Page 41 / 85 Scroll up to view Page 36 - 40
Router User’s Guide
38
Chapter 8
Configuring Security Features
The Router provides broad security measures against unwanted users. Security also allows for the
configuration of the firewall, administrator password, (NAT) Network Address Translation, and DMZ
(Demilitarized Zone) configuration. The security options are listed below.
Admin User
Manage administrator login name and password.
Time Client
Configure network-based date and time functionality. An accurate date and time is of use
when logging system and firewall events, and is a requirement for some firewall
functionality (e.g., ICSA-compliant firewall operation).
NAT/NAPT
Configure and control IP addressing on the Local Area Network through either NAT or
NAPT.
Firewall
Configure and control the internal firewall. Many of these features require a thorough
understanding of networking principles and firewall operations. The firewall options are
listed below.
8
Page 42 / 85
Router User’s Guide
Monitoring Network Health
Admin User
The Administrator profile controls the requirements for logging into the Web interface and accessing
configuration pages, as well as defining the administrator login name and password.
To configure administrator settings:
1. Select
Setup>Admin User
from the left navigation pane of the Web interface. This displays the
“Gateway Administrator Setup” window.
2.
Specify a user name for the administrator. You may accept the default user name, admin, or enter a
new user name in
User Name
. The user name is case-sensitive.
3.
Enter a password in
New Password
; then enter the same password in
Confirm New Password
. The
password field is case-sensitive.
4.
Select a login security level from one of the following:
Require admin login to access entire Web site
Before you can access any screen in the Web interface, you must log in with your network user
name and password. (Security level = High)
Require admin login to access configuration pages
Before you can access any screen in the Web interface that allows you to make configuration
changes, you must log in with your network user name and password. (Security level = Medium)
Do not require admin login
After you log in for the first time, you will not be required to log in again at any screen. (Security
level = Low)
5. Click
Save Settings
.
39
Page 43 / 85
Router User’s Guide
Monitoring Network Health
Time Client
An accurate log timestamp is one of the requirements of the ICSA Labs firewall criteria (ver 3.0a). In order
to maintain accurate timestamps in each log message, the firewall implements a Simple Network Time
Protocol (SNTP) client. This allows the system to automatically synchronize its date and time with
Coordinated Universal, the international time standard. The system date and time are set and corrected
automatically via the designated server(s).
To configure the time client:
1. Select
Setup>Time Client
from the left navigation pane of the Web interface. This displays the “Time
Client Configuration” window.
2. Select
Enable
from
Enable Time Client
.
3. In
Primary Server IP Address
, enter the IP address of the primary server to use as the time server
(a “well-known” Network Time Protocol Server).
4. In
Secondary Server IP Address
enter the IP address of the secondary server to use as the time
server if the router does not receive a response from the primary server.
5. In
Select Time Zone
, enter the time zone in minutes from UTC.
6. Click
Apply
.
40
Page 44 / 85
Router User’s Guide
Monitoring Network Health
NAT/NAPT Server
Hosts located on a Local Area Network (LAN) are often required to use private IP addresses as opposed
to public IP addresses. Private IP addresses, however, are not known on the public Wide Area Network
(WAN). In order to expose LAN-side hosts assigned private IP addresses to the public WAN, the Router
can be configured to use one of two methodologies: Network Address Translation (NAT) or Network
Address Port Translation (NAPT). NAT can expose a single LAN-side host to the WAN; NAPT can
expose multiple LAN-side hosts. NAT/NAPT functionality can be individually configured for each WAN
connection.
To configure NAT/NAPT functionality:
1. Select
Setup>NAT/NAPT
from the left navigation pane of the Web interface. This displays the
“NAT/NAPT Configuration” window showing the WAN Interface connections.
2.
Select one of the following for the desired connection:
NAT & NAPT Disabled
Disable both NAT and NAPT in order, for example, to set up static routes assigned by your ISP.
NAT Only Enabled
Enable NAT and specify the destination IP address for incoming packets. Depending on your
configuration, NAT is sometimes enabled by default.
NAPT Only Enabled
Use NAPT only to handle multiple addresses based on port forwarding rules.
NAT&NAPT Enabled
Some service providers support a concurrent NAT/NAPT. Under this configuration, a single WAN
interface may support multiple NAT connections with each NAT connection again exposing a
single LAN-side host through a single WAN-side public IP address. Through either NAT or NAPT,
the Router ensures that the LAN-side host is known to the WAN side only through the public IP
address of the Router’s WAN-side connection. The host’s actual private IP address remains
unknown to any WAN-side hosts or servers.
3. Click
Apply
when you have finished configuring all desired connections.
41
Page 45 / 85
Router User’s Guide
Monitoring Network Health
Firewall
A firewall is a system designed to prevent unauthorized access to or from a private network. The firewall
is designed to protect hosts located on the
Local Area Network
(LAN) from attacks initiated on the
Wide
Area Network
(WAN). Protection is not provided for attacks initiated from the LAN. Due to the nature of
firewall operations and the system resources required to service these operations, firewall operations may
degrade the performance of the Router – especially under heavy network traffic loads.
The firewall menu item accessible from the left navigation pane of the Web interface expands to provide a
list of options to be enabled or disabled as well as links to configure the more complex details of each
security feature.
Level
Set the firewall security level.
Snooze
Temporarily disable the firewall. It is important to note that when the firewall is snoozing
all protection provided by the firewall is disabled.
DMZ
Configure firewall DMZ for controlling a virtual DMZ on the Local Area Network. The
purpose of the DMZ is to redirect suspicious network traffic received from a public WAN
to a secured LAN-side host dedicated to this purpose.
Filter Rules
Add and delete custom inbound and outbound firewall rules.
Log
View log listing of firewall activity including records of denial of access, reason codes,
and descriptions.
ADS
Configure what events the internal Attack Detection System (ADS) will protect against
and log from a list of well-known attacks initiated on the Wide Area Network.
42

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top