Home
>
Panasonic
>
Camera Accessories
>
Panasonic Network Camera Management System Bbhgw700a Operating Instructions
Panasonic Network Camera Management System Bbhgw700a Operating Instructions
Have a look at the manual Panasonic Network Camera Management System Bbhgw700a Operating Instructions online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 10737 Panasonic manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 57
57 [For assistance, please call: 1-800-272-7033]Operating Instructions
Functions
3.2 Using Advanced Setup
3.2.1 Accessing this Product from the Internet
The address translation page allows you to perform detailed settings in order to translate the WAN
(Internet) sides global address and the private address, and access this products network from the
Internet. Set these when enabling the IP masquerade function and the port forwarding function used,
for example, when starting up a mail server. When using...](http://img.usermanuals.tech/thumb/58/69507/w64_bbhgw700a_en_om_d-56.png "Page 57
57 [For assistance, please call: 1-800-272-7033]Operating Instructions
Functions
3.2 Using Advanced Setup
3.2.1 Accessing this Product from the Internet
The address translation page allows you to perform detailed settings in order to translate the WAN
(Internet) sides global address and the private address, and access this products network from the
Internet. Set these when enabling the IP masquerade function and the port forwarding function used,
for example, when starting up a mail server. When using...")
![Page 59
59 [For assistance, please call: 1-800-272-7033]Operating Instructions
Functions
Data Entry Field
Note
When setting up the table, there is a possibility of illegal access to the forwarding port from the Internet.
For safety, only set it when required.
OperationAllows you to Modify/Delete the parameters of each heading.
EntrySelect Enable or Disable. When Enable is selected, the entry functions as if
set on a table (protocol, forwarding port, forwarding IP address). When
Disable is selected, even if...](http://img.usermanuals.tech/thumb/58/69507/w64_bbhgw700a_en_om_d-58.png "Page 59
59 [For assistance, please call: 1-800-272-7033]Operating Instructions
Functions
Data Entry Field
Note
When setting up the table, there is a possibility of illegal access to the forwarding port from the Internet.
For safety, only set it when required.
OperationAllows you to Modify/Delete the parameters of each heading.
EntrySelect Enable or Disable. When Enable is selected, the entry functions as if
set on a table (protocol, forwarding port, forwarding IP address). When
Disable is selected, even if...")
![Page 61
61 [For assistance, please call: 1-800-272-7033]Operating Instructions
Functions
How to Modify/Delete Entries
1.Click Port Forwarding on the Address
Translation page
.
2.Select the No. you want to modify or delete in
port forwarding, and click Modify/Delete under
the
operation heading.
The port forwarding registration page is
displayed.
3.When you want to modify the settings, click
[Modify], when you want to delete the settings,
click [Delete]
.
The port forwarding page is displayed.
After...](http://img.usermanuals.tech/thumb/58/69507/w64_bbhgw700a_en_om_d-60.png "Page 61
61 [For assistance, please call: 1-800-272-7033]Operating Instructions
Functions
How to Modify/Delete Entries
1.Click Port Forwarding on the Address
Translation page
.
2.Select the No. you want to modify or delete in
port forwarding, and click Modify/Delete under
the
operation heading.
The port forwarding registration page is
displayed.
3.When you want to modify the settings, click
[Modify], when you want to delete the settings,
click [Delete]
.
The port forwarding page is displayed.
After...")
![Page 63
63 [For assistance, please call: 1-800-272-7033]Operating Instructions
Functions
3.2.2 Improving Security
This function allows you to limit access to this product and set up filtering easily. When performing
security setup, a filtering log is saved in the default settings. The saved log is displayed as a three-
character abbreviation. (see page
64)](http://img.usermanuals.tech/thumb/58/69507/w64_bbhgw700a_en_om_d-62.png "Page 63
63 [For assistance, please call: 1-800-272-7033]Operating Instructions
Functions
3.2.2 Improving Security
This function allows you to limit access to this product and set up filtering easily. When performing
security setup, a filtering log is saved in the default settings. The saved log is displayed as a three-
character abbreviation. (see page
64)")
![Page 65
65 [For assistance, please call: 1-800-272-7033]Operating Instructions
Functions
Notes
If the log output heading is unchecked, a log will not be recorded.
In order to improve security, it is necessary to manage your current software and update firmware
as appropriate.
