Page 126 / 229 Scroll up to view Page 121 - 125
Chapter 16 Static Route
NBG6716 User’s Guide
126
Figure 87
Network > Static Route
The following table describes the labels in this screen.
16.2.1
Add/Edit Static Route
Click the
Add Static Route
button or a rule’s
Edit
icon in the
Static Route
screen. Use this screen
to configure the required information for a static route.
Figure 88
Network > Static Route: Add/Edit
Table 55
Network > Static Route
LABEL
DESCRIPTION
Add Static Route
Click this to create a new rule.
#
This is the number of an individual static route.
Status
This field indicates whether the rule is active (yellow bulb) or not (gray bulb).
Name
This field displays a name to identify this rule.
Destination
This parameter specifies the IP network address of the final destination. Routing is always
based on network number.
Gateway
This is the IP address of the gateway. The gateway is a router or switch on the same
network segment as the device's LAN or WAN port. The gateway helps forward packets to
their destinations.
Subnet Mask
This parameter specifies the IP network subnet mask of the final destination.
Modify
Click the
Edit
icon to open a screen where you can modify an existing rule.
Click the
Delete
icon to remove a rule from the NBG6716.
Apply
Click
Apply
to save your changes back to the NBG6716.
Cancel
Click
Cancel
to begin configuring this screen afresh.
Page 127 / 229
Chapter 16 Static Route
NBG6716 User’s Guide
127
The following table describes the labels in this screen.
Table 56
Network > Static Route: Add/Edit
LABEL
DESCRIPTION
Static Route
Select to enable or disable this rule.
Route Name
Type a name to identify this rule. You can use up to 31 printable English keyboard
characters, including spaces.
Destination IP
Address
This parameter specifies the IP network address of the final destination. Routing is always
based on network number. If you need to specify a route to a single host, use a subnet
mask of 255.255.255.255 in the subnet mask field to force the network number to be
identical to the host ID.
IP Subnet Mask
Enter the IP subnet mask here.
Gateway IP
Address
Enter the IP address of the next-hop gateway. The gateway is a router or switch on the
same segment as your NBG6716's interface(s). The gateway helps forward packets to
their destinations.
Back
Click
Back
to return to the previous screen without saving.
Apply
Click
Apply
to save your changes back to the NBG6716.
Cancel
Click
Cancel
to set every field in this screen to its last-saved value.
Page 128 / 229
NBG6716 User’s Guide
128
C
HAPTER
17
Firewall
17.1
Overview
Use these screens to enable and configure the firewall that protects your NBG6716 and your LAN
from unwanted or malicious traffic.
Enable the firewall to protect your LAN computers from attacks by hackers on the Internet and
control access between the LAN and WAN. By default the firewall:
allows traffic that originates from your LAN computers to go to all of the networks.
blocks traffic that originates on the other networks from going to the LAN.
The following figure illustrates the default firewall action. User
A
can initiate an IM (Instant
Messaging) session from the LAN to the WAN (1). Return traffic for this session is also allowed (2).
However other traffic initiated from the WAN is blocked (3 and 4).
Figure 89
Default Firewall Action
17.1.1
What You Can Do
Use the
General
screen to enable or disable the NBG6716’s firewall (
Section 17.2 on page 130
).
Use the
Services
screen enable service blocking, enter/delete/modify the services you want to
block and the date/time you want to block them (
Section 17.3 on page 130
).
17.1.2
What You Need To Know
The following terms and concepts may help as you read through this chapter.
WAN
LAN
3
4
1
2
A
Page 129 / 229
Chapter 17 Firewall
NBG6716 User’s Guide
129
What is a Firewall?
Originally, the term “firewall” referred to a construction technique designed to prevent the spread of
fire from one room to another. The networking term "firewall" is a system or group of systems that
enforces an access-control policy between two networks. It may also be defined as a mechanism
used to protect a trusted network from a network that is not trusted. Of course, firewalls cannot
solve every security problem. A firewall is one of the mechanisms used to establish a network
security perimeter in support of a network security policy. It should never be the only mechanism or
method employed. For a firewall to guard effectively, you must design and deploy it appropriately.
This requires integrating the firewall into a broad information-security policy. In addition, specific
policies must be implemented within the firewall itself.
Stateful Inspection Firewall
Stateful inspection firewalls restrict access by screening data packets against defined access rules.
They make access control decisions based on IP address and protocol. They also "inspect" the
session data to assure the integrity of the connection and to adapt to dynamic protocols. These
firewalls generally provide the best speed and transparency; however, they may lack the granular
application level access control or caching that some proxies support. Firewalls, of one type or
another, have become an integral part of standard security solutions for enterprises.
About the NBG6716 Firewall
The NBG6716’s firewall feature physically separates the LAN and the WAN and acts as a secure
gateway for all data passing between the networks.
It is a stateful inspection firewall and is designed to protect against Denial of Service attacks when
activated (click
the
General
tab under
Firewall
and then click the
Enable
Firewall
check box).
The NBG6716's purpose is to allow a private Local Area Network (LAN) to be securely connected to
the Internet. The NBG6716 can be used to prevent theft, destruction and modification of data, as
well as log events, which may be important to the security of your network.
The NBG6716 is installed between the LAN and a broadband modem connecting to the Internet.
This allows it to act as a secure gateway for all data passing between the Internet and the LAN.
The NBG6716 has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically
separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband
(cable or DSL) modem to the Internet.
The LAN (Local Area Network) port attaches to a network of computers, which needs security from
the outside world. These computers will have access to Internet services such as e-mail, FTP and
the World Wide Web. However, "inbound access" is not allowed (by default) unless the remote host
is authorized to use a specific service.
Guidelines For Enhancing Security With Your Firewall
1
Change the default password via Web Configurator.
2
Think about access control before you connect to the network in any way, including attaching a
modem to the port.
3
Limit who can access your router.
Page 130 / 229
Chapter 17 Firewall
NBG6716 User’s Guide
130
4
Don't enable any local service (such as NTP) that you don't use. Any enabled service could present
a potential security risk. A determined hacker might be able to find creative ways to misuse the
enabled services to access the firewall or the network.
5
For local services that are enabled, protect against misuse. Protect by configuring the services to
communicate only with specific peers, and protect by configuring rules to block packets for the
services at specific interfaces.
6
Protect against IP spoofing by making sure the firewall is active.
7
Keep the firewall in a secured (locked) room.
17.2
General Screen
Use this screen to enable or disable the NBG6716’s firewall, and set up firewall logs. Click
Security
>
Firewall
to open the
General
screen.
Figure 90
Security > Firewall > General l
The following table describes the labels in this screen.
17.3
Services Screen
If an outside user attempts to probe an unsupported port on your NBG6716, an ICMP response
packet is automatically returned. This allows the outside user to know the NBG6716 exists. Use this
screen to prevent the ICMP response packet from being sent. This keeps outsiders from discovering
your NBG6716 when unsupported ports are probed.
You can also use this screen to enable service blocking, enter/delete/modify the services you want
to block and the date/time you want to block them.
Click
Security
>
Firewall
>
Services
. The screen appears as shown next.
Table 57
Security > Firewall > General
LABEL
DESCRIPTION
Enable Firewall
Select this check box to activate the firewall. The NBG6716 performs access control and
protects against Denial of Service (DoS) attacks when the firewall is activated.
Apply
Click
Apply
to save the settings.
Cancel
Click
Cancel
to start configuring this screen again.

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top