Accton Technology 3CRWE554G72 Users Manual

Internet Settings 61

■ Use this PC’s MAC address - This field is automatically filled in with the

MAC address of the PC you are using to configure the Gateway. You
should use this address only if you were previously using this
computer to connect directly to your modem.

■ Enter a new MAC address manually - Use this option if you want to

specify a new MAC address. Enter the new MAC address.

5 Check all settings and click Apply.

PPP over Ethernet

Figure 43 PPPoE Setup Screen

To setup the Gateway for use with a PPP over Ethernet connection, use
the following procedure:

1 Select PPP over Ethernet in the IP Allocation Mode field. (Figure 43

)

2 Enter your Primary DNS Address and Secondary DNS address.

Your ISP may provide you with primary and secondary DNS addresses. If
they have been provided, enter the addresses in the appropriate text
boxes. If not, leave 0.0.0.0 in the boxes.

3 Enter the Host Name (optional).

Some ISPs require a host name. If your ISP has this requirement, enter the
host name in the Host Name text box.

4 Enter your PPP over Ethernet user name in the PPPoE User Name text box.
5 Enter a password in the PPPoE Password text box.

62 CHAPTER 5: GATEWAY CONFIGURATION

6 Enter your PPP over Ethernet service name in the PPPoE Service Name text

box. Not all ISPs require a PPPoE service name. Only enter a service name
if your ISP requires this.

7 Select an idle time from the Maximum Idle Time drop-down list.

This value will correspond to the amount of idle time (no Internet activity)
that will pass before the Gateway automatically ends your PPP over
Ethernet session.

Since the Gateway contains its own PPPoE client, you no longer need to
run PPPoE client software on your computer to access the Internet.

PPTP

Figure 44 PPTP Setup Screen

To setup the Gateway for use with a PPTP connection, use the following
procedure:

1 Select PPTP (used by some European providers) in the IP Allocation Mode

field. (Figure 44

)

2 Enter your PPTP server address in the PPTP Server Address text box (this is

typically the address of your modem).

3 Enter your PPTP user name in the PPTP User Name text box.
4 Enter your password in the PPTP Password text box.

Firewall 63

5 Enter your Primary DNS Address and Secondary DNS address.

Your ISP may provide you with primary and secondary DNS addresses. If
they have been provided, enter the addresses in the appropriate text
boxes. If not, leave 0.0.0.0 in the boxes.

6 Select an idle time from the Maximum Idle Time drop-down list.

This value will correspond to the amount of idle time (no Internet activity)
that will pass before the Gateway automatically ends your PPTP session.

7 IP settings must be used when establishing a PPTP connection. Fill in the

Initial IP Address and the Initial Subnet Mask fields if your ISP has
provided you with these settings. Alternatively, if the PPTP server is
located in your DSL modem, click Suggest to select an IP address on the
same subnet as the PPTP server.

Firewall On the main frame of the Firewall setup screen is a menu with five tabs:

Virtual Servers, Special Applications, PCs Privileges, URL Filter, and
Security.

Virtual Servers Selecting the Firewall option on the main menu displays the Virtual

Servers setup screen. (Figure 45

)

Virtual DMZ

Figure 45 Virtual Servers Screen

64 CHAPTER 5: GATEWAY CONFIGURATION

DMZ (De-Militarized Zone) Host is a computer without the protection of
the firewall. This feature allows a single computer to be exposed to
unrestricted 2-way communication from outside of your network. This
feature should be used only if the Virtual Server or Special Applications
options do not provide the level of access needed for certain applications.

To configure one of your computers as a DMZ host, enter the last digit(s)
of the IP address of the computer in the IP Address of DMZ Host text box,
and then click Apply.

Virtual Server

Activating and configuring a virtual server allows one or more of the
computers on your network to function as a public server. For example,
one of your computers could be configured as an FTP server, allowing
others outside of your office network to download files of your choosing.
Or, if you have created a Web site, you can configure one of your
computers as a Web server, so that others can view your Web site.

To configure a virtual server:

1 Click New on the right side of the screen to open the Virtual Server

Settings dialogue box. (Figure 46

)

2 Enter the last digit(s) of the IP address of the computer in the Server IP

Address text box.