Priority of Security Functions
In order for this product to combat various types of illegal access from the Internet, it is equipped with
the following security functions:
[Prioritization (top to bottom)]
Packet Filtering (see page...](http://img.usermanuals.tech/thumb/58/69507/w64_bbhgw700a_en_om_d-64.png "Page 65
65 [For assistance, please call: 1-800-272-7033]Operating Instructions
Functions
Notes
If the log output heading is unchecked, a log will not be recorded.
In order to improve security, it is necessary to manage your current software and update firmware
as appropriate.
Priority of Security Functions
In order for this product to combat various types of illegal access from the Internet, it is equipped with
the following security functions:
[Prioritization (top to bottom)]
Packet Filtering (see page...")
![Page 66
Operating Instructions
66
Packet Filtering
By specifying the IP address, port and protocol parameters, it is possible to either pass or intercept IP
packets that are being received. If the parameters are set effectively they can be used as a security
measure. Filtering is processed from the smallest entry no. up. For an explanation of each heading in
filtering, see below.
Notes
You must click [Save] after setting the filtering parameters.
Data Entry Field
1.Click [Packet Filtering] on the security...](http://img.usermanuals.tech/thumb/58/69507/w64_bbhgw700a_en_om_d-65.png "Page 66
Operating Instructions
66
Packet Filtering
By specifying the IP address, port and protocol parameters, it is possible to either pass or intercept IP
packets that are being received. If the parameters are set effectively they can be used as a security
measure. Filtering is processed from the smallest entry no. up. For an explanation of each heading in
filtering, see below.
Notes
You must click [Save] after setting the filtering parameters.
Data Entry Field
1.Click [Packet Filtering] on the security...")
61 [For assistance, please call: 1-800-272-7033]Operating Instructions Functions How to Modify/Delete Entries 1.Click Port Forwarding on the Address Translation page . 2.Select the No. you want to modify or delete in port forwarding, and click Modify/Delete under the operation heading. The port forwarding registration page is displayed. 3.When you want to modify the settings, click [Modify], when you want to delete the settings, click [Delete] . The port forwarding page is displayed. After modification, the modified information field will be highlighted in orange and the settings will have changed. After deletion, the deleted information field will be highlighted in orange and Unsaved Deletion is displayed. 4.Click [Save]. The restart window indicating that setup is complete is displayed. 5.Click [Restart].
Operating Instructions 62 The DMZ Function The DMZ (De-militarized Zone) function allows destination unknown packets sent from the WAN (Internet) side to the LAN (Home) side, to be forwarded to an IP address specified in the DMZ functions settings. Packets sent by the DMZ function are forwarded to the registered IP address after being passed through all the security filters. DMZ Function 1.Click Port Forwarding on the Address Translation page. 2.Select Enable from the drop-down list in Entry, and enter the forwarding destination IP address into the DMZ functions Host IP Address field . Notes The IP address registered at the forwarding destination should be the same as the IP address on the LAN. The DMZ function on this product can forward data to an IP address of a device connected to the LAN (Home) side using port forwarding. The IP address filters registered at the forwarding destination are disabled. The DMZ function of this product does not split the network into segments. Therefore, in the unlikely event that the forwarding destination IP address is attacked, there is a chance that other devices connected to the LAN side have also been attacked. Bear this in mind when using this system and take safety precautions. When using the DMZ function, set Address Translation to Enable. (see page 57) The DMZ function is not compatible with the Camera Portal (No.TCP80[Default]), Setup (No.TCP8080[Default]), and the PPTP server function (No.1723[GRE]). Also, when IPv6 Tunneling Connection or IPv6 6to4 Connection is being used, the IPv6 protocol (Protocol No. 41) is not compatible with the DMZ function. 3.When setup is complete, click [Save]. The entered information is saved. Note When saving, do not cut the power supply. If cut, saving might not be completed successfully. 4.When [Restart] is displayed on the setup page, click it .
