1. Home
    2. /
  2. Manuals
    3. /
  3. Option
    4. /
  4. GlobeSurfer-II
    5. /
  5. 10
Page 46 / 126 Scroll up to view Page 41 - 45
46
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
1. Open your Network Connections window from Window
®
’s Control Panel (see Figure 5.67).
Figure 5.67 Network Connections
2. Double-click the wireless connection icon. The ‘Wireless Network Connection’ screen will appear, displaying all available
wireless networks in your vicinity. If your gateway is connected and active, you will see GlobeSurfer
®
II’s wireless connection
(see Figure 5.68). Note that the connection’s status is ‘Not connected’ and defined as “Unsecured wireless network”.
Figure 5.68 Available Wireless Networks
3. Click the connection once to mark it and then press the ‘Connect’ button at the bottom of the screen. After the connection is
established, its status will change to ‘Connected’:
Figure 5.69 Connected Wireless Network
An icon will appear in the notification area, announcing the successful initiation of the wireless connection (see Figure 5.70).
Figure 5.70 Wireless Network Information
Page 47 / 126
47
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
You can now use GlobeSurfer
®
II’s wireless network from the configured PC. However, so can any other user with a wireless
PC, which happens to be in your network’s radio range. Such a user has access to any disk shares available in your network.
To prevent this scenario, the next logical step is to secure your wireless network, allowing only specific users to connect. To
learn more about securing your Wireless Network, see section 5.2.4.3.
5.3
Security
The GlobeSurfer
®
II includes comprehensive and robust security services: Stateful Packet Inspection Firewall, user authentication
protocols and password protection mechanisms. These features together allow users to connect their computers to the Internet and
simultaneously be protected from the security threats of the Internet.
The firewall, the cornerstone of the GlobeSurfer
®
II security services, has been exclusively tailored to the needs of the residential/office
user and has been pre-configured to provide optimum security.
The GlobeSurfer
®
II firewall provides both the security and flexibility that home and office users seek. It provides a managed,
professional level of network security while enabling the safe use of interactive applications, such as Internet gaming and
videoconferencing.
The GlobeSurfer
®
II firewall supports advanced filtering, designed to allow comprehensive control over the firewall’s behavior. You can
define specific input and output rules, control the order of logically similar sets of rules and make a distinction between rules that apply
to WAN and LAN network devices.
The General tab allows you to choose the security level for the firewall (see section 5.3.1)
The Access control tab can be used to restrict access from the local network to the Internet (see section 0).
The Port forwarding tab can be used to enable access from the Internet to specified services provided by computers in the local
network and special Internet applications (see section 5.3.3).
The DMZ host tab allows you to configure a LAN host to receive all traffic arriving at your GlobeSurfer
®
II, which does not belong
to a known session (see section 0).
The Port triggering tab allows you to define port triggering entries, to dynamically open the firewall for some protocols or ports.
(see section 0).
The Website Restrictions tab allows you to block LAN access to a certain host or Web site on the Internet (see section 5.3.6).
Advanced filtering tab allows you to implicitly control the firewall setting and rules (see section 5.3.7).
Security log tab allows you to view and configure the firewall Log (see section 5.3.8)
5.3.1
General
Use the ‘General’ screen to configure the gateway’s basic security settings.
Figure 5.71 General overview
Page 48 / 126
48
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
The firewall regulates the flow of data between the home network and the Internet. Both incoming and outgoing data are
inspected and then either accepted (allowed to pass through GlobeSurfer
®
II) or rejected (barred from passing through
GlobeSurfer
®
II) according to a flexible and configurable set of rules. These rules are designed to prevent unwanted intrusions
from the outside, while allowing home users access to the Internet services that they require.
The firewall rules specify what types of services available on the Internet may be accessed from the home network and what
types of services available in the home network may be accessed from the Internet. Each request for a service that the firewall
receives, whether originating in the Internet or from a computer in the home network, is checked against the set of firewall
rules to determine whether the request should be allowed to pass through the firewall. If the request is permitted to pass, then
all subsequent data associated with this request (a “session”) will also be allowed to pass, regardless of its direction.