3 Select the Service from the pull-down list. (Figure 46

Figure 46 Virtual Servers Settings Screen

)

Firewall 65

Or select Custom to specify a suitable name for the service and then enter
the port numbers required for that service. (Figure 47

Figure 47 Custom Setup Screen

)

4 Click Add to save the settings.

The port numbers are specified using a comma-separated list, with
hyphens to denote port number ranges. So for example, entering 2, 3,
5-7 would cause ports 2, 3, 5, 6, and 7 to be activated.

Special Applications

Figure 48 Special Applications Screen

Select Special Applications tab to display Authorized Application setup
screen. (Figure 48

)

Some software applications require special or multiple connections to the
Internet and these would normally be blocked by the firewall. For
example Internet Telephony or Video conferences require multiple
connections.

So that these special applications can work properly and are not blocked,
the firewall needs to be told about them. In each instance there will be a

66 CHAPTER 5: GATEWAY CONFIGURATION

trigger port and incoming port(s), where traffic on the trigger port tells
the firewall to open the incoming ports.

Each defined Special Application only supports a single computer user,
and up to 10 Special Applications can be defined. Any incoming ports
opened by a Special Application trigger will be closed after five minutes
of inactivity.

To configure special applications:

1 Click New.
2 Select the applications from the pull-down list. (Figure 49

Figure 49 Special Application Settings Screen

)

Or select Other to specify a suitable name for the special application and
then enter a value in the Trigger Port and Incoming Ports text boxes
(Figure 49

). These values correspond to the outbound port numbers

issued by the application.
The port numbers are specified using a comma-separated list, with

hyphens to denote port number ranges. So for example, entering 2, 3,

5-7 would cause ports 2, 3, 5, 6, and 7 to be activated.
The Gateway will automatically allow FTP and NetMeeting sessions. You

do not need to configure these as Special Applications.

Firewall 67

PC Privileges

Figure 50

Other Applications Setup Screen

3 Click Add to save your settings.

Only one computer on your network can use the special application at
any one time.

Figure 51 PC Privileges Screen

Select PC Privileges to display the PC Privilege setup screen (Figure 51).

Access from the local network to the Internet can be controlled on a
computer-by-computer basis. In the default configuration the Gateway
will allow all connected computers unlimited access to the Internet.

PC Privileges allows you to assign different access rights for different
computers on your network.

68 CHAPTER 5: GATEWAY CONFIGURATION

To use access control for all computers:

1 Click PCs access authorized services only.
2 Select All PCs to setup the access rights for all computers connected to

the Gateway.

3 Select authorized services by clicking in the appropriate check box(es)

(Figure 52

Figure 52 All PCs Setup Screen

).

In addition to the four authorized services listed, you can choose to allow
or block access to other services. You can either:

■ Allow all other services with exceptions, or

■ Block all other services with exceptions

4 To do this, select Allow or Block from the drop down menu and enter the

exceptions into the text box.

The port numbers are specified using a comma-separated list, with
hyphens to denote port number ranges. So for example, entering 2, 3,

5-7 would cause ports 2, 3, 5, 6, and 7 to be activated.

For example, to block access to all services except Web (80) and a service
that uses ports 2,3,5,6 and 7:

1. Tick the Web(80) check box.

2. Select ‘Block’ all other services.

3. Enter ‘2, 3, 5-7’ in the ‘except (specify ports) box. See Figure 53

.

Firewall 69

Figure 53 PC Privileges Setup Screen Example

5 Click Modify to save the settings or Close to discard them.

To assign different access rights for different computers:

1 If not already selected, click PCs access authorized services only.
2 Click New to display the PC Privileges setting screen.
3 Enter the last digit(s) of the IP address of the computer in the PC’s IP

Address text box.

4 Select authorized services by clicking in the appropriate check box(es).

In addition to the four authorized services listed, you can choose to allow
or block access to other services. You can either:

■ Allow all other services with exceptions, or

■ Block all other services with exceptions

See step 4 of the previous section for more details.

5 Click Add to save the settings.

URL Filter Select URL Filter to control your clients’ access to Web sites. The

Gateway’s URL Filter has three settings:

■ Disabled — Users can browse all Web sites. None will be filtered.

■ Deny List — Users can browse all Web sites apart from those sites

listed in the deny list and those whose URLs contain keywords listed in
the deny list. See “

■ Allow List — Users are unable to browse any Web sites except of

Deny List” on page 70.

those listed in the allow list and those whose URLs contain keywords
listed in the allow list. See “

Allow List” on page 71.

