Accton Technology 7004ACC User Manual
Advanced Setup
The MAC Filtering feature of the Wireless Barricade allows you to
control access to your network to up to 32 clients based on the
MAC (Media Access Control) Address of the client machine. This
ID is unique to each network adapter. If the MAC address is
listed in the table, that client machine will have access to the
network.
URL Blocking
To configure the URL Blocking feature, use the table below to
specify the websites (www.somesite.com) and/or keywords you
want to filter on your network.
To complete this configuration, you will need to create or modify
an access rule in “Access Control” on page 51. To modify an
existing rule, click the Edit option next to the rule you want to
modify. To create a new rule, click on the Add PC option.
From the Access Control Add PC section check the option for
WWW with URL Blocking in the Client PC Service table to filter
out the websites and keywords specified below.
53
Configuring the Wireless Barricade
Use the above screen to block access to Web sites or to Web
URLs containing the keyword specified in the table.
Schedule Rule
The Schedule Rule feature allows you to configure specific rules
based on Time and Date. These rules can then be used to
configure more specific Access Control.
Enables Schedule-based Internet access control.
1. Click Add Schedule Rule.
2. Define the settings for the schedule rule (as shown on the
following screen).
54
Advanced Setup
3. Click OK and then click the APPLY button to save your
settings.
Intrusion Detection
55
Configuring the Wireless Barricade
• SPI and Anti-DoS firewall protection (Default: Enabled)
–The Wireless Barricade Intrusion Detection Feature limits
access for incoming traffic at the WAN port. When the SPI
feature is turned on, all incoming packets will be blocked
except for those types marked with a check in the Stateful
Packet Inspection section.
• RIP Defect (Default: Enabled) – If an RIP request packet is
not replied to by the router, it will stay in the input queue and
not be released. Accumulated packets could cause the input
queue to fill, causing severe problems for all protocols.
Enabling this feature prevents the packets accumulating.
• Discard Ping from WAN (Default: Disabled)
– Prevents a PING on the Gateway’s WAN port from being
routed to the network.
56
Advanced Setup
• Stateful Packet Inspection – This is called a “stateful” packet
inspection because it examines the contents of the packet to
determine the state of the communications; i.e., it ensures that
the stated destination computer has previously requested the
current communication. This is a way of ensuring that all
communications are initiated by the recipient computer and
are taking place only with sources that are known and trusted
from previous interactions. In addition to being more rigorous
in their inspection of packets, stateful inspection firewalls also
close off ports until connection to the specific port is
requested.
When particular types of traffic are checked, only the
particular type of traffic initiated from the internal LAN will be
allowed. For example, if the user only checks FTP Service in
the Stateful Packet Inspection section, all incoming traffic will
be blocked except for FTP connections initiated from the local
LAN.
Stateful Packet Inspection allows you to select different
application types that are using dynamic port numbers. If you
wish to use the Stateful Packet Inspection (SPI) to block
packets, click on the Yes radio button in the “Enable SPI and
Anti-DoS firewall protection” field and then check the
inspection type that you need, such as Packet Fragmentation,
TCP Connection, UDP Session, FTP Service, H.323 Service,
and TFTP Service.
• When hackers attempt to enter your network, we can alert
you by e-mail – Enter your E-mail address. Specify your
SMTP and POP3 servers, user name, and password.
57
Configuring the Wireless Barricade
• Connection Policy – Enter the appropriate values for TCP/
UDP sessions as described in the following table.
Parameter Defaults Description
Fragmentation
half-open wait
TCP SYN wait 30 sec Defines how long the software will
TCP FIN wait 5 sec Specifies how long a TCP session
TCP connection
idle timeout
UDP session idle
timeout
H.323 data
channel idle
timeout
10 sec Configures the number of seconds
that a packet state structure
remains active. When the timeout
value expires, the router drops the
unassembled packet, freeing that
structure for use by another packet.
wait for a TCP session to
synchronize before dropping the
session.
will be maintained after the firewall
detects a FIN packet.
3600
seconds
(1 hour)
30 sec The length of time a UDP session
180 sec The length of time an H.323
The length of time a TCP session
will be maintained if there is no
activity.
will maintained if there is no activity.
session will be maintained if there
is no activity.
58
Advanced Setup
DoS Criteria and Port Scan Criteria
Set up DoS and port scan criteria in the spaces provided (as
shown below).
