Option Audio GlobeSurfer III Technical Reference Manual

Download

GlobeSurfer

III

Technical Reference Manual

GlobeSurfer® III

Technical Reference M an ua l

All information about Option GlobeSurfer® III may change without prior notice. Information published in this reference manual is accurate at the time of publication. Although all security precautions were taken during the creation of this reference manual, Option is not liable toward persons or organizations for losses or damages caused either directly or indirectly due to instructions contained in this reference manual. All brands and registered brands are property of their respective owners. Services may be changed, added, or deleted. For the newest firmware version of your GlobeSurfer® III+, visit www.option.com

Questions and answers regarding the GlobeSurfer® III+ can be found on our Support website:

http://www.option.com/en/support/faq/

Technical questions can be posted after registering through our online SupportWeb Form:

http://www.option.com/en/support/support-ticketing-system/

For registering please go to:

http://support.option.com/support/register.php

March 2012

Table of Contents

1. Introduction to GlobeSurfer® III ................................................................................................... 8

2. Setup ............................................................................................................................................... 9

2.1. Setting up WAN and LAN connections ............................................................................................ 9

2.2. PC Network Conﬁguration ................................................................................................................ 9

3. GlobeSurfer® III Management Console ........................................................................................ 12

3.1. Accessing the GlobeSurfer® III Management Console .................................................................... 12

3.2. Menu System .................................................................................................................................... 12

3.3. Managing Tables .............................................................................................................................. 13

4. Home .............................................................................................................................................14

4.1. Overview ........................................................................................................................................... 14

4.2. Map View .......................................................................................................................................... 14

4.3. GlobeSurfer® III Installation Wizard ............................................................................................... 15

4.3.1. Installation Wizard: Language..................................................................................................... 16

4.3.2. Installation Wizard: Telephony ................................................................................................... 16

4.3.3. Installation Wizard: UMTS .......................................................................................................... 17

4.3.4. Installation Wizard: Wireless ...................................................................................................... 18

4.3.5. Installation Wizard: Wireless Encryption ................................................................................... 19

4.3.6. Installation Wizard: Firewall Policy ........................................................................................... 20

4.3.7. Installation Wizard: Finish .......................................................................................................... 22

5. Quick Setup .................................................................................................................................. 23

6. Internet Connection .................................................................................................................... 25

GlobeSurfer® III

Page 4 of 184

TECHNICAL REFERENCE MANUAL

6.1. General .............................................................................................................................................. 25

6.2. Settings ............................................................................................................................................ 26

6.3. Routing ............................................................................................................................................. 27

6.4. Connection Watchdog .................................................................................................................... 28

6.5. Remote SMS Control ....................................................................................................................... 28

6.6. Advanced ......................................................................................................................................... 29

7. Local Network ............................................................................................................................... 31

7.1. Overview ........................................................................................................................................... 31

7.2. Device................................................................................................................................................ 32

7.3. Wireless ............................................................................................................................................ 32

7.3.1. Overview ....................................................................................................................................... 33

7.3.2. Settings .........................................................................................................................................34

7.3.3. Advanced ...................................................................................................................................... 35

7.4. Shared Storage/Disk Management .................................................................................................. 37

7.4.1. RAID Properties ...........................................................................................................................38

7.5. Shared Printers/Print Server ........................................................................................................... 39

8. Services ......................................................................................................................................... 40

8.1. Overview .......................................................................................................................................... 40

8.2. Firewall............................................................................................................................................. 40

8.2.1. Overview ...................................................................................................................................... 42

8.2.2. Access Control ............................................................................................................................. 44

8.2.3. Port Forwarding ........................................................................................................................... 53

8.2.4. DMZ Host .................................................................................................................................... 56

8.2.5. Port Triggering ............................................................................................................................ 58

8.2.6. Website Restrictions .................................................................................................................... 61

8.2.7. NAT .............................................................................................................................................. 64

GlobeSurfer® III

Page 5 of 184

TECHNICAL REFERENCE MANUAL

8.2.8. Connections ................................................................................................................................. 68

8.2.9. Advanced Filtering ...................................................................................................................... 69

8.2.10. Log ................................................................................................................................................ 75

8.3. VPN/Internet Protocol Security (IPSec) ......................................................................................... 80

8.3.1. Internet Protocol Security (IPSec) Settings ................................................................................ 81

8.3.2. IPSec Log Settings ........................................................................................................................ 81

9. System ........................................................................................................................................... 83

9.1. Overview ...........................................................................................................................................83

9.2. System Settings ................................................................................................................................ 84

