Page 161 / 382
Scroll up to view Page 156 - 160
Chapter 10 Firewall
P-870HN-51b User’s Guide
161
The following table describes the labels in this screen.
Table 49
Firewall > Incoming
LABEL
DESCRIPTION
Active Firewall
Select this check box to enable the firewall on the Device. When the
firewall is enabled, the Device blocks all incoming traffic from the WAN
to the LAN. Create custom rules below to allow certain WAN users to
access your LAN or to allow traffic from the WAN to a certain computer
on the LAN.
Active
Select this check box to enable the rule.
Filter Name
This displays the name of the rule.
Interfaces
This displays the WAN interface(s) to which this rule is applied.
Protocol
This displays the IP protocol that defines the service to which this rule
applies.
Source Address
/ Mask
This displays the source IP addresses and subnet mask to which this
rule applies. Please note that a blank source address is equivalent to
Any
.
Source Port
This is the source port number.
Dest. Address /
Mask
This displays the destination IP addresses and subnet mask to which
this rule applies. Please note that a blank destination address is
equivalent to
Any
.
Dest. Port
This is the destination port number.
Modify
Click the
Edit
icon to go to the screen where you can edit the rule.
Click the
Remove
icon to delete an existing rule. Note that subsequent
rules move up by one when you take this action.
Add
Click
Add
to create a new rule.
Apply
Click
Apply
to save your changes back to the Device.
Page 162 / 382
Chapter 10 Firewall
P-870HN-51b User’s Guide
162
10.3.1
Creating Incoming Firewall Rules
In the
Incoming
screen, click
Add
to display this screen and refer to the following
table for information on the labels.
Figure 81
Firewall > Incoming: Add
The following table describes the labels in this screen.
Table 50
Firewall > Incoming: Add
LABEL
DESCRIPTION
Active
Select this check box to enable the rule.
Filter Name
Enter a descriptive name of up to 16 printable English keyboard
characters, including spaces.
To add a firewall rule, you need to configure at least one of the
following fields (except the
Interface
field).
Protocol
Select the IP protocol (
TCP/UDP
,
TCP
,
UDP
or
ICMP
) and enter the
protocol (service type) number in the port field. Select
NONE
to apply
the rule to any protocol.
Source IP
Address
Enter the source IP address in dotted decimal notation.
Source Subnet
Mask
Enter the source subnet mask.
Source Port
Enter a single port number or the range of port numbers of the source.
Destination IP
Address
Enter the destination IP address in dotted decimal notation.
Page 163 / 382
Chapter 10 Firewall
P-870HN-51b User’s Guide
163
Destination
Subnet Mask
Enter the destination subnet mask.
Destination Port
Enter the port number of the destination.
Interface
Select
Select All
to apply the rule to all interfaces on the Device or
select the specific WAN interface(s) to which this rule applies.
Back
Click
Back
to return to the previous screen.
Apply
Click
Apply
to save your customized settings and exit this screen.
Table 50
Firewall > Incoming: Add (continued)
LABEL
DESCRIPTION
Page 165 / 382
P-870HN-51b User’s Guide
165
C
HAPTER
11
Certificate
11.1
Overview
The Device can use certificates (also called digital IDs) to authenticate users.
Certificates are based on public-private key pairs. A certificate contains the
certificate owner’s identity and public key. Certificates provide a way to exchange
public keys for use in authentication.
11.1.1
What You Can Do in this Chapter
• The
Local Certificates
screen lets you generate certification requests and
import the Device's CA-signed certificates (
Section 11.4 on page 173
).
• The
Trusted CA
screen lets you save the certificates of trusted CAs to the
Device
(
Section 11.4 on page 173
).
11.2
What You Need to Know
The following terms and concepts may help as you read through this chapter.
Certification Authority
A Certification Authority (CA) issues certificates and guarantees the identity of
each certificate owner. There are commercial certification authorities like
CyberTrust or VeriSign and government certification authorities. The certification
authority uses its private key to sign certificates. Anyone can then use the
certification authority's public key to verify the certificates. You can use the Device
to generate certification requests that contain identifying information and public
keys and then send the certification requests to a certification authority.
19216811.live