3COM 3CR858-91 User Manual
Size:
4.17 Mb
Download

50 CHAPTER5: ROUTERCONFIGURATION

Hostname & MAC To configure the Hostname and MAC Address information for your Router, do the following:

1Select Internet Settings, then from thesub-menuselectHostname & MAC. The Hostname and MAC Address screen displays (seeFigure 31).

Figure 31 Internet Settings - Hostname and MAC Address Screen

1Some ISPs require a host name. If your ISP has this requirement, enter the host name in the Host Name text box.

2Either:

If your ISP requires an assigned MAC address, enter the values for a

WAN MAC address. Or,

If the computer you are now using is the one that was previously connected directly to the cable modem, select Clone. Or,

To reset the MAC Address to the default, select Reset MAC.

3Click Apply to save the settings.

Firewall

Use the Firewall menu option to enable and disable the firewall, and to

 

configure the following firewall functions

 

SPI (Stateful Packet Inspection) — SPI inspects packets at the

application layer, maintains TCP and UDP session information, and detects and prevents certain types of network attacks such as DoS attacks. See “SPI” onpage 51.

Firewall 51

Special Applications — Special Applications allows you to specify ports to be open for specific applications to work properly with the Network Address Translation (NAT) feature of the Router. See “Special Applications” onpage 54.

Virtual Servers — This function enables you to route external (Internet) calls for services such as a web server, FTP server, or other applications through your Router to your internal network. See “Virtual Servers” onpage 56.

Client IP Filters — You can configure the Router to restrict access to the Internet, e-mailor other network services at specific days and times. Restriction can be set for a single computer, a range of computers, or multiple computers. See“Client IP Filters” onpage 57.

MAC Address Filtering — This is a powerful security feature that allows you to specify which computers are allowed on the network. See “MAC Address Filtering” onpage 62.

DMZ (De-MilitarizedZone) — If you have a client PC that cannot run an Internet application properly from behind the firewall, you can use DMZ to open the client up to unrestrictedtwo-wayInternet access.

See “DMZ” on page 63.

CAUTION: DMZ reduces network security, and 3Com recommends you only use it on a temporary basis.

SPI Stateful Packet Inspection (SPI) inspects, and if required blocks packets at the application layer. SPI also maintains TCP and UDP session information, including timeouts and the number of active sessions, and provides the ability to detect and prevent certain types of network attacks such as DoS attacks.

Denial of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. The goal is not to steal information, but to disable a device or network so users no longer have access to network resources.

52 CHAPTER5: ROUTERCONFIGURATION

To configure SPI information on your Router:

1Select Firewall from the main menu, then selectSPI from thesub-menuto display the SPI screen (Figure 32 andFigure 33):

Figure 32 SPI Screen - upper section

Figure 33 SPI Screen - lower section

Intrusion Detection Feature

The Intrusion Detection feature limits access for incoming traffic at the

WAN ports.

2Check the SPI andAnti-DoSfirewall protectioncheck box to enable SPI. When this feature is enabled, all incoming packets will be blocked except for those types that you allow in the Stateful Packet Inspection section.

Firewall 53

3If required, check the RIP defect check box. This feature stops unacknowledged packets from accumulating in the input queue.

Stateful Packet Inspection

4The Stateful Packet Inspection section displays a list of traffic types. If you leave the check box for a traffic type blank, this traffic type is blocked. If you check the check box, the Router allows this type of incoming traffic, but only if the connection was initiated from the local LAN.

For example, if you check only the FTP Service check box, all incoming traffic is blocked except for FTP connections initiated from the local LAN.

Alert by E-mail

5In the Your E-mail Address text box, enter thee-mailaddress you want alerts to be sent in the event of a hacker attack.

6Enter your SMTP Server Address.

7Enter your SMTP Server User Name.

8Enter your SMTP Server Password.

Connection Policy

9In the Fragmentation half-open wait text box, enter the length of time, in seconds, that you want an unassembled packet to remain active before the Router drops it. The default is 10 seconds.

10In the TCP SYN wait text box, enter the length of time, in seconds, that you want the Router to wait for a TCP session to synchronize before it drops the session. The default is 30 seconds.

11In the TCP FIN wait text box, enter the length of time, in seconds, that you want a TCP session to remain active after the Router detects a FIN packet. The default is 5 seconds.

12In the TCP connection idle timeout text box, enter the length of time, in seconds, that you want a TCP session to remain active if there is no activity. The default is 3600 seconds (1 hour).

13In the UDP session idle timeout text box, enter the length of time, in seconds, that you want a UDP session to remain active if there is no activity. The default is 30 seconds.

14In the H.323 data channel idle timeout text box, enter the length of time, in seconds, that you want an H.323 session to remain active if there is no activity. The default is 180 seconds.