Page 76 / 149 Scroll up to view Page 71 - 75
DISCUS™ Multiplay Wireless VoIP AG
(C) (2006) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
70
OGU 930500105-A1
Security Section
tions can be applied to a comprehensive and automatically updated table of
sites to which access is not recommended.
FIGURE 6.
Web Site Restrictions panel
To block access to a web site:
20.
Click the 'Web Site Restrictions' tab in the 'Security' management screen
21.
Click the 'New Entry' link. The 'Restricted Web Site' screen will appear
22.
Enter the web site address (IP address or URL) that you would like to make
inaccessible from your home network (all Web pages within the site will also
be blocked). If the web site address has multiple IP addresses, the Router
will resolve all additional addresses and automatically add them to the
restrictions table.
23.
The Local Host combo-box provides you the ability to specify the computer
or group of computers for which you would like to apply the web site restric-
tion. You can select between any, a specific computer in your LAN, or 'User
Defined'. If you choose the 'User Defined' option, the 'Edit Network Object'
screen will appear. Specifying an address is done by creating a 'Network
Object'.
24.
The Schedule combo-box allows you to define the time period during which
this rule will take effect. By default, the rule will always be active. However,
you can configure scheduled rules by selecting 'User Defined'.
25.
Click 'OK' to save the settings.You will be returned to the previous screen
while the Router attempts to find the site. 'Resolving ...' will appear in the
Status column while the site is being located (the URL is 'resolved' into one
or more IP addresses).
NAT
DISCUS™ Multiplay Wireless VoIP AG features a configurable Network
Address Translation (NAT) and Network Address Port Translation (NAPT) mech-
Page 77 / 149
DISCUS™ Multiplay Wireless VoIP AG
(C) (2006) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
71
OGU 930500105-A1
Security Section
anism, allowing you to control the network addresses and ports of packets
routed through your gateway. When enabling multiple computers on your net-
work to access the Internet using a fixed number of public IP addresses, you
can statically define which LAN IP address will be translated to which NAT IP
address and/or ports.
By default, the Router operates in NAPT routing mode. However, you can con-
trol your network translation by defining static NAT/NAPT rules. Such rules map
LAN computers to NAT IP addresses.
The NAT/NAPT mechanism is useful for managing Internet usage in your LAN,
or complying with various application demands. For example, you can assign
your primary LAN computer with a single NAT IP address, in order to assure its
permanent connection to the Internet. Another example is when an application
server with which you wish to connect, such as a security server, requires that
packets have a specific IP address - you can define a NAT rule for that address.
FIGURE 7.
NAT panel
CONNECTIONS
The connection list displays all the connections that are currently open on the
firewall, as well as various details and statistics. You can use this list to close
undesired connections by clicking their Remove action icons. The basic display
includes the name of the protocol, the different ports it uses, and the direction of
traffic secured.
Press the 'Advanced' button to display a more detailed connection list, which
includes the connection's time-to-live, number of kilo-bytes and packets
received and transmitted, the device type and the routing mode.
Page 78 / 149
DISCUS™ Multiplay Wireless VoIP AG
(C) (2006) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
72
OGU 930500105-A1
Security Section
Use the 'Connections Per Page' combo-box to select the number of connections
to display at once. The 'Approximate Max. Connections' value represents the
amount of additional concurrent connections possible.
FIGURE 8.
Connections panel
ADVANCED FILTERING
Advanced filtering is designed to allow comprehensive control over the Fire-
wall’s behavior. You can define specific input and output rules, control the order
of logically similar sets of rules and make a distinction between rules that apply
to WAN and LAN devices.
To view Router's advanced filtering options, click 'Advanced Filtering' under the
'Firewall' tab in the 'Services' screen. The 'Advanced Filtering' screen will
appear.
This screen is divided into two identical sections, one for 'Input Rule Sets' and
the other for 'Output Rule Sets', which are for configuring inbound and outbound
traffic, respectively. Each section is comprised of subsets, which can be
grouped into three main subjects:
Initial rules - rules defined here will be applied first, on all gateway devices.
Network devices rules - rules can be defined per each gateway device.
Final rules - rules defined here will be applied last, on all gateway devices.
The order of the rules' appearance represents both the order in which they were
defined and the sequence by which they will be applied. You may change this
order after your rules are already defined (without having to delete and then re-
add them), by using the Move Up and Move Down action icons.
There are numerous rules automatically inserted by the firewall in order to pro-
vide improved security and block harmful attacks.
Page 79 / 149
DISCUS™ Multiplay Wireless VoIP AG
(C) (2006) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
73
OGU 930500105-A1
Security Section
To add an advanced filtering rule, first choose the traffic direction and the device
on which to set the rule. Then click the appropriate 'New Entry' link. The 'Add
Advanced Filter' screen will appear: this screen is divided into two main sec-
tions, 'Matching' and 'Operation', which are for defining the operation to be exe-
cuted when matching conditions apply.
FIGURE 9.
Advanced Filtering panel
SECURITY LOG
The Security Log displays a list of firewall-related events, including attempts to
establish inbound and outbound connections, attempts to authenticate through
an administrative interface (Web-based management or Telnet terminal), fire-
wall configuration and system start-up.
To view the security log, click the 'Security Log' tab in the 'Security' manage-
ment screen. The 'Security Log' screen will appear.
Page 80 / 149
DISCUS™ Multiplay Wireless VoIP AG
(C) (2006) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
74
OGU 930500105-A1
Security Section
FIGURE 10.
Security Log panel
Time .
The time the event occurred.
Event .
There are five kinds of events:
Inbound Traffic: The event is a result of an incoming packet.
Outbound Traffic: The event is a result of outgoing packet.
Firewall Setup: Configuration message.
WBM Login: Indicates that a user has logged in to WBM.
CLI Login: Indicates that a user has logged in to CLI (via Telnet).
Event-Type.
A textual description of the event:
Blocked: The packet was blocked. The message is colored red.
Accepted: The packet was accepted. The message is colored green.
Details.
More details about the packet or the event, such as protocol, IP
addresses, ports, etc.
To view or change the security log settings, click the 'Settings' button that
appears at the top of the 'Firewall Log' screen. The 'Security Log Settings'
screen will appear allowing you to set the types of activities for which you would
like to have a log message generated.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top