70 CHAPTER 5: GATEWAY CONFIGURATION

Deny List

To allow users access to all Web sites except for those you choose to
block, choose Deny List in the URL Filter Type drop-down box (Figure 54

Figure 54 URL Filter Screen showing Deny List

).

To filter a specific site, enter the URL for that site. For example, to stop
your users from browsing a site called www.badsite.com, enter
www.badsite.com or badsite.com in one of the fields.

If badsite.com has multiple sub-domains, such as this.badsite.com and
that.badsite.com then you can either:

■ Block them individually by entering this.badsite.com in one field

and that.badsite.com in another.
or

■ Block them by entering the keyword badsite.com into one of the

fields. This will block all URLs containing the string badsite.com. As
well as blocking this.badsite.com and that.badsite.com,
the keyword badsite.com would block searches that mentioned
badsite.com in their domain name, for example
www.notabadsite.com.

To filter a generic keyword enter it into one of the fields. You should
exercise caution when choosing a keyword as many keywords are

Firewall 71

contained within other words. For example, filtering the word sex would
filter the following example URLs:

■ www.sussex.com

■ www.thisexample.com

You can filter up to 30 keywords and URLs.

Computers that should not be subject to URL filtering can be excluded by
ticking the Bypass URL Filter checkbox in the PC Privileges setup screen.

PC Privileges” on page 67.

See “

Allow List

To stop users from accessing any Web sites that you have not specifically
allowed, choose Allow List in the URL Filter Type drop-down box
(Figure 55

Figure 55 URL Filter Screen showing Allow List

).

To allow a specific site, enter the URL for that site. For example, to let
your users browse a site called www.goodsite.com, enter
www.goodsite.com or goodsite.com in one of the fields.

If goodsite.com has multiple sub-domains, such as
this.goodsite.com and that.goodsite.com then you can
either:

72 CHAPTER 5: GATEWAY CONFIGURATION

■ Allow them individually by entering this.goodsite.com in one

field and that.goodsite.com in another.
or

■ Allow them by entering the keyword goodsite.com into one of the

fields. This will allow all URLs containing the string goodsite.com.
As well as allowing this.goodsite.com and
that.goodsite.com, the keyword goodsite.com would allow
sites that had the string goodsite.com in their URL, for example
xxxgoodsite.com.

To filter a generic keyword enter it into one of the fields. You should
exercise caution when choosing a keyword as sites that you may wish to
block may be allowed if you choose too general a keyword.

The Gateway filters all traffic from domains that have been blocked using
the URL filter. If need to access an external mail server, FTP server or other
named device outside your network, you must list it in one of the allow
fields.

You can filter up to 30 keywords and URLs.

Computers that should not be subject to URL filtering can be excluded by
ticking the Bypass URL Filter checkbox in the PC Privileges setup screen.

PC Privileges” on page 67.

See “

Security Select Security to display the Security screen (Figure 56).

Figure 56 Security Screen

Firewall 73

The Internet connects millions of computer users throughout the world.
The vast majority of the computer users on the Internet are friendly and
have no intention of breaking into, stealing from, or damaging your
network. However, there are hackers who may try to break into your
network.

Enable universal plug and play Universal plug and play allows
compatible software to read and change some the Gateway’s firewall
settings. This reduces the configuration required but lessens your control
of the Gateway’s firewall.

3Com recommends that you leave this feature disabled for maximum
security.

Allow PING from the Internet PING is a utility, which is used to
determine whether a device is active at the specified IP address. PING is
normally used to test the physical connection between two devices, to
ensure that everything is working correctly.

By default the Gateway has PING disabled in order to make the device
more difficult to find on the Internet and less prone to attack.

74 CHAPTER 5: GATEWAY CONFIGURATION

This feature is enabled by clicking on the check box so that a tick can be
seen and then select Apply.

3Com recommends that you leave this disabled.

Enabling Remote Administration

It is possible to administer the Gateway remotely. This can be set to one
of four different levels using the following options:

1 Disable Remote Administration - This option is set as default.
2 Enable administration from a single Internet Host - Only the specified IP

address can manage the Gateway. Any other users will be rejected.

3 Enable administration from a whole subnet - This option allows a

number of users within a subnet to administer the Gateway.