63 [For assistance, please call: 1-800-272-7033]Operating Instructions Functions 3.2.2 Improving Security This function allows you to limit access to this product and set up filtering easily. When performing security setup, a filtering log is saved in the default settings. The saved log is displayed as a three- character abbreviation. (see page 64)
Operating Instructions 64 Data Entry Field Easy Security SettingsIt is possible to easily set up firewalls, which appear frequently, and are very important in terms of security. The default settings are oriented to the highest possible level. Only change them if essential. Access by private IP addresses are rejected in both directions.Display when saving log: P-P When the source of an incoming (from WAN side) and destination of an outgoing (to WAN side) packet is a private address, access to this product is prohibited. In factory default settings Access by private IP addresses are rejected in both directions and Log Output are both checked. Access by NetBIOS/ File sharing/Printer sharing/PC remote access are rejected in both directions.Display when saving log: SHR Prohibits the access in both ways of packets sent/received when files or printers are shared on Windows. In factory default settings Access by NetBIOS/File sharing/Printer sharing/PC remote access are rejected in both directions and Log Output are both checked. Access Control Setup pages Settings to limit access to this product from the WAN side. Display when saving log: W-C It is possible to select either Administrator Only or Restricted Access for access to Setup from the WAN side. In factory default settings Restricted Access and Log Output are both checked. Camera PortalDisplay when saving log: W-P It is possible to select either None, Administrator Only or Restricted Access for access to Camera Portal from the WAN side. In factory default settings None and Log Output are both checked. Stealth Mode Stealth Mode can hide this product from WAN (Internet). Display when saving log: STL It is possible to set this product to not respond to Pings etc. from the WAN (Internet) side. Therefore it can escape the attackers existence verification produced by Pings etc. It will also not respond to UDP/ TCP port scans. In factory default settings Stealth Mode can hide this product from WAN (Internet) and Log Output are both checked. Regard Ident packet as an exceptionDisplay when saving log: STL (Ident) When clients try to send/receive E-mail, There is E-mail server that authenticates E-mails to/from clients. This authentication uses recognition protocol, which uses TCP port number 113. The authentication level is relatively low so there are not many cases where clients are unable to send/receive E-mails. In factory default settings Regard the Ident Packet as an Exception and Log Output are both checked. Intrusion DetectionWhen using the intrusion detection function, check the field under each heading. Stateful packet inspection (Dynamic packet filtering) is enabledDisplay when saving log: SPI If a packet being received from the WAN side is inspected, and judged to be a corrupt packet, it is intercepted. By comparing the packet to static filtering (packet filtering through header information), Internet data can be sent more safely. In factory default settings Stateful packet inspection (Dynamic packet filtering) is enabled and Log Output are both checked.
65 [For assistance, please call: 1-800-272-7033]Operating Instructions Functions Notes If the log output heading is unchecked, a log will not be recorded. In order to improve security, it is necessary to manage your current software and update firmware as appropriate. Priority of Security Functions In order for this product to combat various types of illegal access from the Internet, it is equipped with the following security functions: [Prioritization (top to bottom)] Packet Filtering (see page 66) Easy Security Settings (see page 63) Stealth Mode (see page 64) These functions are executed in the above order. At each level the packet is either passed or intercepted. Note When using the DMZ function (see page 62), the security function cannot be executed for DMZ terminal packets. Attack Detection is enabledDisplay when saving log: DoS Harmful data from the WAN side is detected, and the packet is intercepted. A detection record is noted in the log. The following types of attacks can be detected: TCP Scan UDP Scan ICMP Echo
Operating Instructions 66 Packet Filtering By specifying the IP address, port and protocol parameters, it is possible to either pass or intercept IP packets that are being received. If the parameters are set effectively they can be used as a security measure. Filtering is processed from the smallest entry no. up. For an explanation of each heading in filtering, see below. Notes You must click [Save] after setting the filtering parameters. Data Entry Field 1.Click [Packet Filtering] on the security setup page . 2.Click Add under the Operation heading. 3.Set the necessary headings and click [Add]. 4.When setup is complete, click [Save]. The entered information is saved. 5.When [Restart] is displayed on the setup page, click it . No.Select an entry no. between 1 and 64. Packet filtering is processed from the smallest entry no. up. If an entry is already registered, it will be overwritten by the new entry. OperationClick Add to add a new filtering setting. To modify or delete a filtering setting click Modify/Delete. The setup page will open and you can add, modify or delete settings by entering the data and clicking the appropriate button. EntryEnable or Disable this entry.
67 [For assistance, please call: 1-800-272-7033]Operating Instructions Functions Ty p eSelect Permit (if it conforms to the parameters it will be passed) or Prohibit (if it conforms to the parameters it will be intercepted). DirectionSelect W L (filtering when receiving from WAN) or L W (filtering when sending to WAN). Source IP Address/Prefix LengthSet the packet source IP address to be filtered. When specifying only 1 IP address, enter the IP address and its subnet prefix length. When specifying an IP address range, enter the network address in the IP address field, and the network prefix number in the prefix length field. For example, when specifying an network address of 192.168.0.0/16, enter 192.168.0.0 in the IP address field, and 16 in the prefix length field. If is entered in the IP address field, all packets are filtered. Note When specifying an IP address range, even if this products IP address is included in the range, this product will not be filtered. When you want to filter this product, it is necessary to enter or the code for this product (local) in the IP address data field. Source Port Set the packet source port to be filtered. When using only 1 port, enter the port number. When entering a range, enter - in between the numbers. For example, when you want to use port numbers 2000 to 3000, enter 2000-3000. The number on the left should be lower than the number on the right. If is entered, all packets are filtered. Destination IP Address/Prefix LengthSet the packet destination IP address to be filtered. Entry is the same as for the source IP address. When you want to specify this product, enter local. Destination PortSet the packet destination port number to be filtered. Entry is the same as for the Source Port. ProtocolSelect a protocol to be used when sending/receiving data. It is possible to select from TCP, UDP, TCP & UDP, ICMP, ESP, GRE and . selects all the protocols. Log OutputSet whether to display the temporarily saved packet information on the [Filtering Log].
