Cisco Dpq3925x User Manual

							4021193 Rev C  71 
 
 Control Access to the Gateway 
 
Use the Keyword List to enter the keywords you wish to block. If any of these 
keywords appears in the URL of a website, access to the site will be blocked. Note 
that only the URL is check, not the content of each webpage.  
Access Restrictions > Time of Day Rules 
Use the Access Restrictions Time of Day Rules page to configure web access filters to 
block all Internet traffic to and from specific network devices based on day of week 
and time of day settings that you select. 
Select the Time of Day Rules tab to open the Access Restrictions Time of Day Rules 
Page. The following illustration is an example of the Access Restrictions Time of Day 
Rules page. 
Note: The residential gateway uses the network time of day clock that is managed by 
your data service provider. The time of day clock must be accurate and represent the 
time of day in your time zone for this feature to operate properly. Verify that the 
Status and Set Time pages reflect the correct time of day. If they do not reflect the 
correct time of day, contact your data service provider. You can also adjust your 
settings to account for the difference. 
 
Access Restrictions Time of Day Rules Page Description 
Use the descriptions and instructions in the following table to configure the time of 
day rules for your residential gateway. After you make your selections, click Save 
Settings to apply your changes or Cancel Changes to cancel.  
						

							72  4021193 Rev C 
 
Control Access to the Gateway 
 
Section Field Description 
Tod Filter Add 
Allows you to add a new Time of Day access filter or rule. 
Enter the name of the filter and click the Add key to add the 
filter to the list. Time of Day rules are used to restrict Internet 
access based on the day and time.   
Remove   
Removes the selected filter from the Time of Day filter list 
Schedule Days to Block 
Allows you to control access based on days of the week 
Time to Block  
Allows you to control access based on time of day  
Access Restrictions > User Setup 
Use the Access Restrictions User Setup page to set up additional accounts and user 
profiles for household members. Each profile can be assigned customized levels of 
Internet access as defined by the access rules assigned to that users profile. 
Important: These additional accounts do not grant administrative access to the 
gateway. 
Note: Once you define and enable user profiles, each user must sign-on each time 
they wish to access the Internet. The user can sign-on when the pop-up sign-on 
screen appears in their Web browser. The user must enter their correct user name 
and password in order to gain Internet access. 
Select the User Setup tab to open the Access Restrictions User Setup page. 
  
						

							4021193 Rev C  73 
 
 Control Access to the Gateway 
 
Access Restrictions User Setup Page Description 
Use the descriptions and instructions in the following table to configure the user 
setup for your residential gateway. After you make your selections, click Save 
Settings to apply your changes or Cancel Changes to cancel. 
Section Field Description 
User 
Configure 
Add User 
Allows you to add a new user profile. Enter the name of the user and click the Add User 
button to add the user to the list. 
User Settings 
Allows you to edit a user profile by using the drop-down menu to edit a user profile. The 
drop-down menu allows you to recall the profile to be edited. User names and passwords 
are case-sensitive. 
Make sure to check the Enable box to activate the user profile. If a profile is not active, that 
user will not have any access to the Internet. 
To remove a user profile, use the drop-down menu to select the user to be removed and 
click the Remove User button. 
Password 
Enter the selected users password in this field. Each user must enter their User Name and 
Password each time they use the Internet. User names and passwords are case-sensitive. 
Note: The residential gateway will allow each user access to the Internet, subject to the 
rules selected on this page for that user. 
Re-Enter Password 
Re-enter the same password for confirmation of the password in the previous field. 
Trusted User 
Check this box if the currently selected user is to be designated a trusted user. Trusted 
users are not subject to Internet access rules. 
Content Rule 
Select the Content Rule for the current user profile. Content Rules must first be defined by 
going to the Rules Configuration page. You can access the Rule Configuration page by 
clicking on the ―Basic Rules‖ tab on this page. 
Time Access Rule 
Select the Time Access Rule for the current user profile. Time Access Rules must first be 
defined by going to the Time of Day Rules page. You can access the Time of Day Rules 
page by clicking on the ―Time of Day Rules‖ tab on this page. 
Session Duration 
1440 minutes [Factory default when a user is created. Otherwise, it is 0 (zero)]. 
Enter the amount of time in minutes that the user will be granted Internet access beginning 
at the time they sign on using their User Name and Password. 
Note: Set the Session Duration to 0 (zero) to prevent session timeout.  
						

