Zoom 5363 Router Manual PDF (Setup & Configuration Guide)

Page 96 / 142 Scroll up to view Page 91 - 95

11

Firewall Menu Options

The Firewall Menu lets you:

•

Configure the level of protection your firewall provides

•

View the firewall logs

Basic

The Basic page allows you to configure the level of protection your firewall offers and

also what type of attacks it should detect..

To access the

Basic

page:

1

Click the

Router

menu tab.

2

Then click the

Firewall/Basic

submenu.

Figure 25 shows an example of the menu and Table 24 describes the items you can

select.

Figure 25. Example of Basic Page

96

Page 97 / 142

Table 24. Basic Menu Option

Option

Description

By increasing the level from low to medium or high

you can restrict traffic to only certain predefined

ports.

IPv4 Firewall

Protection

Prevents all fragmented IP packets from passing

through the firewall.

Block Fragmented IP

packets

Detects and blocks port scan activity originating on

both the LAN and WAN.

Port Scan Detection

Detects and blocks packet floods originating on

both the LAN and WAN.

IP Flood Detection

Prevents the Cable Modem/Router or the PCs from

responding to pings to the Cable Modem/Router’s

WAN IP address or to the devices behind it. This

makes it more difficult for hackers to attack your

PCs and other devices on your network.

ICMP Blocking

Event Log

The Event Log page allows you to send firewall event log reporting to a standard SysLog

server or via email. Individual attack or configuration items can be selected that will be

sent to the SysLog server or emailed so that only the items of interest can be monitored.

Permitted connections, blocked connections, known Internet attack types, and Cable

Modem/Router configuration events can also be logged. The SysLog server must be on

the same subnet as the Private LAN behind the Cable Modem/Router (typically

192.168.0.x).

To access the

Event Log

page:

1

Click the

Router

menu tab.

2

Then click the

Firewall/Event Log

submenu.

Figure 23 shows an example of the menu and Table 25 describes the items you can

select.

97

Page 98 / 142

To enable the automatic email alerts:

1

Configure the email address you want to send alerts to. You also need to configure

the email account you will send from (this may be the same account). This includes

the SMTP (outgoing)/ mail server address, together with username and password.

You may need to contact your service provider to find the information.

2

Check the

Enable

box and click the Apply button.

Figure 26. Example of Event Log Page

98

Page 99 / 142

Table 25. Local Log Menu Option

Option

Description

Enabling this feature causes the Cable Modem/Router to report all

permitted connection attempts.

Permitted

Connections

Enabling this feature causes the Cable Modem/Router to report all

blocked connection attempts.

Blocked

Connections

Enabling this feature causes the Cable Modem/Router to report any

known Internet attacks.

Known Internet

Attacks

Product

Configuration

Events

Enabling this feature causes the Cable Modem/Router to report all

configuration changes.

SysLog server

at 192.168.0.x

Enter the address of your local SysLog server, if you have one.

Contact Email

Address

Enter the email address where you want to receive the alert email.

Enter the SMTP (Outgoing) mail server address of the email

account you will send from.

SMTP Server

Name

SMTP

Username

Enter the username of the email account you will send from.

SMTP

Password

Enter the password of the email account you will send from.

Check to enable sending alert email, when an attack is detected.

E-mail Alerts

Below is a complete list of the capable SysLog server attack/notification types and their

format. The generic format of sysLog messages for traffic or administration-related

events is:

MMM DD HH:MM:SS YYYY SYSLOG[0]: [Host HostIP] Protocol SourceIP,SourcePort

--> DestIP,DestPort EventText

99

Page 100 / 142

Table 26. SysLog Server Event Format

Parameter

Description

The three-letter abbreviation for the month (e.g., JUN, JUL AUG,

etc.)

MMM

The two-digit day of the month (e.g., 01, 02, 03, etc.)

DD

The time displayed as two-digit values for the hour, minute, and

second, respectively.

HH:MM:SS

The four-digit year.

YYYY

The IP address of Cable Modem/Router sending the SysLog event.

This is the LAN IP Address on the Basic - Setup page.

HostIP

Can be one of the following: “TCP”, “UDP”, “ICMP”, “IGMP” or

“OTHER”. In the case of “OTHER” the protocol type is displayed in

parentheses (). For ICMP packets, the ICMP type is displayed in

parentheses.

Protocol

The IP address of the originator of the session/packet.

SourceIP

The source port at the originator.

SourcePort

The IP address of the recipient of the session/packet.

DestIP

The destination port at the recipient.

DestPort

A textual description of the event.

EventText

The format of SysLog messages for informational events is simplified:

MMM DD HH:MM:SS YYYY SYSLOG[0]: [Host HostIP] EventText

100

Rate

Popular Zoom Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share