Operating Instructions 68 Modifying or Deleting Filtering Headings 1.Click Packet Filtering on the security setup page. 2.Click Modify/Delete under the operation heading of the filter you want to modify or delete from the filtering parameters list . 3.Click [Modify] to modify, or [Delete] to delete the selected heading. 4.When setup is complete, click [Save]. The entered information is saved. 5.When [Restart] is displayed on the setup page, click it. Changing the Priority of Filtering Headings Packet filtering is processed starting from the smallest entry no. To change the priority of filtering headings, on Change of Priority on the filtering setup page, enter the heading entry no. you want to move in the left data field, the destination entry no. in the right data field, and click [Move]. Then, click [Save] and when [Restart] is displayed on the setup page, click it.
69 [For assistance, please call: 1-800-272-7033]Operating Instructions Functions 3.2.3 Improving IPv6 Security This function allows you to limit IPv6 connection access to this product and set up filtering easily. In Factory Default Settings, a filtering log is saved when security setup is performed. The saved log is displayed as a three-character abbreviation. (see below) Data Entry Field IPv6 Easy Security SettingsIt is possible to easily set up firewalls, which appear frequently, and are very important in terms of security. The default settings are oriented to the highest possible level. Only change them if essential. Access by Direct Hosting of SMB is rejected in both directions.Display when saving log: SHR Rejects access in both directions by Direct Hosting of SMB. In factory default settings Access by Direct Hosting of SMB is rejected in both directions and Log Output are both checked. Access by port used by RPC is rejected in both directions.Display when saving log: SHR Rejects access in both directions by the port used by RPC. In factory default settings Access by port used by RPC is rejected in both directions and Log Output are both checked.
Operating Instructions 70 Notes If the log output heading is unchecked, a log will not be recorded. In order to improve security, it is necessary to manage your current software and update firmware as appropriate. Communication using global addresses other than the allocated global address is forbidden.Display when saving log: GOR Prohibits communication using global addresses other than the allocated global address. The allocated global address contains an IPv6 side WAN address, and IPv6 addresses which have a LAN side prefix/prefix length. In factory default settings Communication using global addresses other than the allocated global address is forbidden and Log Output are both checked. IPv6 Stealth Mode Stealth Mode can hide this product from WAN (Internet) side IPv6 network. Display when saving log: STL It is possible to set this product to not respond to IPv6 Pings etc. from the WAN (Internet) side. Therefore it can escape the attackers existence verification produced by IPv6 Pings etc. It will also not respond to UDP/TCP port scans. In factory default settings Stealth Mode can hide this product from WAN (Internet) side IPv6 network and Log Output are both checked. Regard Ident packet as an exceptionDisplay when saving log: STL (Ident) When clients try to send/receive E-mail, There is E-mail server that authenticates E-mails to/from clients. This authentication uses recognition protocol, which uses TCP port number 113. The authentication level is relatively low so there are not many cases where clients are unable to send /receive E-mails. In factory default settings Regard Ident packet as an exception and Log Output are both checked. IPv6 Intrusion DetectionWhen using the intrusion detection function, check the box next to each heading. IPv6 Stateful packet inspection (Dynamic packet filtering) is enabled.Display when saving log: SPI If a packet being received from the WAN side is inspected, and judged to be a corrupt packet, it is destroyed. By comparing the packet to static filtering (packet filtering through header information), Internet data can be sent more safely. In factory default settings IPv6 Stateful packet inspection (Dynamic packet filtering) is enabled and Log Output are both checked. IPv6 Attack Detection is enabled.Display when saving log: DoS Harmful data from the WAN side is detected, and the packet is destroyed. A detection record is noted in the log. The following types of attacks can be detected: TCP Scan UDP Scan ICMP Echo