1. Home
    2. /
  2. Manuals
    3. /
  3. Siemens
    4. /
  4. SpeedStream-5200
    5. /
  5. 16
Page 76 / 129 Scroll up to view Page 71 - 75
SpeedStream Router User Guide
Firewall Security Levels
The SpeedStream router is shipped with a set of preconfigured firewall database rules grouped into levels,
allowing you to easily configure the firewall. The default set of levels include:
Off:
No restrictions are applied to either inbound or outbound traffic.
In addition, all
Network Address Port
Translation
(NAPT) functionality is disabled - there is no address/port translation. Since there is no
address/port translation when the firewall is placed in this mode, all LAN-side connected hosts must
be assigned a valid public IP address.
Low:
Minimal restrictions with respect to outbound traffic. Outbound traffic is allowed for all supported IP-
based applications and
Application Level Gateways
(ALGs). The only inbound traffic that is allowed
is that which is received within the context of an outbound session initiated on the local host and
permitted by this firewall mode.
Medium:
Moderate restrictions with respect to outbound traffic. Outbound traffic is allowed for most supported
IP-based applications and
Application Level Gateways
(ALGs). The only inbound traffic that is
allowed is that which is received within the context of an outbound session initiated on the local host
and permitted by this firewall mode.
High:
High restrictions with respect to outbound traffic. Outbound traffic is allowed only for a very
restricted set of supported IP-based applications and ALGs. The only inbound traffic that is allowed is
that which is received within the context of an outbound session initiated on the local host and
permitted by this firewall mode.
ICSA 3.0a-compliant:
Supports the ICSA Labs criteria for firewall behavior. (For more information, visit the ICSA site at
Custom:
Allows advanced users to add, modify and delete their own firewall rules.
Note
For specific application and protocol security modes, refer to Appendix D, “Firewall Security
Levels.”
Select the Firewall Security Level
1.
On the main menu, click
Setup
, then click
Firewall
, and then click
Simple Setup
.
The
Firewall – Simple Setup & Control
window displays.
2.
Select the level from the
Select Firewall
Level
list.
3.
To accept your selection, click
Apply
.
66
Page 77 / 129
SpeedStream Router User Guide
Firewall Snooze Control
The firewall supports a Snooze feature by which , the firewall can be made to temporarily “sleep,” or go
into an
Off
state, for a specified period. The firewall will restore itself to its previous state after the
specified time period elapses.
Disable Snooze
To disable the firewall Snooze Control
and allow the firewall to become active:
1.
Select Disable Snooze.
2.
Click
Apply
.
Enable Snooze
To enable the firewall Snooze Control and temporarily disable the firewall:
1.
Select the
Enable Snooze
option.
2.
Enter the number of minutes you want the firewall disabled.
3.
Click
Apply
to accept the settings.
Reset the Snooze Time interval
1.
During the active Snooze time interval, select
Reset the Snooze time interval to:
2.
Enter the number of minutes you want the firewall further disabled.
3.
Click
Apply
to accept the settings.
DMZ Settings
The firewall supports virtual DMZ in single (LAN) port router models. (
Virtual
DMZ redirects traffic to a
specified IP address rather than a physical port. Because this redirection is a logical application rather
than physical, it is called “virtual DMZ.”) Using virtual DMZ, a single node on the LAN can be made
“visible” to the WAN IP network. Any incoming network traffic not handled by port forwarding rules is
automatically forwarded to an enabled DMZ node. Outbound traffic from the virtual DMZ node
circumvents all firewall rules.
DMZ Configuration Options
Host Name Setting:
This feature was added to the DMZ configuration to assist with the dynamic nature of DHCP.
Typically, the DMZ host is selected by entering the host’s IP address on the configuration window.
However, if the host does not have a static IP address and uses DHCP, you will not immediately
know what the new IP address is after a reboot or reset. In
host name mode
, the router will
“remember” the MAC address of the selected host. When the DHCP server gives out an IP address to
that MAC address, it will also update the DMZ module with the new IP address.
67
Page 78 / 129
SpeedStream Router User Guide
In order for this feature to work effectively, you need to set the host name of each of the hosts running
DHCP. In Windows, this is called “Computer Name” and is set in a variety of places, depending on
the operating system you are running. (Please refer to your Windows documentation or Windows
online Help for specific instructions on designating the computer name.)
Temporary DMZ Settings:
The SpeedStream router allows you to temporarily override the “persistent” DMZ status, which
normally remains the same, either on or off, even after rebooting. This feature was designed to
accommodate certain games and applications that do not work well behind a NAPT router. Usually,
the simplest way to make them work is by directing the router’s DMZ at the computer running the
game. However, you may not Want to always have the game machine set as the DMZ host, since it
might affect security issues. In this case, you would select it as a
temporary
host. Once the specified
time expires or the router is rebooted, the DMZ will return to the persistent host or disable itself if no
persistent host was selected.
The persistent/temporary setting options are:
Make settings permanent:
Host settings will be persistent.
Make settings last until modem
reboots:
Host settings will return to persistent
mode after router reboots.
Make settings last for XX minutes:
Host settings will be in effect for specified
number of minutes, then will disable or
return to persistent mode.
Disable DMZ
1.
On the
Firewall – DMZ Configuration
window, click
Disable DMZ
.
2.
To accept the settings, click
Apply
.
Enable DMZ
To enable DMZ and specify an accessible
computer:
1.
On the main menu, click
Setup
, then click
Firewall
, and then click
DMZ
.
The
Firewall – DMZ Configuration
window displays.
2.
Select
Enable DMZ with this Host IP
address
; then enter the IP address of the
68
Page 79 / 129
SpeedStream Router User Guide
machine that will be accessible to inbound traffic.
- or -
Select
Enable DMZ with this Host name
; then select the host name from the drop-down list.
3.
Select how long you want the settings to remain permanently, until the next reboot, or for a specified
number of minutes.
4.
To accept the settings, click
Apply
.
Custom IP Filter Rules
You can configure the SpeedStream Router firewall to perform IP filtering and stateful inspection of
packets. The firewall supports a rules database to allow sophisticated access tailoring. A network
conversation is first authorized by verifying the packet against the current rules database configured
within the firewall. If the first packet of a conversation is allowed, then a dynamic state engine takes over
and tracks that conversation. All protocols are tracked whether they are stream-based or not; i.e., ICMP,
UDP, TCP, GRE.
The filtering rules database gives you control over the configurable firewall rules. Rules can be filter-
based on any of the following:
Source and destination router interfaces
IP protocols
Direction of traffic flow
Source and destination network/host IP address
Protocol-specific attributes such as ICMP message types
Source and destination port ranges (for protocols that support them), and support for port comparison
operators such as
less than
,
greater
than
, and
equal to
.
Rules can specifically allow or deny packets to flow through the router. Default actions taken when no
specific rule applies can also be configured.
Note
You must have previously selected
Custom Level
in the
Firewall - Simple Setup & Control
window.
69
Page 80 / 129
SpeedStream Router User Guide
70

Rate

4.5 / 5 based on 2 votes.

Popular Siemens Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top