Gateway 2701hgb Manual
Have a look at the manual Gateway 2701hgb Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 54 Gateway manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Firewall Tab 36 Viewing Your Firewall Summary The Firewall Summary page provides summar y information and links to the most commonly used security- related features of your system. To access the Firewall Summar y page: Open a Web browser and access the gateway user interface by entering http://gateway.2wire.net. Click the Firewall tab to open the View Firewall Summary page. Figure 15. View Firewall Summar y Page The Firewall Settings panel displays the Current Settings for your firewall. Default. Unsolicited inbound traffic is not allowed to pass through the firewall. Custom. Applications are associated with computers on your network. An access list shows the computers (Devices) on your network and the names of the Allowed Applications for each computer. When you allow application traffic, external users on the Internet can have limited access to your home network. This access might be required to allow some programs (such as game ser vers or instant messaging software) to operate properly. For example, a remote game player on the Internet might need to contact the game server program that you have installed on your home network in order to play against you. Normally, the firewall blocks this communication. By changing the firewall settings, this communication is permitted to pass through a “pinhole” in the firewall. This function may be referred to as “port-mapping” or “por t-forwarding” in your software program documentation.
Firewall Tab 37 Click VIEW DETAILS to access the Firewall Details page, which shows a list of all the devices that have applications configured in the firewall and the details of these configurations. Figure 16. View Firewall Details Page If you have the Firewall Monitor enhanced ser vice, the Firewall Monitor panel shows a brief summar y of the number of attacks that were blocked for the current day and week. Click VIEW DETAILS to access the Monitor the Firewall page. Hosting an Application When you host an application on your network for Internet users to access, you must configure the 2Wire gateway firewall to pass through specific application data to a selected computer. To host an application: Open a Web browser and access the gateway user interface by entering http://gateway.2wire.net. Click the Firewall tab.
Firewall Tab 38 Click the Firewall Settings link under the tab to open the Edit Firewall Settings page. Figure 17. Edit Firewall Settings Page 1. From the Select a computer pull-down menu, select the computer that you wish to host the application. 2.Click the Allow individual application(s) radio button. 3.In the Applications panel, select an application. 4.Click the ADD button. The application you selected now appears in the Hosted Applications pane. 5.Click DONE. To stop hosting an application: 1.In the Hosted Applications panel, select the application you wish to stop hosting. 2.Click the REMOVE button. 3.Click DONE.
Firewall Tab 39 Updating the Application Profile List If the application you want to host does not appear in the Application Profile list, you may need to update the application list. If an update is available, the UPDATE APPLICATION LIST button appears above the list of application profiles. If the application that you want to host is not included in the updated application list, you may need to add your own application profile. Adding an Application Profile If you wish to host an application that is not included in the Application Profile list, you can add an application using the Add Application Profile page. An application profile configures your system’s firewall to pass through application-specific data. This feature is typically used if the application for which you would like to pass through data to a given computer is new or has been recently updated to a new version. To create a new application profile: Open a Web browser and access the gateway user interface by entering http://gateway.2Wire.net. Click the Firewall tab. Click the Firewall Settings link under the tab to open the Edit Firewall Settings page.
Firewall Tab 40 In the Applications panel, click the Add a new user-defined application link to open the Edit Application page. Figure 18. Edit Application Page
Firewall Tab 41 1.In the Application Name field, enter a name for the application profile. You can enter any name you like, although it’s recommended that you use the name of the application (for example, Redwing Game Ser ver). 2.In the Definition panel, create a definition for your application. A definition consists of a series of protocol-specific por ts that are to be allowed through the firewall. This information should be contained in the documentation provided by the company that produces the application. a. In the Protocol field, select the TCP or UDP radio button. If the application you are adding requires both, you must create a separate definition for each. b. In the Por t (or Range) field, enter the por t or por t range the application uses. For example, some applications may require only one por t to be opened (such as TCP port 500); others may require that all TCP por ts from 600 to 1000 be opened. c. In the Protocol Timeout (seconds) field, you may optionally enter a value for the amount of time that can pass before the application “times out.” You can also leave the field blank, in which case the system uses the default values (86,400 seconds for the TCP protocol; 600 seconds for the UDP protocol). d. In the Map to Host Port field, enter a value that will map the port range you established in step b to the local computer. For example, if you set the value to 4000 and the range being opened is 100 to 108, the forwarded data to the first value in the range will be sent to 4000. Subsequent por ts will be mapped accordingly; 101 will be sent to 4001, 102 will be sent to 4002, etc. e. From the Application Type drop-down menu, select the application type. If you do not know the application type, select None (Default). 3.Click ADD DEFINTION to add the values to the profile definition list. 4.Click DONE. Repeat these steps for each por t or range of ports required for the application profile. To edit or delete an application profile: Open a Web browser and access the 2Wire gateway user interface by entering http://gateway.2Wire.net. Click the Firewall tab. Click the Firewall Settings link under the tab to open the Edit Firewall Settings page.
