ATT 3800hgvb Manual
Have a look at the manual ATT 3800hgvb Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1 ATT manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Gateway User Interface 29 Configuring Advanced Firewall Settings The Edit Advanced Firewall Settings page allows you to configure advanced features on your firewall. Enabling Advanced Security The 2Wire gateway firewall already provides a high level of security. You can configure the firewall to provide advanced security features, including stealth mode, strict UDP , or block pings. Stealth Mode. When in stealth mode, the 2Wire gateway firewall does not return information in response to network queries; that is, it will appear to hackers who are tr ying to access your network that your network does not exist. This discourages hackers from further attempts at accessing your network, because to them it will appear as thoug h there is no active network to access. Block Ping. Ping is a basic Internet program that, when used without malicious intent, allows a user to verify that a particular IP address exists and can a ccept requests. Hackers can use ping to launch an attack against your network, because ping can det ermine the number form of the network’s IP address (for example, 105.246.172.72) from the domain nam e (for example, www.mynetwork.com). If you enable Block Ping, your network will block all ping requests.
Gateway User Interface 30 Strict UDP Session Control. Enabling this feature provides increased security by preventing the 2Wire gateway from accepting packets sent from an unknown source over an existing connection. The ability to send traffic based on destination only is required by some applications. Enabling this feature may not allow some on-line applications to work properly. Allowing Inbound and Outbound Traffic The Inbound and Outbound Control pane displays some common protocol types. When one of the Inbound protocol boxes is checked, the firewall allows the co rresponding protocol to pass through from the Internet to the network. If one of the Outbound protocol boxes is checked, the firewall allows the traffic from the network to pass through the firewall to the Internet. Note: If you configure the firewall to block an Inbound protocol, you may disable suppor t for hosted applications that require that type of protocol. Disabling Attack Detection By default, the 2Wire gateway firewall rules block the a ttack types listed in the Attack Detection pane. There are some applications and devices that require the us e of specific data por ts through the firewall. The gateway allows users to open the necessary por ts thr ough the firewall using the Firewall Settings page. If the user requires that a computer have all incoming tra ffic available to it, this computer can be set to the DMZplus mode. While in DMZplus mode, the com puter is still protected against numerous broadband attacks (for example, SYN Flood or Invalid TCP flag attacks). I n rare cases, the incoming traffic may be inadvertently blocked by the firewall (for example, when integrating with external third-par ty firewalls or VP N ser vers). You may need to disable one or more of the attack detection capabilities for any device placed in the DMZplus. In this case, the third-par ty server provides the attack protection normally provided by the gateway. Following are the attacks for which the gateway firewall filters continuously checks. Excessive Session Detection. When enabled, the fire wall will detect applications on the local network that are creating excessive sessions out to the Internet . This activity is likely due to a virus or “worm” infected computer (for example, Blaster Worm). When the event is detected, the gateway displays a HURL warning page. TCP/UDP Por t Scan. A por t scan is a series of mess ages sent by someone attempting to break into a computer to learn which computer network ser vic es, each associated with a well-known port number (such as UDP and TCP), the computer provides . When enabled, the firewall detects UDP and TCP port scans, and drops the packet. Invalid Source/Destination IP address. When enabled, the firewall will verify IP addresses by checking for the following: − IP source address is broadcast or multicast — drop packet. − TCP destination IP address is not unicast — drop packet. − IP source and destination address are the same — drop packet. − Invalid IP source received from private/home network — drop packet.
Gateway User Interface 31 Packet Flood (SYN/UDP/ICMP/Other). When enabled, the firewall will check for SYN, UDP, ICMP, and other types of packet floods on the local and Internet facing interfaces and stop the flood. Invalid TCP Flag Attacks (NULL/XMAS/Other). When enabled, the firewall will scan inbound and outbound packets for invalid TCP Flag settings, and drop the packet to prevent SYN/FIN, NULL, and XMAS attacks. Invalid ICMP Detection. The firewall checks for invalid ICMP/code types, and drops the packet. Miscellaneous. The firewall checks for the following: −Unknown IP protocol — drop packet. − Por t 0 attack detected — drop packet. − TCP SYN packet — drop packet. − Not a start session packet — drop packet. − ICMP destination unreachable — terminate session.
32 Access the Management and Diagnostic Console Accessing the Management and Diagnostic Console The Management and Diagnostic Console (MDC) provides information about the status of the 2Wire gateway, its broadband network connections, attached home networking devices, system and security information, and a running log of any error conditions. To access the MDC locally, in the browser address bar enter http://gateway.2wire.net/management . After you access the MDC, use the left-hand navigation menu to select specific MDC pages. System Summary Page The System Summar y page shows general information about the 2Wire gateway, its configuration, and components.
Access the Management and Diagnostic Console 33 Depending on the ser vice provider and the components installed, the System Summar y page may include the following information: Item Description System Model 2Wire gateway model number (for example, 3700HGV-B). Serial number 2Wire gateway serial number. MAC Address 2Wire gateway MAC address. Hardware Version 2Wire gateway hardware version. Hardware Options The type of peripheral device installed. DSL Modem Type VDSL. Current Software 2Wire gateway software version. Configuration Key Code The static key code associated with the current provisioning settings. System Time The day, month, year, and time; or “Retrieving date and time settings from Internet” if not set. Time Since Last Boot The time elapsed since the 2Wire gateway was last restar ted. Last ID Post The time elapsed since the 2Wire gateway communicated with the configuration ser ver. Components DSL Modem Modem software version. common_en The language in which the user interface is presented (common_en = English). Firewall Rules Current version of the installed firewall rules database. Application List Current version of the application list.
Access the Management and Diagnostic Console 34 Broadband Link - Summar y Page The Broadband Link - Summary page allows you to view 2Wire gateway broadband connectivity-related settings, and reset the Broadband Link and IP Connection. Note: The information displayed varies depending on whether the broadband connection is via DSL or Ethernet. Features Item Description
Access the Management and Diagnostic Console 35 Broadband Link - Statistics Page The Broadband Link - Statistics page shows statistics associated with the 2Wire gateway broadband link.
Access the Management and Diagnostic Console 36 Broadband Link - Detailed Statistics Page The Broadband Link – Detailed DSL Statistics page shows a set of cumulative DSL statistics associated with the 2Wire gateway.
Access the Management and Diagnostic Console 37 Broadband Link - Configuration Page The Broadband Link – Configuration page allows you to m odify specific broadband connection settings. For details on broadband link configuration settings, re fer to “Using Broadband Link Advanced Settings” on page 19.
Access the Management and Diagnostic Console 38 Local Network - Status Page The Local Network – Status page shows the status of the local network. The Local Network – Status page includes the following information: Item Description IP Gateway The IP address allocated to the 2Wire gateway. IP Network The IP address used by the network. Subnet Mask The subnet mask allocated to the 2Wire gateway. DHCP Range The range of IP addresses available on the network, the number of addresses allocated, and the number of addresses remaining. DHCP Timeout The time, in minutes , before the DHCP lease must be renewed. Wireless (this field is present only on wireless 2Wire gateway models)