1. Home
    2. /
  2. Manuals
    3. /
  3. Pirelli
    4. /
  4. DRG-A124G
    5. /
  5. 16
Page 76 / 121 Scroll up to view Page 71 - 75
DISCUS™ DRG A124G
Table 2
TABLE 2
List of fields on the MAC Filtering Table
PARAMETER
DESCRIPTION
MAC Address Control
Select to enable or disable this function
MAC Filtering Table
DHCP Client List
Enter the MAC address in the space provided
Use this drop down menu to quickly copy the currently associ-
ated clients to the table
FIREWALL >> URL
BLOCKING
The Router allows the user to block access to web sites by entering either a full
URL address or just a keyword. This feature can be used to protect children
from accessing violent or pornographic web sites.
FIGURE 5
URL Blocking menu
It is possible to define up to 30 sites here.
FIREWALL >> SCHEDULE
RULE
It is possible to filter Internet access for local clients based on rules. Each ac-
cess control rule may be activated at a scheduled time.
Define the schedule on the
Schedule Rule
screen and apply the rule on the
Access Control screen.
© (2008) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
70
OGU 930500195-A1
Firewall Section
Page 77 / 121
DISCUS™ DRG A124G
Schedule Rule
Follow this steps to add a schedule rule:
Select the
Add Schedule Rule
item on the Schedule Rule screen
Define the appropriate settings for a schedule rule
Click
OK
button and then click
SAVE SETTINGS
button to save your set-
tings.
FIGURE 7
Editing of Schedule Rule
FIREWALL >> INTRUSION
DETECTION
It is used to detect and block common hacker attacks. The main firewall feature
is
SPI (Stateful Packet Inspection)
that supports many applications that are us-
ing port numbers. In this section menu there is some fields:
Intrusion Detection Feature
Intrusion Detection Stateful
Packet Inspection (SPI) and
Anti-DoS firewall protection (De-
fault: Enabled)
The Intrusion Detection Feature of the
Router limits access for incoming traffic at
the WAN port. When the SPI feature is
turned on, all incoming traffic at the WAN
port will be blocked except for those types
marked in the Stateful Packet Inspection
© (2008) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
Firewall Section
OGU 930500195-A1
71
Page 78 / 121
DISCUS™ DRG A124G
RIP Defect (Default: Disabled)
If an RIP request packet is not acknowl-
edged to by the router, it will stay in the
input queue and not be released. Accu-
mulated packets could cause the input
queue to fill, causing severe problems for
all protocols. Enabling this feature pre-
vents the packets from accumulating.
Discard Ping to WAN (Default :
Enabled )
Prevent a ping on the Router’s WAN port
from being routed to the network.
Stateful Packet inspection
It’s called a “stateful” packet inspection because it examines the contents of the
packet to determine the state of the communications; i.e., it ensures that the
started destination computer has previously requested the current communica-
tion. This is a way of ensuring that all communications are initiated by the re-
cipient computer and are taking place only with sources that are known and
trusted from the previous interactions. In addition to being more rigorous in their
inspection of packets, stateful inspection firewalls also close off ports until con-
nection to the specific port is requested.
When particular types of traffic are checked, only the particular type of traffic ini-
tiated from the internal LAN will be allowed. For example, if the user only
checks “FTP service” in the Stateful Packet Inspection section, all incoming traf-
fic will be blocked except for FTP connections initiated from the local LAN.
Stateful Packet Inspection allows you to select different application types that
are using dynamic ports numbers. If you wish to use the Stateful Packet Inspec-
tion (SPI) to block packets, click on the Yes radio button in the inspection type
that you need, such as Packet Fragmentation, TCP connection, UDP Session,
FTP Service, H.323 Service, or TFTP Service.
© (2008) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
72
OGU 930500195-A1
Firewall Section
Page 79 / 121
DISCUS™ DRG A124G
Intrusion detection panel
Scroll down to view more information.
When hackers attempt to enter your network, we can alert you by e-
mail
.
Enter your email address. Specify your STMP and POP3 servers, username
and password.
Connection Policy
Enter the appropriate values for TCP / UDP sessions as described in the follow-
ing table.
TABLE 3
List of values TCP/UDP sessions
PARAMETER
DEFAULTS
DESCRIPTION
Fragmentation half-open wait
10 s
Configures the number of seconds that a
packet state structure remains active.
When the timeout value expires the router
drops the unassembled packet, freeing
that structure for use by another packet
TCP SYN wait
30 s
Defines
how long the software will wait for
a TCP session to synchronize before
dropping the session
TCP FIN wait
5 s
Specifies how long TCP session will be
maintained after the firewall detects a FIN
packet
© (2008) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
Firewall Section
OGU 930500195-A1
73
Page 80 / 121
DISCUS™ DRG A124G
TABLE 3
List of values TCP/UDP sessions
PARAMETER
DEFAULTS
DESCRIPTION
TCP connection idle timeout
3600 s
The length of time for which a TDP session
will be managed if there is no activity
UDP session
idle timeout
30 s
The length of time for which a UDP ses-
sion will be managed if there is no activity
H.323 data channel idle
timeout
180 s
The length of time for which a H.323 ses-
sion will be managed if there is no activity
DoS criteria and port scan criteria
Set up DoS and port scan criteria in the spaces provided (as shown in
Table 4)
TABLE 4
List of values of DoS parameters
PARAMETER
DEFAULTS
DESCRIPTION
Total incomplete TCP / UDP ses-
sion HIGH
300 sessions
Defines the rate of new unestablished ses-
sion that will cause the software to start
deleting half-open sessions
Total incomplete TCP / UDP ses-
sion LOW
250 sessions
Defines the rate of new unestablished ses-
sions that will cause the software to stop
deleting half open sessions
Total incomplete TCP / UDP ses-
sion (per min) HIGH
250 sessions
Maximum number of allowed incomplete
TCP / UDP sessions per minute
Total incomplete TCP / UDP ses-
sion (per min) LOW
200 sessions
Minimum number of allowed incomplete
TCP / UDP sessions per minute
Incomplete TCP / UDP sessions
detect sensitive time period
300 msec
Length of time before an incomplete TCP /
UDP session from the same host
Maximum half-open fragmentation
packet number from same host
30
Maximum number of half-open fragmenta-
tion packets from the same host.
Half-open fragmentation detect
sensitive time
period
10000 msec
Length of time before a half-open fragmen-
tation session is detected as half-open
Flooding cracker block time
300 s
Length of time from detecting a flood at-
tack to blocking attack
The firewall does not significantly affect system performance, so we advise enabling the prevention fea-
tures and leaving them at the default settings to protect your network

Rate

4 / 5 based on 1 vote.

Popular Pirelli Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top