server is hard-coded so that the address does not

change and always agrees with the entry on this page.

5.

Click

Apply.

Protecting Your Wireless Network

B

SVG6x82 Series Wireless Voice Gateway

•

User Guide

21

590934-001-a

Setting Up the DMZ Host

The DMZ (De-militarized Zone) is a computer or small sub-network located outside the firewall, between

the trusted internal private LAN and the untrusted public Internet that prevents direct access by outside

users to private data. DMZ host lets you specify the default recipient of WAN traffic that NAT is unable to

translate to a known local computer.

You can configure one computer to be the DMZ host. This setting is generally used for computers using

problem applications that use random port numbers and do not function correctly with specific port

triggers or the port forwarding setups. If you set up a computer as a DMZ Host, set this back to zero

when you are finished with the needed application, since this computer will be effectively exposed to the

public Internet, though still protected from Denial of Service (DoS) attacks via the Firewall.

For example, you can set up a web server on a DMZ computer to enable outside users to access your

website without exposing confidential data on your network.

A DMZ is also useful to play interactive games that may have a problem running through a firewall. You

can leave a computer used for gaming only exposed to the Internet while protecting the rest of your

network.

To open the DMZ Host page:

1.

Click

Advanced

on the SVG6x82 Menu Options bar.

2.

Click

DMZ Host

from the Status submenu options.

Figure 15 – Advanced DMZ Host Page

3.

Enter the last byte (from

10

to

254

) of the IP address of the computer you want to set up as the

DMZ host.

4.

Click

Apply

to activate the selected computer.

Monitoring Your Network

B

SVG6x82 Series Wireless Voice Gateway

•

User Guide

22

590934-001-a

Monitoring Your Network

Use the SVG6x82 Status pages to obtain information about the gateway hardware and software, MAC

address, gateway IP address, serial number; and to monitor the gateway system connection.

Viewing the Gateway Software Information

The Software status page displays information about the hardware version, software version, MAC

address, cable modem IP address, serial number, system "up" time, and network registration status.

To open the Status Software page:

1.

Click

Status

on the SVG6x82 Menu Options bar.

2.

Click

Software

from the Status submenu options.

Figure 16 – SVG6x82 Status Software Page

3.

Click the

Refresh

button in your web browser to refresh the information on this page.

7