							74  4021193 Rev C 
 
Control Access to the Gateway 
 
Section Field Description 
 Inactivity Time 
60 minutes [Factory default when a user is created. Otherwise, it is 0 (zero)]. 
Enter the amount of time during a user session where there is no Internet access activity, 
indicating that the user is no longer online. If the inactivity timer is triggered, the user 
session will be closed automatically. In order to regain Internet access, the user must log in 
again with their User Name and Password. 
Note: Set the Inactivity time value to 0 (zero) to prevent session timeout.  
Access Restrictions > Local Log 
This page allows you to track, by user, any attempts made by that user to access 
Internet sites that are restricted. From this page you can also view events captured 
by the parental control event-reporting feature. 
Select the Local Log tab to open the Access Restrictions Local Log page. 
The following illustration is an example of the Access Restrictions Local Log page. 
 
Section Field Description 
Local Log 
Parental Control - Event 
Log 
Last Occurence 
Displays the time of the most recent attempt to access a 
restricted Internet site 
Action 
Displays the action taken by the system 
Target 
Displays the URL of the restricted site 
User 
Displays the user who attempted a restricted site 
Source 
Displays the IP address of the PC that was used when 
attempting to access a restricted website 
  
						

							4021193 Rev C  75 
 
 Configure Applications and Gaming 
 
Configure Applications and Gaming 
Overview 
Most well-known Internet applications are supported by Application Layer 
Gateways (ALGs). ALGs automatically adjust the gateway firewall to allow data to 
pass without making any custom settings. We recommend that you test your 
application before making changes in this section. 
Applications & Gaming > Port Filtering 
Use this window to configure transmission control protocol (TCP) and user 
datagram protocol (UDP) port filters. These filters prevent a range of TCP/UDP 
ports from accessing the Internet. You can also prevent PCs from sending outgoing 
TCP/UDP traffic to the WAN on specific IP port numbers. This filter is not IP 
address- or MAC address- specific. The system blocks the specified port ranges for 
all PCs. 
Select the Port Filtering tab to open the Applications & Gaming Port Filtering page. 
 
Applications and Gaming Port Filtering Page Description 
Use the descriptions and instructions in the following table to configure the port 
filtering for applications and gaming features used on your residential gateway. 
Click the Enable checkbox to enable port forwarding for the relevant application. 
After you make your selections, click Save Settings to apply your changes or Cancel 
Changes to cancel.  
						

							76  4021193 Rev C 
 
Configure Applications and Gaming 
 
Section Field Description   
Port Filtering Start Port: 
This is the beginning of the port range. Enter the beginning of the 
range of port numbers (external ports) used by the server or Internet 
application. Check with the software documentation of the Internet 
application for more information if necessary. 
End Port: 
This is the end of the port range. Enter the end of the range of port 
numbers (external ports) used by the server or Internet application. 
Check with the software documentation of the Internet application 
for more information if necessary. 
Protocol 
Select one of the following protocols: 
 TCP 
 UDP 
 Both 
Enable: 
Check this box to enable filtering on the specified ports.  
Applications & Gaming > Port Range Forwarding 
Important: The gateway normally implements a feature called Port Translation. Port 
Translation monitors what ports are actually being used by your PCs or other 
devices on your LAN. This monitoring provides an added level of security beyond 
what the firewall provides. However, there are some applications that require the 
gateway to use specific ports to connect over the Internet. 
Use Port Range Forwarding to forward ports from the public Internet to specific IP 
addresses in your local network. Select the Port Range Forwarding tab to open the 
Applications & Gaming Port Range Forwarding page. 
For the Start and End Port, select a port from the recommended 49152 - 65535 range. 
Keep in mind that ports used are program specific so check which ones the program 
requires to be forwarded. Type the port number or range in both boxes. In the IP 
Address box type the name of the computer‘s IP address to which this is to apply. 
Note: Port Range Forwarding continually exposes the selected ports to the public 
Internet. This means that the gateway‘s firewall is no longer active on these ports. 
The device with the forwarding IP address can be exposed to hacker attacks while 
the port range is being forwarded.  
						

