Gateway 2701hgb Manual
Have a look at the manual Gateway 2701hgb Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 54 Gateway manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Firewall Tab 46 Configuring the Firewall (Advanced) The Edit Advanced Firewall Settings page allows you to configure advanced features on your firewall. Figure 22. Edit Advanced Firewall Settings Page Note: These features should be used only if you are thoroughly familiar with firewalls and networking.
Firewall Tab 47 Enabling Advanced Security Your 2Wire gateway firewall already provides a high level of security. You can configure the firewall to provide advanced security features, including stealth mode, strict UDP, or block pings. Stealth Mode In normal firewall operation, when an unknown remote device makes a request to connect to a user’s network the firewall does not allow the connection to be made and responds with a “connection not available” message. This may not discourage a determined hacker, because the message confirms that there is an active network sending the response. The hacker may then use more sophisticated tools in an attempt to access your network. When in stealth mode, the 2Wire gateway firewall does not return any information in response to network queries; that is, it will appear to the hacker who is tr ying to access your network that your network does not exist. This discourages hackers from fur ther attempts at accessing your network, because to them it will appear as though there is no active network to access. To enable Stealth Mode: Open a Web browser and access the 2Wire gateway user interface by entering http://gateway.2Wire.net. Click the Firewall tab.
Firewall Tab 48 Click the Advanced Settings link under the tab to open the Edit Advanced Firewall Settings page. 1.In the Security pane, click the Stealth Mode checkbox. 2.Click SAVE.
Firewall Tab 49 Block Ping Ping is a basic Internet program that, when used without malicious intent, allows a user to verify that a particular IP address exists and can accept requests. Ping is used diagnostically to ensure that a host computer you are trying to reach is operating. It can also be used to see how long it takes to get a response back from a specific host computer. Hackers can use ping to launch an attack against your network, because ping can determine the number form of the network’s IP address (for example, 105.246.172.72) from the domain name (for example, www.mynetwork.com). If you enable Block Ping, your network will block all ping requests. To block ping: Open a Web browser and access the 2Wire gateway user interface by entering http://gateway.2Wire.net. Click the Firewall tab. Click the Advanced Settings link under the tab to open the Edit Advanced Firewall Settings page. 1.In the Security pane, click the Block Ping checkbox. 2.Click SAVE.
Firewall Tab 50 Strict UDP Session Control Enabling this feature provides increased security by preventing the 2Wire gateway from accepting packets sent from an unknown source over an existing connection. Strict UDP instructs the 2Wire gateway to be more restrictive about what packets are allowed to transmit over an established connection from a local network computer to the Internet. In addition to relying on information about the destination (3-tuple), the 2Wire gateway will also use information about the source of the connection (5-tuple). To enable strict UDP session control: Open a Web browser and access the 2Wire gateway user interface by entering http://gateway.2Wire.net. Click the Firewall tab. Click the Advanced Settings link under the tab to open the Edit Advanced Firewall Settings page. 1.In the Security pane, click the Strict UDP Session Control checkbox. 2.Click SAVE. Note: The ability to send traffic based on destination only is required by some applications. Enabling this feature may not allow some on-line applications to work properly.
Firewall Tab 51 Allowing Inbound and Outbound Traffic The Inbound and Outbound Control pane displays some common protocol types. When one of the Inbound protocol boxes is checked, the firewall allows the corresponding protocol to pass through from the Internet to the network. If one of the Outbound protocol boxes is checked, the firewall allows the traffic from the network to pass through the firewall to the Internet. To block an Inbound or Outbound protocol: Open a Web browser and access the 2Wire gateway user interface by entering http://gateway.2Wire.net. Click the Firewall tab. Click the Advanced Settings link under the tab to open the Edit Advanced Firewall Settings page. 1.In the Inbound and Outbound Control pane, deselect the checkbox of the protocol you wish to block. 2.Click SAVE. Disabling Attack Detection By default, the 2Wire gateway firewall rules block the attack types listed in the Attack Detection pane. There are some applications and devices that require the use of specific data ports through the firewall. The gateway allows users to open the necessary por ts through the firewall using the Firewall Settings page. If the user requires that a computer have all incoming traffic available to it, this computer can be set to the DMZplus mode. While in DMZplus mode, the computer is still protected against numerous broadband attacks (for example, SYN Flood or Invalid TCP flag attacks). In rare cases, the incoming traffic may be inadvertently blocked by the firewall (for example, when integrating with external third-par ty firewalls or VPN ser vers). You may need to disable one or more of the attack detection capabilities for any device placed in the DMZplus. In this case, the third-par ty server provides the attack protection normally provided by the gateway. Note: If you configure the firewall to block an Inbound protocol, you may disable suppor t for hosted applications that require that type of protocol.
