SMC Networks Router SMCWBR14S-N2 User Manual
Have a look at the manual SMC Networks Router SMCWBR14S-N2 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 10 SMC Networks manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
FIREWALL 4-49 Firewall The Barricade Router’s firewall inspects packets at the application layer, maintains TCP and UDP session information including time-outs and the number of active sessions, and provides the ability to detect and prevent certain types of network attacks. Network attacks that deny access to a network device are called Denial-of-Service (DoS) attacks. DoS attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The Barricade protects against the following DoS attacks: IP Spoofing, Land Attack, Ping of Death, IP with zero length, Smurf Attack, UDP port loopback, Snork Attack, TCP null scan, and TCP SYN flooding. (For details see“Intrusion Detection,” page 4-56.) The firewall does not significantly affect system performance, so we advise enabling the function to protect your network. Select Enable and click the SAVE SETTINGS button.
CONFIGURING THE BAR RICADE 4-50 Access Control Access Control allows users to define the outgoing traffic permitted or not-permitted through the WAN interface. The default is to permit all outgoing traffic. The following items are on the Access Control screen: Parameter Description Enable Filtering FunctionEnable or Disable Access control function. Normal Filtering Table Displays descriptive list of Filtering rules defined.
FIREWALL 4-51 To create a new access control rule: 1. Click Add PC on the Access Control screen. The Access Control Add PC screen will appear. 2. Define the appropriate settings for client PC services. 3. Click OK and then click SAVE SETTINGS to save your settings.
CONFIGURING THE BAR RICADE 4-52 MAC Filter The MAC Filter allows you to define what client PC’s can access the Internet. When enabled only the MAC addresses defined in the MAC Filtering table will have access to the Internet. All other client devices will be denied access. You can enter up to 32 MAC addresses in this table. 1. MAC Address Control: select enable or disable. 2. MAC Filtering Table: enter the MAC address in the space provided.
FIREWALL 4-53 URL Blocking The Barricade allows the user to block access to web sites by entering either a full URL address or just a keyword. This feature can be used to protect children from accessing violent or pornographic web sites. You can define up to 30 sites here.
CONFIGURING THE BAR RICADE 4-54 Schedule Rule You may filter Internet access for local clients based on rules. Each access control rule may be activated at a scheduled time. Define the schedule on the Schedule Rule screen, and apply the rule on the Access Control screen.
FIREWALL 4-55 Follow these steps to add a schedule rule: 1. Click Add Schedule Rule on the Schedule Rule screen. The Edit Schedule Rule screen will appear. 2. Define the appropriate settings for a schedule rule. 3. Click OK and then click SAVE SETTINGS to save your settings.
CONFIGURING THE BAR RICADE 4-56 Intrusion Detection • Intrusion Detection Feature Stateful Packet Inspection (SPI) and Anti-DoS firewall protection (Default: Enabled) — The Intrusion Detection Feature of the Barricade Router limits access for incoming traffic at the WAN port. When the SPI feature is turned on, all incoming packets will be blocked except for those types marked in the Stateful Packet Inspection section. RIP Defect (Default: Enabled) — If an RIP request packet is not acknowledged to by the router, it will stay in the input queue and not be released. Accumulated packets could cause the input queue to fill, causing severe problems for all protocols. Enabling this feature prevents the packets from accumulating. Discard Ping to WAN (Default: Disabled) — Prevent a ping on the Barricade’s WAN port from being routed to the network. Scroll down to view more information.
FIREWALL 4-57 •Stateful Packet Inspection This is called a “stateful” packet inspection because it examines the contents of the packet to determine the state of the communications; i.e., it ensures that the stated destination computer has previously requested the current communication. This is a way of ensuring that all communications are initiated by the recipient computer and are taking place only with
CONFIGURING THE BAR RICADE 4-58 sources that are known and trusted from previous interactions. In addition to being more rigorous in their inspection of packets, stateful inspection firewalls also close off ports until connection to the specific port is requested. When particular types of traffic are checked, only the particular type of traffic initiated from the internal LAN will be allowed. For example, if the user only checks “FTP Service” in the Stateful Packet Inspection section, all incoming traffic will be blocked except for FTP connections initiated from the local LAN. Stateful Packet Inspection allows you to select different application types that are using dynamic port numbers. If you wish to use the Stateful Packet Inspection (SPI) to block packets, click on the Yes radio button in the “Enable SPI and Anti-DoS firewall protection” field and then check the inspection type that you need, such as Packet Fragmentation, TCP Connection, UDP Session, FTP Service, H.323 Service, or TFTP Service. •When hackers attempt to enter your network, we can alert you by e-mail Enter your email address. Specify your SMTP and POP3 servers, user name, and password.