Firewall Tab 42 In the Applications panel, click the Edit or delete user-defined application link. The Select a Hosted Application page opens. Figure 19. Select a Hosted Application Page 1. In the User-Defined Application Profiles panel, highlight the application you wish to edit or delete. f. To edit the application profile, click EDIT. The Edit Application screen appears. Make the necessar y changes to the application profile and click DONE. g. To delete the application profile, click DELETE. Allowing all Applications (DMZplus) DMZplus is a special firewall mode that is used for hosting applications if you cannot get an application to work properly using the “Allow individual application(s)” option. When in DMZplus mode, the designated computer: Shares your gateway’s IP address (Router Address). Appears as if it is directly connected to the Internet. Has all of the unassigned TCP and UDP por ts opened and pointed to it. Can receive unsolicited network traffic from the Internet. Although the computer in DMZplus mode appears to Internet users as though it is directly connected to the Internet, it is still protected by your system firewall. All traffic is inspected by the firewall’s Stateful Packet Inspection engine and all known hacker attacks continue to be blocked.
Firewall Tab 43 Because all filtered traffic is forwarded to the designated computer, you should use DMZplus mode with caution. A computer in DMZplus mode is less secure because all available ports are open and all incoming Internet traffic is directed to this computer. To configure DMZplus: Open a Web browser and access the 2Wire gateway user interface by entering http://gateway.2Wire.net. Click the Firewall tab. Click the Firewall Settings link under the tab to open the Edit Firewall Settings page. Figure 20. Edit Firewall Settings Page 1. From the Select a computer pull-down menu, select the computer to which you would like to have all data sent. 2.Click Allow all applications (DMZplus mode).
Firewall Tab 44 3.Click DONE. 4.Access the computer that you selected in step 1. 5.Confirm that the computer is configured for DHCP. If it is not, configure it for DHCP. 6.Restar t the computer. When the computer restar ts, it receives a special IP address from the system and all unassigned TCP and UDP por ts are forwarded to it. To stop DMZplus: 1.From the Select a computer pull-down menu, select the computer for which you would like to disable DMZplus. 2.In the Edit firewall settings for this computer pane, click Maximum protection. 3.Click DONE. 4.Access the computer that you selected in step 1. If the computer will continue to automatically obtain an IP address, proceed to step 5. If the computer will have a static IP address, configure it with a valid static IP address. 5.Restar t the computer. Viewing the Firewall Log The 2Wire gateway keeps a log of all firewall-related events that occur. Each log entr y contains the date and time the event occurred, the severity level of the event, and details about the event. To view the log: Open a Web browser and access the 2Wire gateway user interface by entering http://gateway.2Wire.net. Click the Firewall tab.
Firewall Tab 45 Click the Firewall Log link under the tab to open the View Firewall Log page. Figure 21. View Firewall Log Page The following table provides additional information about the log entries. Click CLEAR LOG to clear the log. Severity Info. Informational only—the event does not imply a threat to network security. Low. Occurs when the firewall detects a low-level threat to the network, such as an invalid IP header or invalid packet length. Medium. Occurs when a medium-level threat is detected, such as an invalid IP fragment offset. High. Occurs when an attack is launched against the network (for example, a SYN Flood). DetailsIncludes the following information: The IP address from which the packet originated. The destination IP address of the packet. The action that was taken.