Page 66 / 123 Scroll up to view Page 61 - 65
Security Configuration
63
Security Options
This screen allows you to set Firewall and other security-related options.
Figure 41: Security Options Screen
Data - Security Options Screen
Enable DoS
Firewall
If enabled, DoS (Denial of Service) attacks will be detected and
blocked. The default is enabled. It is strongly recommended that this
setting be left enabled.
Note:
A DoS attack does not attempt to steal data or damage your PCs,
but overloads your Internet connection so you can not use it - the
service is unavailable.
This device uses "Stateful Inspection" technology. This system can
detect situations where individual TCP/IP packets are valid, but
collectively they become a DoS attack.
Threshold
This setting affects the number of "half-open" connections allowed.
A "half-open" connection arises when a remote client contacts the
Server with a connection request, but then does not reply to the
Server's response.
While the optimum number of "half-open" connections allowed
(the "Threshold") depends on many factors, the most important
factor is the available bandwidth of your Internet connection.
Select the setting to match the bandwidth of your Internet connec-
tion.
Page 67 / 123
TW100-BRV304 User Guide
64
Respond to
ICMP
The ICMP protocol is used by the "ping" and "trace route" programs,
and by network monitoring and diagnostic programs.
If checked, the TW100-BRV304 will respond to ICMP packets
received from the Internet.
If not checked, ICMP packets from the Internet will be ignored.
Disabling this option provides a slight increase in security.
Allow IPsec
The IPSec protocol is used to establish a secure connection, and is
widely used by VPN (Virtual Private Networking) programs.
If checked, IPSec connections are allowed.
If not checked, IPSec connections are blocked.
Allow PPTP
PPTP (Point to Point Tunneling Protocol) is widely used by VPN
(Virtual Private Networking) programs.
If checked, PPTP connections are allowed.
If not checked, PPTP connections are blocked.
Allow L2TP
L2TP is a protocol developed by Cisco for VPNs (Virtual Private
Networks).
If checked, L2TP connections are allowed.
If not checked, L2TP connections are blocked.
Allow TFTP
firmware up-
grade
If enabled, TFTP (Trivial FTP) connections can be made to this device.
TFTP can be used to upgrade the firmware. This is normally not
required, and should not be enabled unless necessary.
You must obtain the firmware upgrade file first; instructions for
using TFTP will be available with the upgrade.
Page 68 / 123
Security Configuration
65
Scheduling
This schedule can be (optionally) applied to any Access Control Group.
Blocking will be performed during the scheduled time (between the "Start" and "Finish"
times.)
Two (2) separate sessions or periods can be defined.
Times must be entered using a 24 hr clock.
If the time for a particular day is blank, no action will be performed.
Define Schedule Screen
This screen is accessed by the
Scheduling
link on the
Security
menu.
Figure 42: Define Schedule Screen
Data - Define Schedule Screen
Day
Each day of the week can scheduled independently.
Session 1
Session 2
Two (2) separate sessions or periods can be defined. Session 2 can be
left blank if not required.
Start Time
Enter the start using a 24 hr clock.
Finish Time
Enter the finish time using a 24 hr clock.
Page 69 / 123
TW100-BRV304 User Guide
66
Services
Services are used in defining traffic to be blocked or allowed by the
Access Control
or
Fire-
wall Rules
features. Many common Services are pre-defined, but you can also define your own
services if required.
To view the Services screen, select the
Services
link on the Security menu.
Figure 43:
Services Screen
Data - Services Screen
Available Services
This lists all the available services.
"Delete" button
Use this to delete any Service you have added. Pre-defined Services
can not be deleted.
Name
Enter a descriptive name to identify this service.
Type
Select the protocol (TCP, UDP, ICMP) used to the remote system or
service.
Start Port
For TCP and UDP Services, enter the beginning of the range of port
numbers used by the service. If the service uses a single port number,
enter it in both the "Start" and "Finish" fields.
Finish Port
For TCP and UDP Services, enter the end of the range of port num-
bers used by the service. If the service uses a single port number,
enter it in both the "Start" and "Finish" fields.
ICMP Type
For ICMP Services, enter the type number of the required service.
Page 70 / 123
Security Configuration
67
Delete
Delete the selected service from the list.
Add
Add a new entry to the Service list, using the data shown in the "Add
New Service" area on screen.
Cancel
Clear the " Add New Service " area, ready for entering data for a new
Service.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top