Nokia IP45 Router Manual PDF (Setup & Configuration Guide)

Page 146 / 342 Scroll up to view Page 141 - 145

8

Setting Up the Nokia IP45 Security Platform Security Policy

146

Nokia IP45 Security Platform User’s Guide v4.0

2.

You can view advanced antivirus settings. Selecting them will enable you to define the

advanced options.

3.

Select the options using the information provided in the

Table 28

.

4.

Click Apply.

The new settings will be saved.

5.

Click Default to restore default values.

Table 28

Advanced Antivirus Settings page fields

Field

Description

Block potentially unsafe file types in

email messages

When enabled blocks all email messages

that contain potentially unsafe attachments

such as executable files.

Pass safe file types without scanning

When enabled skips scanning of some

common file types that are known to be

safe. This option when enabled improves

performance.

Maximum Nesting Level

Limits the number of nested content levels

that will be scanned by the antivirus to

prevent a potential attacker from

overloading the gateway by sending the

extremely nested archive files.

Maximum Compression Ratio

Limits the maximum compression ratio of

the files that Vstream can scan.

Page 147 / 342

VStream Embedded Antivirus

Nokia IP45 Security Platform User’s Guide v4.0

147

Updating VStream Antivirus

If you are subscribed to the VStream Antivirus updates service, virus signatures are updated

automatically, keeping security up-to-date, without requesting for your intervention. You can

also check for updates manually, if required.

To update VStream antivirus

1.

From the main menu, choose Antivirus.

The VStream Antivirus page opens.

2.

Click Update Now.

The VStream Antivirus is updated with the latest antivirus signatures.

You can configure VStream Antivirus settings by using the command-line interface. For more

information about VStream Antivirus commands, see the

Nokia IP45 Security Platform CLI

Reference Guide Version 4.0.

When archived file exceeds limit or

extraction fails

A scan failure may be due to a corrupt file

that cannot be read, a file that exceeds the

maximum nesting level, or a file that

exceeds the maximum compression ratio.

Options:

•

Pass file without scanning

•

Block file

When a password-protected file is

found in archive

VStream cannot extract and scan password-

protected files inside archives. You can

choose to pass such files without scanning,

or to block all password-protected files.

Options:

•

Pass file without scanning

•

Block file

When a corrupt file is found or

decoding fails

Sometimes VStream detects files or

encodings that are corrupt or truncated, and

cannot be scanned completely. You can

choose to ignore and continue scanning or

can block these files completely.

Options:

•

Ignore and continue scanning

•

Block file

Table 28

Advanced Antivirus Settings page fields (

continued

)

Field

Description

Page 148 / 342

8

Setting Up the Nokia IP45 Security Platform Security Policy

148

Nokia IP45 Security Platform User’s Guide v4.0

Setting the Firewall Security Level

You can define the firewall security level on the Firewall page. This level can be adjusted to

three states:

±

Low-level security

—enforces basic control on incoming connections, while permitting all

outgoing connections.

At this level, all inbound traffic is blocked to the external IP address except for ICMP

echoes. All outbound connections are allowed.

±

Medium-level security

—enforces strict control on all incoming connections, while

permitting safe outgoing connections.

When this level is selected, all inbound traffic is blocked. All outbound traffic is allowed to

the Internet except for windows file sharing.

±

High level-security—

enforces strict control on all incoming and outgoing connections.All

inbound traffic is blocked. Restricts all outbound traffic except for the following:

Web traffic (HTTP, HTTPS), email (IMAP, POP3, SMTP), FTP, news groups, Telnet, DNS,

IPSec IKE, and VPN traffic.

The default security level is medium.

±

Block All

—blocks all traffic.

For information on customizing your security policy, see

“Customizing the Nokia IP45 Security

Platform Security Policy”

on page 150.

To change the firewall security level

1.

Choose Security from the main menu.

The Firewall page opens.

2.

To set the security level, move the slider or click on the security level.

The IP45 security level changes accordingly.

Page 149 / 342

Configuring Virtual Servers

Nokia IP45 Security Platform User’s Guide v4.0

149

Note

While setting the security levels, you might experience a temporary break in the service.

Configuring Virtual Servers

Note

If you do not intend to host any public Internet servers (Web server, email server and so on)

in your network, you can skip this section. Configuring servers allows you to create simple

Allow and Forward rules for common services. This is equivalent to creating Firewall rules.

You can selectively allow incoming network connections into your network. For example, you

can set up your own Web server, email server, Telnet server, or an FTP server.

To run a service on a host

1.

Choose Security from the main menu.

The Firewall page opens.

2.

Click Servers.

The Servers page opens, displaying a list of services and a host IP address for each allowed

service.

3.

In the Allow column, check the check box of the desired service or application.

If you are using IP45 Satellite X, check the feature for Satellite X in the VPN Only column.

4.

To allow connections made through a VPN only, select the VPN Only check box.

Page 150 / 342

8

Setting Up the Nokia IP45 Security Platform Security Policy

150

Nokia IP45 Security Platform User’s Guide v4.0

5.

In the Host IP text box of the selected service or application, type the IP address of the

computer that runs the service (one of your network computers) or click

This Computer

to

allow your computer to host the service.

6.

Click Apply.

A success message appears, and the selected computer is allowed to run the desired service or

application.

To restrict access from external network

1.

Click Security on the main menu, and choose Servers.

The Virtual Servers page opens, displaying a list of services and a host IP address for each

allowed service.

2.

In the desired service or application row, click Clear.

The Host IP text box of the desired service is cleared.

3.

Click Apply.

The service or application for the specific host is not allowed.

Customizing the Nokia IP45 Security Platform

Security Policy

The following sections describe how to customize your security policy.

Creating Firewall Rules

The Nokia IP45 Security Platform checks the protocol used, the ports range, and destination IP

address when deciding whether to allow or block traffic.

By default, in the medium security level, the IP45 blocks all connection attempts from the

Internet (WAN) to the LAN, and allows all outgoing connection attempts from the LAN to the

Internet (WAN).

Table 29

Server Fields

Field

Description

Allow

Select the desired service or application.

VPN Only

Select this option to allow only connections made through a VPN.

Host IP

Type the IP address of the computer that will run the service (one

of your network computers) or click the corresponding This

Computer button to allow your computer to host the service.

Rate

Popular Nokia Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share