For example, when you point your Web browser to a Web page on the Internet, a request is sent out to the Internet for this
page. When the request reaches GlobeSurfer
®
II the firewall will identify the request type and origin, HTTP and a specific PC in
your home network, in this case. Unless you have configured access control to block requests of this type from this computer,
the firewall will allow this request to pass out onto the Internet (see section 5.3.2 for more on setting access controls). When
the Web page is returned from the Web server the firewall will associate it with this session and allow it to pass, regardless of
whether HTTP access from the Internet to the home network is blocked or permitted.
The important thing to note here is that it is the origin of the request, not subsequent responses to this request, that
determines whether a session can be established or not.
You may choose from among three pre-defined security levels for GlobeSurfer
®
II: Minimum, Typical and Maximum. The table
below summarizes the behavior of GlobeSurfer
®
II for each of the three security levels.
SECURITY LEVEL
REQUESTS ORIGINATING IN THE
WAN (INCOMING TRAFFIC)
REQUESTS ORIGINATING IN THE LAN
(OUTGOING TRAFFIC)
Maximum Securityww
Blocked: No access to home network
from Internet, except as configured in
the Port Forwarding, DMZ host and
Remote Access screens
Limited: By default, Only commonly-
used services, such as Webbrowsing
and e-mail, are permitted *
Typical Security
Blocked: No access to home network
from Internet, except as configured in
the Port Forwarding, DMZ host and
Remote Access screens
Blocked: No access to home network
from Internet, except as configured in
the Port Forwarding, DMZ host and
Remote Access screens
Minumum Security
Unrestricted: Permits full access
from Internet to home network; all
connection attempts permitted
Blocked: No access to home network
from Internet, except as configured in
the Port Forwarding, DMZ host and
Remote Access screens
* These services include Telnet, FTP, HTTP, HTTPS, DNS, IMAP, POP3 and SMTP. The list of allowed services at ‘Maximum
Security’ mode can be edited in the Access Control page.
Attention
: Some applications (such as some Internet messengers and Peer-To-Peer client applications) tend to use these
ports, if they cannot connect with their own default ports. When applying this behavior, these applications will not be blocked
outbound, even at Maximum Security Level.
To configure GlobeSurfer
®
II’s security settings:
1.
Choose from among the three predefined security levels described in the table above.
Using the Minimum Security setting may expose the home network to significant security risks, and thus should only be
used, when necessary, for short periods of time.
2.
Check the ‘Block IP Fragments’ box in order to protect your home network from a common type of hacker attack that could
make use of fragmented data packets to sabotage your home network.
Note that VPN over IPSec and some UDP-based services make legitimate use of IP fragments. You will need to allow IP
fragments to pass into the home network in order to make use of these select services.
3.
Click the ‘OK’ button to save your changes.
Page 49 / 126
49
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
5.3.2
Access control
You may want to block specific computers within the home network (or even the whole network) from accessing certain
services on the Internet. For example, you may want to prohibit one computer from surfing the Web, another computer from
transferring files using FTP, and the whole network from receiving incoming e-mail.
Access Control defines restrictions on the types of requests that may pass from the home network out to the Internet, and
thus may block traffic flowing in both directions. It can also be used for allowing specific services when maximum security
is configured. In the e-mail example given above, you may prevent computers in the home network from receiving e-mail by
blocking their outgoing requests to POP3 servers on the Internet.
There are numerous services you should consider blocking, such as popular game and file sharing servers. For example, if you
want to make sure that your employees do not put your business at risk from illegally traded copyright files, you may want to
block several popular P2P and file sharing applications.
To allow or restrict services:
1.
Select the ‘Access Control’ tab in the ‘Security’ management screen. The ‘Access Control’ screen will appear (see Figure 5.72).
Figure 5.72 Access Control
2.
Click the ‘New Entry’ link. The ‘Add Access Control Rule’ screen will appear (see Figure 5.73).
Figure 5.73 Access Control Add Rule
3.
