Zoom 5360 Router Manual PDF (Setup & Configuration Guide)

Page 76 / 126 Scroll up to view Page 71 - 75

11

Firewall Menu Options

The Firewall Menu lets you:

•

Configure the level of protection your firewall provides

•

View the firewall logs

Basic

The Basic page allows you to configure the level of protection your firewall offers and

also what type of attacks it should detect..

To access the

Basic

page:

1

Click

Firewall

in the menu bar.

2

Then click the

Basic

submenu.

Figure 24 shows an example of the menu and Table 15 describes the items you can

select.

Figure 24. Example of Basic Page

Table 17. Basic Menu Option

76

Page 77 / 126

Option

Description

IPv4 Firewall

Protection

By increasing the level from low to medium or high

you can restrict traffic to only certain predefined

ports.

IPv6 Firewall

Protection

Select On to enable IPv6 Firewall protection.

Block Fragmented IP

packets

Prevents all fragmented IP packets from passing

through the firewall.

Port Scan Detection

Detects and blocks port scan activity originating on

both the LAN and WAN.

IP Flood Detection

Detects and blocks packet floods originating on

both the LAN and WAN.

Event Log

The Event Log page allows you to send firewall event log reporting to a standard SysLog

server or via email. Individual attack or configuration items can be selected that will be

sent to the SysLog server or emailed so that only the items of interest can be monitored.

Permitted connections, blocked connections, known Internet attack types, and Cable

Modem/Router configuration events can also be logged. The SysLog server must be on

the same subnet as the Private LAN behind the Cable Modem/Router (typically

192.168.0.x).

To access the

Event Log

page:

1

Click

Firewall

in the menu bar.

2

Then click the

Event Log

submenu.

Figure 23 shows an example of the menu and Table 16 describes the items you can

select.

77

Page 78 / 126

Figure 25. Example of Event Log Page

Table 18. Local Log Menu Option

Option

Description

Permitted

Connections

Enabling this feature causes the Cable Modem/Router to report all

permitted connection attempts.

Product

Configuration

Events

Enabling this feature causes the Cable Modem/Router to report all

configuration changes.

SysLog server

at 192.168.0.x

Enter the address of your local SysLog server, if you have one.

Below is a complete list of the capable SysLog server attack/notification types and their

format. The generic format of sysLog messages for traffic or administration-related

events is:

MMM DD HH:MM:SS YYYY SYSLOG[0]: [Host HostIP] Protocol SourceIP,SourcePort

--> DestIP,DestPort EventText

78

Page 79 / 126

Table 19. SysLog Server Event Format

Parameter

Description

MMM

The three-letter abbreviation for the month (e.g., JUN, JUL AUG,

etc.)

DD

The two-digit day of the month (e.g., 01, 02, 03, etc.)

HH:MM:SS

The time displayed as two-digit values for the hour, minute, and

second, respectively.

YYYY

The four-digit year.

HostIP

The IP address of Cable Modem/Router sending the SysLog event.

This is the LAN IP Address on the Basic - Setup page.

Protocol

Can be one of the following: “TCP”, “UDP”, “ICMP”, “IGMP” or

“OTHER”. In the case of “OTHER” the protocol type is displayed in

parentheses (). For ICMP packets, the ICMP type is displayed in

parentheses.

SourceIP

The IP address of the originator of the session/packet.

SourcePort

The source port at the originator.

DestIP

The IP address of the recipient of the session/packet.

DestPort

The destination port at the recipient.

EventText

A textual description of the event.

The format of SysLog messages for informational events is simplified:

MMM DD HH:MM:SS YYYY SYSLOG[0]: [Host HostIP] EventText

79

Page 80 / 126

The table below lists all events that can be sent to the SysLog server.

Table 20. SysLog Server Event and Meaning

Event Text

Meaning

ALLOW: Inbound access

request

An inbound request was made, and accepted, from a

public network client to use a service hosted on the firewall

or a client behind the firewall.

ALLOW: Outbound

access request

An outbound request was made, and accepted, from a

public client to use a service hosted on a public network

server.

DENY: Inbound or

outbound access request

A request to traverse the firewall by a public or private

client violated the security policy, and was blocked.

DENY: Firewall interface

access request

A request was made to the public or private firewall

interface by a public or private client that violated the

security policy, and was blocked.

FAILURE: User interface

login (Invalid username

or password)

An attempt was made to login to the user interface, and

access was denied because the username and/or

password was incorrect.

SUCCESS: User interface

login

An attempt was made to login to the user interface, and

access was allowed.

ALLOW: User interface

access [request]

An HTTP GET or POST request was made by an

authenticated user to the user interface.

DENY: Inbound or

outbound [internet attack

name] attack

A known internet attack was detected attempting to

traverse the firewall, and was blocked. Examples of known

internet attacks are Ping Of Death, Teardrop, WinNuke,

XmasTree, SYN Flood, etc.

DENY: Firewall interface

[internet attack name]

attack

A known internet attack directed at the firewall itself was

detected and blocked. Examples of known internet attacks

are Ping Of Death, Teardrop, WinNuke, XmasTree, SYN

Flood, etc.

Firewall Up

The public interface (WAN) connection is up, and the

firewall has begun to police traffic, or the firewall was

previously disabled, and the user has enabled it through

the user interface.

Remote config

Remote configuration management (via HTTP through the

80

Rate

Popular Zoom Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share