							4021193 Rev C  77 
 
 Configure Applications and Gaming 
 
 
Applications and Gaming Port Range Forward Page Description 
Use the descriptions and instructions in the following table to configure the port 
range forwarding for the residential gateway. Select enable for each. After you make 
your selections, click Save Settings to apply your changes or Cancel Changes to 
cancel. 
Section Field Description   
Port Range Forwarding Start 
For the Start port, select a port from the recommended 49152 - 
65535 range. Keep in mind that ports used are program specific 
so check which ones the program requires to be forwarded.  
End 
For the End port, select a port from the recommended 49152 - 
65535 range. Keep in mind that ports used are program specific 
so check which ones the program requires to be forwarded. 
Protocol 
Select one of the following protocols: 
 TCP 
 UDP 
 Both 
IP Address 
Enter the computer‘s IP address to which this is to apply. 
Enable 
Check this box to enable port forwarding for the specified ports 
and IP addresses.   
						

							78  4021193 Rev C 
 
Configure Applications and Gaming 
 
Applications & Gaming > Port Range Triggering 
Port range triggering is a way to dynamically forward ports to a LAN PC that needs 
them at a particular time. That particular time is when it runs a certain application 
that performs some event that trigger the router. This event must be an outbound 
access of a particular port range. 
Select the Port Range Triggering tab to open the Applications & Gaming Port Range 
Triggering page. 
 
Applications and Gaming Port Range Triggering Page Description 
Use the descriptions and instructions in the following table to configure the port 
range triggering for the residential gateway. Select enable for each. After you make 
your selections, click Save Settings to apply your changes or Cancel Changes to 
cancel. 
Section Field Description   
Port Range Triggering 
Triggered Range Start Port 
For the Start port, select a port from the recommended 49152 - 
65535 range. Keep in mind that ports used are program specific 
so check which ones the program requires to be forwarded.  
End Port 
For the End port, select a port from the recommended 49152 - 
65535 range. Keep in mind that ports used are program specific 
so check which ones the program requires to be forwarded. 
Forwarded Range Start Port 
For the Start port, select a port from the recommended 49152 - 
65535 range. Keep in mind that ports used are program specific 
so check which ones the program requires to be forwarded.   
						

							4021193 Rev C  79 
 
 Configure Applications and Gaming 
 
Section Field Description   
End Port 
For the End port, select a port from the recommended 49152 - 
65535 range. Keep in mind that ports used are program specific 
so check which ones the program requires to be forwarded. 
Protocol 
Select one of the following protocols: 
 TCP 
 UDP 
 Both 
Enable 
Click the Enable checkbox to enable port range triggering for 
the relevant application.  
Applications & Gaming > DMZ 
Use this page to configure an IP address whose ports are directly exposed to the 
public Internet or to the Wide Area Network (WAN). Demilitarized Zone (DMZ) 
hosting is commonly referred to as exposed host, and allows you to specify a 
recipient of WAN traffic that Network Address Translation (NAT) is unable to 
translate to a known local PC. 
A DMZ is typically used by a company that wants to host its own Internet server. 
DMZ allows one IP address to be placed on the Internet side of the gateway firewall 
while others remain protected behind the firewall. 
The DMZ allows a device to be directly accessible to Internet traffic, such as a web 
(HTTP) server, an FTP server, an SMTP (e-mail) server, and a domain name system 
(DNS) server. Select the DMZ tab to open the Applications & Gaming DMZ page. 
  
						

							80  4021193 Rev C 
 
Configure Applications and Gaming 
 
Applications and Gaming DMZ Page Description 
Use the descriptions and instructions in the following table to configure the port 
range triggering for the residential gateway. Select enable for each DMZ Host IP 
address. After you make your selections, click Save Settings to apply your changes 
or Cancel Changes to cancel. 
Section Field Description  
DMZ DMZ Hosting 
Select the desired option: 
 Enable  
 Disable (factory default) 
DMZ Host IP Address 
DMZ allows one IP address to be unprotected while others remain 
protected. Enter the IP address of the computer you want to 
expose to the Internet in this field.