Firewall Tab 52 The following table lists the attacks for which the gateway firewall filters continuously check. To disable attack detection for a specific por t: Open a Web browser and access the 2Wire gateway user interface by entering http://gateway.2Wire.net. Click the Firewall tab. Attack Description and Action Taken Excessive Session Detection When enabled, the firewall will detect applications on the local network that are creating excessive sessions out to the Internet. This activity is likely due to a virus or “worm” infected computer (for example, Blaster Worm). When the event is detected, the gateway displays a HURL warning page. TCP/UDP Por t Scan A por t scan is a series of messages sent by someone attempting to break into a computer to learn which computer network ser vices, each associated with a well- known por t number (such as UDP and TCP), the computer provides. When enabled, the firewall detects UDP and TCP port scans, and drops the packet. Invalid Source/Destination IP addressWhen enabled, the firewall will verify IP addresses by checking for the following: IP source address is broadcast or multicast — drop packet. TCP destination IP address is not unicast — drop packet. IP source and destination address are the same — drop packet. Invalid IP source received from private/home network — drop packet. Packet Flood (SYN/UDP/ICMP/ Other)When enabled, the firewall will check for SYN, UDP, ICMP, and other types of packet floods on the local and Internet facing interfaces and stop the flood. Invalid TCP Flag Attacks (NULL/ XMAS/Other)When enabled, the firewall will scan inbound and outbound packets for invalid TCP Flag settings, and drop the packet to prevent SYN/FIN, NULL, and XMAS attacks. Invalid ICMP Detection The firewall checks for invalid ICMP/code types, and drops the packet. Miscellaneous The firewall checks for the following: Unknown IP protocol — drop packet. Por t 0 attack detected — drop packet. TCP SYN packet — drop packet. Not a star t session packet — drop packet. ICMP destination unreachable — terminate session.
Firewall Tab 53 Click the Advanced Settings link under the tab to open the Edit Advanced Firewall Settings page. Figure 23. Edit Advanced Firewall Settings Page 1. In the Attack Detection panel, deselect the appropriate checkbox. 2.Click SAVE.
54 Management and Diagnostic Console This chapter describes the 2Wire gateway Management and Diagnostic Console (MDC). The Management and Diagnostic Console provides information about the status of the 2Wire gateway, its broadband network connections, attached home networking devices, system and security information, and a running log of any error conditions. You can use the tools provided to: View configuration and ser vice provisioning information. View operation logs. Perform diagnostic tests. Configure the gateway. The following sections describe how to access the Management and Diagnostic Console, use the diagnostic and configuration tools, and modify settings. Accessing the MDC To access the MDC from your in-home or office network, enter the following URL: http://gateway.2wire.net/management Using the MDC After you access the Management and Diagnostic Console, a navigation bar allows you to quickly select pages on the site. The navigation bar consists of the following links: Note: The MDC pages available are dependent on the 2Wire gateway software release. The MDC pages shown in this chapter are for 2Wire gateways running software release 4.21.x. If your gateway is running a software release earlier than 4.21.x, some of these pages may not be available. Group Link Summar y System Summar y Broadband Link Summar y Statistics Detailed Statistics Configure Local Network Status Statistics
Management and Diagnostic Console 55 Local Network Device List Wireless Configure Firewall Settings Detailed Information Advanced Settings Vo i c e S u m m a r y Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Note: The link groups that display are dependent on the 2Wire gateway model. For example, DSL Diagnostics will display only if a user has a gateway that connects to the Internet via DSL. Group Link