DISCUS™ Multiplay Wireless VoIP AG

(C) (2006) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.

70

OGU 930500105-A1

Security Section

tions can be applied to a comprehensive and automatically updated table of

sites to which access is not recommended.

FIGURE 6.

Web Site Restrictions panel

To block access to a web site:

20.

Click the 'Web Site Restrictions' tab in the 'Security' management screen

21.

Click the 'New Entry' link. The 'Restricted Web Site' screen will appear

22.

Enter the web site address (IP address or URL) that you would like to make

inaccessible from your home network (all Web pages within the site will also

be blocked). If the web site address has multiple IP addresses, the Router

will resolve all additional addresses and automatically add them to the

restrictions table.

23.

The Local Host combo-box provides you the ability to specify the computer

or group of computers for which you would like to apply the web site restric-

tion. You can select between any, a specific computer in your LAN, or 'User

Defined'. If you choose the 'User Defined' option, the 'Edit Network Object'

screen will appear. Specifying an address is done by creating a 'Network

Object'.

24.

The Schedule combo-box allows you to define the time period during which

this rule will take effect. By default, the rule will always be active. However,

you can configure scheduled rules by selecting 'User Defined'.

25.

Click 'OK' to save the settings.You will be returned to the previous screen

while the Router attempts to find the site. 'Resolving ...' will appear in the

Status column while the site is being located (the URL is 'resolved' into one

or more IP addresses).

NAT

DISCUS™ Multiplay Wireless VoIP AG features a configurable Network

Address Translation (NAT) and Network Address Port Translation (NAPT) mech-

DISCUS™ Multiplay Wireless VoIP AG

(C) (2006) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.

71

OGU 930500105-A1

Security Section

anism, allowing you to control the network addresses and ports of packets

routed through your gateway. When enabling multiple computers on your net-

work to access the Internet using a fixed number of public IP addresses, you

can statically define which LAN IP address will be translated to which NAT IP

address and/or ports.

By default, the Router operates in NAPT routing mode. However, you can con-

trol your network translation by defining static NAT/NAPT rules. Such rules map

LAN computers to NAT IP addresses.

The NAT/NAPT mechanism is useful for managing Internet usage in your LAN,

or complying with various application demands. For example, you can assign

your primary LAN computer with a single NAT IP address, in order to assure its

permanent connection to the Internet. Another example is when an application

server with which you wish to connect, such as a security server, requires that

packets have a specific IP address - you can define a NAT rule for that address.

FIGURE 7.

NAT panel

CONNECTIONS

The connection list displays all the connections that are currently open on the

firewall, as well as various details and statistics. You can use this list to close

undesired connections by clicking their Remove action icons. The basic display

includes the name of the protocol, the different ports it uses, and the direction of

traffic secured.

Press the 'Advanced' button to display a more detailed connection list, which

includes the connection's time-to-live, number of kilo-bytes and packets

received and transmitted, the device type and the routing mode.

DISCUS™ Multiplay Wireless VoIP AG

(C) (2006) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.

72

OGU 930500105-A1

Security Section

Use the 'Connections Per Page' combo-box to select the number of connections

to display at once. The 'Approximate Max. Connections' value represents the

amount of additional concurrent connections possible.

FIGURE 8.

Connections panel

ADVANCED FILTERING

Advanced filtering is designed to allow comprehensive control over the Fire-

wall’s behavior. You can define specific input and output rules, control the order

of logically similar sets of rules and make a distinction between rules that apply

to WAN and LAN devices.

To view Router's advanced filtering options, click 'Advanced Filtering' under the

'Firewall' tab in the 'Services' screen. The 'Advanced Filtering' screen will

appear.

This screen is divided into two identical sections, one for 'Input Rule Sets' and

the other for 'Output Rule Sets', which are for configuring inbound and outbound

traffic, respectively. Each section is comprised of subsets, which can be

grouped into three main subjects:

•

Initial rules - rules defined here will be applied first, on all gateway devices.

•

Network devices rules - rules can be defined per each gateway device.

•

Final rules - rules defined here will be applied last, on all gateway devices.

The order of the rules' appearance represents both the order in which they were

defined and the sequence by which they will be applied. You may change this

order after your rules are already defined (without having to delete and then re-

add them), by using the Move Up and Move Down action icons.

There are numerous rules automatically inserted by the firewall in order to pro-

vide improved security and block harmful attacks.

DISCUS™ Multiplay Wireless VoIP AG

(C) (2006) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.

73

OGU 930500105-A1

Security Section

To add an advanced filtering rule, first choose the traffic direction and the device

on which to set the rule. Then click the appropriate 'New Entry' link. The 'Add

Advanced Filter' screen will appear: this screen is divided into two main sec-

tions, 'Matching' and 'Operation', which are for defining the operation to be exe-

cuted when matching conditions apply.

FIGURE 9.

Advanced Filtering panel

SECURITY LOG

The Security Log displays a list of firewall-related events, including attempts to

establish inbound and outbound connections, attempts to authenticate through

an administrative interface (Web-based management or Telnet terminal), fire-

wall configuration and system start-up.

To view the security log, click the 'Security Log' tab in the 'Security' manage-

ment screen. The 'Security Log' screen will appear.

DISCUS™ Multiplay Wireless VoIP AG

(C) (2006) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.

74

OGU 930500105-A1

Security Section

FIGURE 10.

Security Log panel

Time .

The time the event occurred.

Event .

There are five kinds of events:

•

Inbound Traffic: The event is a result of an incoming packet.

•

Outbound Traffic: The event is a result of outgoing packet.

•

Firewall Setup: Configuration message.

•

WBM Login: Indicates that a user has logged in to WBM.

•

CLI Login: Indicates that a user has logged in to CLI (via Telnet).

Event-Type.

A textual description of the event:

•

Blocked: The packet was blocked. The message is colored red.

•

Accepted: The packet was accepted. The message is colored green.

Details.

More details about the packet or the event, such as protocol, IP

addresses, ports, etc.

To view or change the security log settings, click the 'Settings' button that

appears at the top of the 'Firewall Log' screen. The 'Security Log Settings'

screen will appear allowing you to set the types of activities for which you would

like to have a log message generated.