1. Home
  2. /
  3. Manuals
  4. /
  5. Zoom
  6. /
  7. 4402
  8. /
  9. 12
Page 56 / 108 Scroll up to view Page 51 - 55
Block Fragmented IP
packets
Prevents all fragmented IP packets from passing through
the firewall.
IP Flood Detection
Detects and blocks packet floods originating on both the
LAN and WAN.
Firewall Protection
Turns on the Stateful Packet Inspection (SPI) firewall
features.
Note:
Java applets, ActiveX controls, and popup windows function filtering will fail if the
web pages are sent in uncompressed format to the web browser.
Local Log
The Local Log page allows you to configure firewall event log reporting via email alerts. Individual
emails can be sent out automatically each time the firewall is under attack. A local log is also stored
within the modem and displayed within this page.
To access the
Local Log
page:
1
Click
Firewall
in the menu bar.
2
Then click the
Local Log
submenu.
Figure 23 shows an example of the menu and Table 17 describes the items you can select.
To enable the automatic email alerts:
1
Configure the email address you want to send alerts to. You also need to configure the email
account you will send from (this may be the same account). This includes the SMTP (outgoing)/
mail server address, together with username and password. You may need to contact your service
provider to find the information.
2
Check the
Enable
box and click the Apply button.
56
Page 57 / 108
Figure 23. Example of Remote Log Page
Table 17. Local Log Menu Option
Option
Description
Contact Email
Address
Enter the email address where you want to receive the alert email.
SMTP Server
Name
Enter the SMTP (Outgoing) mail server address of the email account you will
send from.
SMTP Username
Enter the username of the email account you will send from.
SMTP Password
Enter the password of the email account you will send from.
E-mail Alerts
Check to enable sending alert email, when an attack is detected.
Remote Log
The Remote Log page allows you to send firewall attack reports to a standard SysLog server. It is
useful to log volumes of instances over a long period of time. Individual attack or configuration items
can be selected that will be sent to the SysLog server so that only the items of interest can be
monitored. Permitted connections, blocked connections, known Internet attack types, and cable
modem/router configuration events can also be logged. The SysLog server must be on the same
subnet as the Private LAN behind the cable modem/router (typically 192.168.0.x).
57
Page 58 / 108
To access the
Remote Log
page:
1
Click
Firewall
in the menu bar.
2
Then click the
Remote Log
submenu.
Figure 24 shows an example of the menu and Table 18 describes the items you can select.
Figure 24. Example of Remote Log Page
Below is a complete list of the capable SysLog server attack/notification types and their format. The
generic format of sysLog messages for traffic or administration-related events is:
MMM DD HH:MM:SS YYYY SYSLOG[0]: [Host HostIP] Protocol SourceIP,SourcePort -->
DestIP,DestPort EventText
58
Page 59 / 108
Table 18. SysLog Server Event Format
Parameter
Description
MMM
The three-letter abbreviation for the month (e.g., JUN, JUL AUG, etc.)
DD
The two-digit day of the month (e.g., 01, 02, 03, etc.)
HH:MM:SS
The time displayed as two-digit values for the hour, minute, and second,
respectively.
YYYY
The four-digit year.
HostIP
The IP address of cable modem/router sending the SysLog event. This is the
LAN IP Address on the Basic - Setup page.
Protocol
Can be one of the following: “TCP”, “UDP”, “ICMP”, “IGMP” or
“OTHER”. In the case of “OTHER” the protocol type is displayed in
parentheses (). For ICMP packets, the ICMP type is displayed in parentheses.
SourceIP
The IP address of the originator of the session/packet.
SourcePort
The source port at the originator.
DestIP
The IP address of the recipient of the session/packet.
DestPort
The destination port at the recipient.
EventText
A textual description of the event.
The format of SysLog messages for informational events is simplified:
MMM DD HH:MM:SS YYYY SYSLOG[0]: [Host HostIP] EventText
59
Page 60 / 108
The table below lists all events that can be sent to the SysLog server.
Table 19. SysLog Server Event and Meaning
Event Text
Meaning
ALLOW: Inbound access
request
An inbound request was made, and accepted, from a public
network client to use a service hosted on the firewall or a client
behind the firewall.
ALLOW: Outbound access
request
An outbound request was made, and accepted, from a public client
to use a service hosted on a public network server.
DENY: Inbound or
outbound access request
A request to traverse the firewall by a public or private client
violated the security policy, and was blocked.
DENY: Firewall interface
access request
A request was made to the public or private firewall interface by a
public or private client that violated the security policy, and was
blocked.
FAILURE: User interface
login (Invalid username or
password)
An attempt was made to login to the user interface, and access was
denied because the username and/or password was incorrect.
SUCCESS: User interface
login
An attempt was made to login to the user interface, and access was
allowed.
ALLOW: User interface
access [request]
An HTTP GET or POST request was made by an authenticated
user to the user interface.
DENY: Inbound or
outbound [internet attack
name] attack
A known internet attack was detected attempting to traverse the
firewall, and was blocked. Examples of known internet attacks are
Ping Of Death, Teardrop, WinNuke, XmasTree, SYN Flood, etc.
DENY: Firewall interface
[internet attack name]
attack
A known internet attack directed at the firewall itself was detected
and blocked. Examples of known internet attacks are Ping Of
Death, Teardrop, WinNuke, XmasTree, SYN Flood, etc.
Firewall Up
The public interface (WAN) connection is up, and the firewall has
begun to police traffic, or the firewall was previously disabled, and
the user has enabled it through the user interface.
Remote config management
enabled [port#]
Remote configuration management (via HTTP through the
specified port # on the public interface) has been enabled via the
user interface.
Remote config management
disabled
Remote configuration management has been disabled via the user
interface.
60

Rate

4 / 5 based on 3 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top