Zyxel AMG1302-T10B Router Manual PDF (Setup & Configuration Guide)

Page 181 / 320 Scroll up to view Page 176 - 180

Chapter 15 Firewall

AMG1302/AMG1202-TSeries User’s Guide

181

15.4.2

Customized Services

Configure customized services and port numbers not predefined by the AMG1302/AMG1202-

TSeries. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned

Number Authority) website. See

Appendix F on page 305

for some examples. Click the

Edit

Customized Services

button while editing a firewall rule to configure a custom service port. This

displays the following screen.

Address Type

Do you want your rule to apply to packets with a particular (single) IP, a range of IP

addresses (for instance, 192.168.1.10 to 192.169.1.50), a subnet or any IP address?

Select an option from the drop-down list box that includes:

Single Address

,

Range

Address

,

Subnet Address

and

Any

Address

.

Start IP Address

Enter the single IP address or the starting IP address in a range here.

End IP Address

Enter the ending IP address in a range here.

Subnet Mask

Enter the subnet mask here, if applicable.

Source Mac Address

Specify a source MAC address of traffic to which to apply this firewall rule applies.

Please note that a blank source MAC address is equivalent to any.

Source Interface

Specify a source interface to which this firewall rule applies. This is the interface

through which the traffic entered the AMG1302/AMG1202-TSeries. Please note that a

blank source interface is equivalent to any.

Destination Interface

Specify a destination interface to which this firewall rule applies. This is the interface

through which the traffic is destined to leave the AMG1302/AMG1202-TSeries. Please

note that a blank source interface is equivalent to any.

Services

Available Services

Please see

Appendix F on page 305

for more information on services available. Select

a service from the

Available Services

box.

Edit Customized

Service

Click the

Edit Customized Service

button to bring up the screen that you use to

configure a new custom service that is not in the predefined list of services.

TCP Flag

Specify any TCP flag bits the firewall rule is to check for.

Schedule

Select the days and time during which to apply the rule. Select

Everyday

and

All

Day

to always apply the rule.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Table 63

Security > Firewall > Rules > Add

LABEL

DESCRIPTION

Page 182 / 320

Chapter 15 Firewall

AMG1302/AMG1202-TSeries User’s Guide

182

Figure 85

Security > Firewall > Rules: Edit: Edit Customized Services

The following table describes the labels in this screen.

15.4.3

Customized Service Add/Edit

Use this screen to add a customized rule or edit an existing rule. Click

Add

or the

Edit

icon next to

a rule number in the

Firewall Customized Services

screen to display the following screen.

Figure 86

Security > Firewall > Rules: Edit: Edit Customized Services: Add/Edit

Table 64

Security > Firewall > Rules: Edit: Edit Customized Services

LABEL

DESCRIPTION

#

This is the number of your customized port.

Name

This is the name of your customized service.

Protocol

This shows the IP protocol (

TCP

or

UDP

) that defines your customized service.

Port Type

This is the port number or range that defines your customized service.

Start Port

This is a single port number or the starting port number of a range that defines your

customized service.

End Port

This is a single port number or the ending port number of a range that defines your customized

service.

Modify

Click this to edit a customized service.

Add

Click this to configure a customized service.

Back

Click this to return to the

Firewall Edit Rule

screen.

Page 183 / 320

Chapter 15 Firewall

AMG1302/AMG1202-TSeries User’s Guide

183

The following table describes the labels in this screen.

Table 65

Security > Firewall > Rules: Edit: Edit Customized Services: Add/Edit

LABEL

DESCRIPTION

Config

Service Name

Type a unique name for your custom port.

Service Type

Choose the IP port (

TCP

or

UDP

) that defines your customized port from the drop down list

box.

Port Configuration

Type

Click

Single

to specify one port only or

Port Range

to specify a span of ports that define

your customized service.

Port Number

Type a single port number or the range of port numbers that define your customized

service.

Back

Click this to return to the previous screen without saving.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Delete

Click this to delete the current rule.

Page 184 / 320

Chapter 15 Firewall

AMG1302/AMG1202-TSeries User’s Guide

184

15.5

The DoS Screen

Use this screen to enable DoS protection. Click

Security > Firewall > Dos

to display the following

screen.

Figure 87

Security > Firewall > Dos

The following table describes the labels in this screen.

15.5.1

The DoS Advanced Screen

For DoS

attacks, the AMG1302/AMG1202-TSeries uses thresholds to determine when to start

dropping sessions that do not become fully established (half-open sessions). These thresholds

apply globally to all sessions.

For TCP, half-open means that the session has not reached the established state-the TCP three-way

handshake has not yet been completed. Under normal circumstances, the application that initiates

a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK

(acknowledgment) packet and its own SYN, and then the initiator responds with an ACK

(acknowledgment). After this handshake, a connection is established.

Figure 88

Three-Way Handshake

For UDP, half-open means that the firewall has detected no return traffic. An unusually high number

(or arrival rate) of half-open sessions could indicate a DOS attack.

Table 66

Security > Firewall > Dos

LABEL

DESCRIPTION

Denial of Services

Enable this to protect against DoS attacks. The AMG1302/AMG1202-TSeries will drop

sessions that surpass maximum thresholds.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Advanced

Click this to go to a screen to specify maximum thresholds at which the AMG1302/

AMG1202-TSeries will start dropping sessions.

Page 185 / 320

Chapter 15 Firewall

AMG1302/AMG1202-TSeries User’s Guide

185

15.5.1.1

Threshold Values

If everything is working properly, you probably do not need to change the threshold settings as the

default threshold values should work for most small offices. Tune these parameters when you

believe the AMG1302/AMG1202-TSeries has been receiving DoS attacks that are not recorded in

the logs or the logs show that the AMG1302/AMG1202-TSeries is classifying normal traffic as DoS

attacks. Factors influencing choices for threshold values are:

1

The maximum number of opened sessions.

2

The minimum capacity of server backlog in your LAN network.

3

The CPU power of servers in your LAN network.

4

Network bandwidth.

5

Type of traffic for certain servers.

Reduce the threshold values if your network is slower than average for any of these factors

(especially if you have servers that are slow or handle many tasks and are often busy).

•

If you often use P2P applications such as file sharing with eMule or eDonkey, it’s recommended

that you increase the threshold values since lots of sessions will be established during a small

period of time and the AMG1302/AMG1202-TSeries may classify them as DoS attacks.

15.5.2

Configuring Firewall Thresholds

Click

Security > Firewall > DoS > Advanced

to display the following screen.

Figure 89

Security > Firewall > DoS > Advanced

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share