Parameter Defaults Description
Total incomplete TCP/
UDP sessions HIGH
Total incomplete TCP/
UDP sessions LOW
Incomplete TCP/UDP
sessions (per min.) HIGH
Incomplete TCP/UDP
sessions (per min.) LOW
Maximum incomplete
TCP/UDP sessions
number from same host
Incomplete TCP/UDP
sessions detect sensitive
time period
Maximum half-open
fragmentation packet
number from same host
Half-open fragmentation
detect sensitive time
period
300 sessions Defines the rate of newly
unestablished sessions that
will cause the software to
start deleting half-open
sessions.
250 sessions Defines the rate of newly
unestablished sessions that
will cause the software to
stop deleting half-open
sessions.
250 sessions Maximum number of
allowed incomplete TCP/
UDP sessions per minute.
200 sessions Minimum number of
allowed incomplete TCP/
UDP sessions per minute.
Set this to “0” if no minimum
setting is required.
10 sessions Maximum number of
incomplete TCP/UDP
sessions from the same
host.
300 msec Length of time before an
incomplete TCP/UDP
session is detected as
incomplete.
30 Maximum number of
half-open fragmentation
packets from the same
host.
1sec Length of time before a
half-open fragmentation
session is detected as
half-open.
59
Configuring the Wireless Barricade
Parameter Defaults Description
Flooding cracker block
time
DMZ
300 sec Length of time from
detecting a flood attack to
blocking of the attack.
If you have a client PC that cannot run an Internet application
properly from behind the firewall, then you can open the client up
to unrestricted two-way Internet access. Enter the IP address of
a DMZ host to this screen. Adding a client to the DMZ
(Demilitarized Zone) may expose your local network to a variety
of security risks, so only use this option as a last resort.
60
Advanced Setup
DDNS (Dynamic DNS) Settings
Dynamic DNS provides users on the Internet with a method to tie
their domain name(s) to computers or servers. DDNS allows your
domain name to follow your IP address automatically by having
your DNS records changed when your IP address changes.
Domain Name – A series of alphanumeric strings separated by
periods, that is the address of a the Wireless Barricade network
connection and that identifies the owner of the address.
The section also has a “Server Configuration” section that
automatically opens the port options checked in the Virtual
Server section. Simply enter in the IP Address of your server,
such as a web server, and then click on the port option HTTP
Port 80 so users can access your server from the WAN
connection (Internet).
61
Configuring the Wireless Barricade
This DNS feature is powered by TZO.com. With a DDNS
connection you can host your own web site, email server, FTP
site, and more at your own location even if you have a dynamic
IP address. (Default: Disable)
UPnP (Universal Plug and Play) Setting
Enable UPnP by checking ON in the screen above. UPnP allows
the device to automatically:
• dynamically join a network
• obtain an IP address
• convey its capabilities and learn about the presence and
capabilities of other devices.(Default: OFF)
62
Advanced Setup
Tools
Use the Tools menu to backup the current configuration, restore
a previously saved configuration, restore factory settings, update
firmware, and reset the Wireless Barricade.
Tools - Configuration Tools
• Backup – saves the Wireless Barricade’s configuration to
a file.
• Restore – restores settings from a saved backup
configuration file.
• Restore to factory defaults – restores the Wireless
Barricade settings back to the factory default original.
63
Configuring the Wireless Barricade
Tools - Firmware Upgrade
Use this screen to update the firmware or user interface to the
latest versions. Download the upgrade file from the SMC Web
site (www.smc.com) and save it to your hard drive.Click Browse
to look for the previously downloaded file. Click APPLY. Check
the Status page Information section to confirm that the upgrade
process was successful.
64
Advanced Setup
Tools - Reset
Click APPLY to reset the Wireless Barricade. The reset will be
complete when the power LED stops blinking.
Note: If you use the Reset button on the front panel, the
Wireless Barricade performs a power reset. If the
button is held depressed for over five seconds, all the
LEDs will illuminate and the factory settings will be
restored.
Status
The Status screen displays WAN/LAN connection status,
firmware, and hardware version numbers, illegal attempts to
access your network, as well as information on DHCP clients
connected to your network.
65
Configuring the Wireless Barricade
The following items are included on this screen:
Section Description
INTERNET Displays WAN connection type and status.
GATEWAY Displays system IP settings, as well as DHCP
and Firewall status.
INFORMATION Displays the number of attached clients, the
Security Log Displays illegal attempts to access your
Save Click on this button to save the security log file.
Clear Click on this button to delete the access log.
Refresh Click on this button to refresh the screen.
DHCP Client Log Displays information on all DHCP clients on
firmware versions, the physical MAC address
for each media interface, as well as the
hardware version and serial number.
network.
your network.
66
Loading...