Page 76 / 182 Scroll up to view Page 71 - 75
PRG AV4202N
© (2007) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
Security Section
OGU 930500275-A1
69
PORT TRIGGERING
Port triggering can be used for dynamic port forwarding configuration. By setting
port triggering rules, you can allow inbound traffic to arrive at a specific LAN
host, using ports different than those used for the outbound traffic. This is called
port triggering since the outbound traffic triggers to which ports inbound traffic is
directed.
For example, consider a gaming server that is accessed using UDP protocol on
port 2222. The gaming server responds by connecting the user using UDP on
port 3333 when starting gaming sessions. In such a case you must use port
triggering, since this scenario conflicts with the following default firewall settings:
The firewall blocks inbound traffic by default.
The server replies to the Router's IP, and the connection is not sent back to
your host, since it is not part of a session.
In order to solve this you need to define a Port Triggering entry, which allows
inbound traffic on UDP port 3333, only after a LAN host generated traffic to
UDP port 2222. This will result in accepting the inbound traffic from the gaming
server, and sending it back to the LAN Host which originated the outgoing traffic
to UDP port 2222.
Select the 'Port Triggering' tab in the 'Security' management screen. The 'Port
Triggering' screen will appear.
FIGURE 5.
Port Triggering panel
WEB SITE RESTRICTIONS
You may configure the Router to block specific Internet web sites so that they
cannot be accessed from computers in the home network. Moreover, restric-
Page 77 / 182
PRG AV4202N
© (2007) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
70
OGU 930500275-A1
Security Section
tions can be applied to a comprehensive and automatically updated table of
sites to which access is not recommended.
FIGURE 6.
Web Site Restrictions panel
To block access to a web site:
1.
Click the 'Web Site Restrictions' tab in the 'Security' management screen
2.
Click the 'New Entry' link. The 'Restricted Web Site' screen will appear
3.
Enter the web site address (IP address or URL) that you would like to make
inaccessible from your home network (all Web pages within the site will also
be blocked). If the web site address has multiple IP addresses, the Router
will resolve all additional addresses and automatically add them to the re-
strictions table.
4.
The Local Host combo-box provides you the ability to specify the computer
or group of computers for which you would like to apply the web site restric-
tion. You can select between any, a specific computer in your LAN, or 'User
Defined'. If you choose the 'User Defined' option, the 'Edit Network Object'
screen will appear. Specifying an address is done by creating a 'Network
Object'.
5.
The Schedule combo-box allows you to define the time period during which
this rule will take effect. By default, the rule will always be active. However,
you can configure scheduled rules by selecting 'User Defined'.
6.
Click 'OK' to save the settings.You will be returned to the previous screen
while the Router attempts to find the site. 'Resolving ...' will appear in the
Status column while the site is being located (the URL is 'resolved' into one
or more IP addresses).
NAT
PRG AV4202N
features a configurable Network Address Translation (NAT)
and Network Address Port Translation (NAPT) mechanism, allowing you to con-
trol the network addresses and ports of packets routed through your gateway.
When enabling multiple computers on your network to access the Internet using
Page 78 / 182
PRG AV4202N
© (2007) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
Security Section
OGU 930500275-A1
71
a fixed number of public IP addresses, you can statically define which LAN IP
address will be translated to which NAT IP address and/or ports.
By default, the Router operates in NAPT routing mode. However, you can con-
trol your network translation by defining static NAT/NAPT rules. Such rules map
LAN computers to NAT IP addresses.
The NAT/NAPT mechanism is useful for managing Internet usage in your LAN,
or complying with various application demands. For example, you can assign
your primary LAN computer with a single NAT IP address, in order to assure its
permanent connection to the Internet. Another example is when an application
server with which you wish to connect, such as a security server, requires that
packets have a specific IP address - you can define a NAT rule for that address.
FIGURE 7.
NAT panel
CONNECTIONS
The connection list displays all the connections that are currently open on the
firewall, as well as various details and statistics. You can use this list to close
undesired connections by clicking their Remove action icons. The basic display
includes the name of the protocol, the different ports it uses, and the direction of
traffic secured.
Press the 'Advanced' button to display a more detailed connection list, which in-
cludes the connection's time-to-live, number of kilo-bytes and packets received
and transmitted, the device type and the routing mode.
Page 79 / 182
PRG AV4202N
© (2007) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
72
OGU 930500275-A1
Security Section
Use the 'Connections Per Page' combo-box to select the number of connections
to display at once. The 'Approximate Max. Connections' value represents the
amount of additional concurrent connections possible.
FIGURE 8.
Connections panel
ADVANCED FILTERING
Advanced filtering is designed to allow comprehensive control over the Fire-
wall’s behavior. You can define specific input and output rules, control the order
of logically similar sets of rules and make a distinction between rules that apply
to WAN and LAN devices.
To view Router's advanced filtering options, click 'Advanced Filtering' under the
'Firewall' tab in the 'Services' screen. The 'Advanced Filtering' screen will ap-
pear.
This screen is divided into two identical sections, one for 'Input Rule Sets' and
the other for 'Output Rule Sets', which are for configuring inbound and outbound
traffic, respectively. Each section is comprised of subsets, which can be
grouped into three main subjects:
Initial rules - rules defined here will be applied first, on all gateway devices.
Network devices rules - rules can be defined per each gateway device.
Final rules - rules defined here will be applied last, on all gateway devices.
The order of the rules' appearance represents both the order in which they were
defined and the sequence by which they will be applied. You may change this
order after your rules are already defined (without having to delete and then re-
add them), by using the Move Up and Move Down action icons.
Page 80 / 182
PRG AV4202N
© (2007) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
Security Section
OGU 930500275-A1
73
There are numerous rules automatically inserted by the firewall in order to pro-
vide improved security and block harmful attacks.
To add an advanced filtering rule, first choose the traffic direction and the de-
vice on which to set the rule. Then click the appropriate 'New Entry' link. The
'Add Advanced Filter' screen will appear: this screen is divided into two main
sections, 'Matching' and 'Operation', which are for defining the operation to be
executed when matching conditions apply.
FIGURE 9.
Advanced Filtering panel
SECURITY LOG
The Security Log displays a list of firewall-related events, including attempts to
establish inbound and outbound connections, attempts to authenticate through
an administrative interface (Web-based management or Telnet terminal), fire-
wall configuration and system start-up.
To view the security log, click the 'Security Log' tab in the 'Security' manage-
ment screen. The 'Security Log' screen will appear.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top