The Address combo box provides you the ability to specify the computer or group of computers for which you would like
to apply the access control rule. You can select between any or a specific computer address in your LAN. If you choose
the ‘User defined’ option, the screen will refresh, and you will be directed to the ‘Edit Network Object’ page where you can
specify a network object. To learn more about network objects, see chapter 6.6.8.
4.
The Protocol combo box lets you select or specify the type of protocol that will be used. In addition to the list of popular
protocols it provides, you may also choose any or a specific protocol. If you choose the ‘User defined’ option, the screen
will refresh, and you will be redirected to the ‘Edit Service’ page where you can specify a protocol. To learn more about
defining protocols, see chapter 6.6.15.
5.
The Schedule combo box allows you to define the time period during which this rule will take effect. You can select
between ‘Always’ or a specific schedule. If you choose the ‘Specify Schedule’ option, the screen will refresh, and you will
be directed to the ‘Edit Scheduler rule’ page where you can define your own rule. To learn more about defining scheduler
rules, see section 6.6.4.
Page 50 / 126
50
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
6.
Click the ‘OK’ button to save your changes. The ‘Access Control’ screen will display a summary of the rule that you just
added (see Figure 5.74).
Figure 5.74 Access control Rule Summary
5.3.3
Port forwarding
In its default state, GlobeSurfer
®
II blocks all external users from connecting to or communicating with your network. Therefore
the system is safe from hackers who may try to intrude on the network and damage it. However, you may want to expose
your network to the Internet in certain limited and controlled ways in order to enable some applications to work from the LAN
(game, voice and chat applications, for example) and to enable Internet-access to servers in the home network. The Port
Forwarding feature supports both of these functionalities. If you are familiar with networking terminology and concepts, you
may have encountered this topic referred to as “Local Servers”.
The ‘Port Forwarding’ tab lets you define the applications that require special handling by GlobeSurfer
®
II. All you have to do is
select the application’s protocol and the local IP address of the computer that will be using or providing the service. If required,
you may add new protocols in addition to the most common ones provided by GlobeSurfer
®
II.
For example, if you wanted to use a File Transfer Protocol (FTP) application on one of your PCs, you would simply select
‘FTP’ from the list and enter the local IP address or host name of the designated computer. All FTP-related data arriving at
GlobeSurfer
®
II from the Internet will henceforth be forwarded to the specified computer.
Similarly, if you want to grant Internet users access to servers inside your home network, you must identify each service that
you want to provide and the PC that will provide it. For example, if you want to host a Web server inside the home network you
must select ‘HTTP’ from the list of protocols and enter the local IP address or host name of the computer that will host the
Web server. When an Internet user points her browser to the external IP address of GlobeSurfer
®
II, the gateway will forward
the incoming HTTP request to the computer that is hosting the Web server.
Additionally, port forwarding enables you to redirect traffic to a different port instead of the one to which it was designated.
Lets say, that you have a Web server running on your PC on port 8080 and you want to grant access to this server to anyone
who accesses GlobeSurfer
®
II via HTTP. To accomplish this, do the following:
Define a port forwarding rule for the HTTP service, with the PC’s IP or host name.
Specify 8080 in the ‘Forward to Port’ field.
All incoming HTTP traffic will now be forwarded to the PC running theWeb server on port 8080. When setting a port forwarding
service, you must ensure that the port is not already in
use by another application, which may stop functioning. A common example is when using SIP signaling in Voice over IP - the
port used by the gateway’s VoIP application (5060) is the same port on which port forwarding is set for LAN SIP agents.
Note: Some applications, such as FTP, TFTP, PPTP and H323, require the support of special specific Application Level Gateway
(ALG) modules in order to work inside the home network. Data packets associated with these applications contain information
that allows them to be routed correctly. An ALG is needed to handle these packets and ensure that they reach their intended
destinations. GlobeSurfer
®
II is equipped with a robust list of ALG modules in order to enable maximum functionality in the
home network.
Note:
The ALG is automatically assigned based on the destination port.

Rate

4 / 5 based on 2 votes.

Popular Option Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top