4 Enable administration from any Internet Host - This options allows any

host to access the administration pages.

To remotely administer your Gateway, enter
http://xxx.xxx.xxx.xxx:8000 in the location bar of the browser
running on the remote computer, where xxx.xxx.xxx.xxx is the Internet IP
address of the Gateway. You may then login using the administration
password.

Your Internet IP address can be found at the bottom of the screen. See

Figure 56

.

System Tools 75

System Tools The main frame of the System Tools screen includes four administration

items: Restart, Time Zone, Configuration, and Upgrade (Figure 57

).

Restart

Figure 57 Restart Screen

If your Gateway is not operating correctly, you can choose to restart the
Gateway by selecting Restart the Gateway, simulating the effect of
power cycling the unit. No configuration information will be lost but the
log files will be erased. This function may be of use if you are
experiencing problems and you wish to re-establish your Internet
connection. Any network users who are currently accessing the Internet
will have their access interrupted whilst the restart takes place, and they
may need to reboot their computers when the restart has completed and
the Gateway is operational again.

76 CHAPTER 5: GATEWAY CONFIGURATION

Time Zone Figure 58 Time Zone Screen

Choose the time zone that is closest to your actual location. The time
zone setting is used by the system clock when displaying the correct time
in the log files.

If you use Daylight saving tick the Enable Daylight savings box, and then
click Apply (Figure 58

).

The Gateway reads the correct time from NTP servers on the Internet and
sets its system clock accordingly. The Daylight Savings option merely
advances the system clock by one hour. It does not cause the system
clock to be updated for daylight savings time automatically.

Configuration Figure 59 Configuration Screen

Select the Configuration tab to display the Configuration screen
(Figure 59

).

System Tools 77

Backup Configuration

Click BACKUP to save the current Gateway configuration. You will be
prompted to download and save a file to disk.

Restore Configuration Data

If you want to reinstate the configuration settings previously saved to a
file, press Browse to locate the backup file on your computer, and then
click RESTORE to copy the data into the Gateway's memory.

The password will remain unchanged.

Reset to Factory Default

If you want to reset the settings on your Gateway to those that were
loaded at the factory, click RESET. You will lose all your configuration
changes. The Gateway LAN IP address will revert to 192.168.1.1, and the
DHCP server on the LAN will be enabled. You may need to reconfigure
and restart your computer to re-establish communication with the
Gateway.

78 CHAPTER 5: GATEWAY CONFIGURATION

Upgrade Figure 60 Upgrade Screen

The Upgrade facility allows you to install on the Gateway any new
releases of system software that 3Com may make available. To install
new software, you first need to download the software from the 3Com
support web site to a folder on your computer. Once you have done this,
select Browse to tell your web browser where this file is on your
computer, and then click Apply. The file will be copied to the Gateway,
and once this has completed, the Gateway will restart. Although the
upgrade process has been designed to preserve your configuration
settings, it is recommended that you make a backup of the configuration
beforehand, in case the upgrade process fails for any reason (for
example, the connection between the computer and the Gateway is lost
while the new software is being copied to the Gateway).

The upgrade procedure can take up to two minutes, and is complete
when the Alert LED has stopped flashing and is permanently off. Make
sure that you do not interrupt power to the Gateway during the upgrade
procedure; if you do, the software may be corrupted and the Gateway
may not start up properly afterwards. If the Alert LED comes on
continuously after a failed upgrade, refer to Chapter 6

Troubleshooting”.

“

,

Status and Logs Selecting Status and Logs from the main menu displays the Status, Usage,

and Logs screens in your Web browser window.

Status and Logs 79

Status The Status screen displays a tabular representation of your network and

Internet connection. (Figure 61

Figure 61 Status Screen

)

Usage Usage displays an approximate count of the traffic since the Gateway was

last reset. (Figure 62

)

The counts are approximate and should be used as a guide only. Contact
your ISP for accurate logging information.

80 CHAPTER 5: GATEWAY CONFIGURATION

Figure 62 Usage Screen

Logs Logs will allow you to view both the normal events, and security threats

logged by the Gateway.

Figure 63 Logs Screen

You may be asked to refer to the information on the Status and Logs
screens if you contact your supplier for technical support.

Support/Feedback Selecting Support/Feedback from the main menu displays the Support

and Feedback screens.