9.2.1. Overview/System Settings .......................................................................................................... 84

9.2.2. Date and Time ............................................................................................................................. 87

9.3. Users................................................................................................................................................. 89

9.3.1. User Settings ................................................................................................................................ 90

9.3.2. Group Settings ............................................................................................................................. 92

9.4. Network Connections...................................................................................................................... 92

9.4.1. Connection Wizard ..................................................................................................................... 94

9.4.2. LAN Bridge .................................................................................................................................. 97

9.4.3. LAN Ethernet .............................................................................................................................. 105

9.4.4. LAN Wireless .............................................................................................................................. 107

9.4.5. WAN Cellular .............................................................................................................................. 114

9.4.6. Configuring your Wireless Windows® XP clients ....................................................................... 118

9.5. Monitor ............................................................................................................................................ 121

9.5.1. Network Connection ................................................................................................................... 121

9.5.2. CPU ............................................................................................................................................. 122

9.5.3. System Log ...................................................................................................................................123

9.6. Routing ........................................................................................................................................... 124

GlobeSurfer® III

Page 6 of 184

TECHNICAL REFERENCE MANUAL

9.6.1. General/Routing ......................................................................................................................... 124

9.6.2. BGP and OSPF ............................................................................................................................ 127

9.6.3. PPPoE Relay ................................................................................................................................ 128

9.7. Management ................................................................................................................................... 128

9.7.1. Universal Plug and Play ............................................................................................................. 128

9.7.2. Simple Network Management Protocol (SNMP) ...................................................................... 129

9.7.3. Remote Administration .............................................................................................................. 131

9.8. Maintenance .................................................................................................................................... 133

9.8.1. About GlobeSurfer® III ................................................................................................................ 133

9.8.2. Configuration File ...................................................................................................................... 134

9.8.3. Reboot .......................................................................................................................................... 135

9.8.4. Restore Factory Settings.............................................................................................................. 135

9.8.5. Firmware upgrade ...................................................................................................................... 136

9.8.6. Diagnostics ..................................................................................................................................137

9.9. Objects and Rules ........................................................................................................................... 138

9.9.1. Protocols ..................................................................................................................................... 138

9.9.2. Network Objects ........................................................................................................................ 143

9.9.3. Scheduler Rules .......................................................................................................................... 146

9.9.4. Certificates .................................................................................................................................. 148

10. Shortcuts ..................................................................................................................................... 158

11. Telephone ................................................................................................................................... 160

11.1. Missed calls ..................................................................................................................................... 160

11.2. Incoming calls ................................................................................................................................. 160

11.3. Outgoing calls .................................................................................................................................. 161

11.4. Telephone settings .......................................................................................................................... 161

11.5. Call Forwarding .............................................................................................................................. 162

GlobeSurfer® III

Page 7 of 184

TECHNICAL REFERENCE MANUAL

11.6. Call Waiting .................................................................................................................................... 163

11.7. Caller ID .......................................................................................................................................... 164

11.8. SIM setup ........................................................................................................................................ 164

11.8.1. SIM PIN change .......................................................................................................................... 165

11.8.2. SIM PIN enable ........................................................................................................................... 166

11.8.3. SIM PIN2 change ........................................................................................................................ 166

11.8.4. Unlock device ............................................................................................................................. 166

12. SMS............................................................................................................................................... 167

12.1. SMS Create ...................................................................................................................................... 168

12.2. Inbox ............................................................................................................................................... 169

12.3. Outbox ............................................................................................................................................ 170

12.4. Sent ................................................................................................................................................. 170

12.5. Drafts .............................................................................................................................................. 170

12.6. Templates ........................................................................................................................................ 171

12.7. Archive ............................................................................................................................................. 171

12.8. SIM card ........................................................................................................................................... 171

12.9. Settings ........................................................................................................................................... 172

2 List of Acronyms .......................................................................................................................... 173

3 Glossary ....................................................................................................................................... 175

GlobeSurfer® III

Page 8 of 184

TECHNICAL REFERENCE MANUAL

1. Introduction to GlobeSurfer® III

Within minutes, you can connect to your mobile network and use a wireless connection to the Internet through the mobile network. GlobeSurfer® III is compatible with GSM and 3G mobile networks and supports GPRS, EDGE, UMTS and HSDPA technologies.

Tip: To achieve the best possible reception, check the signal strength on the display of the unit (the more bars the better the reception). You may find that placing the unit near a window provides the best reception.

Simple set-up

GlobeSurfer® III provides you with a quick installation and set-up that gets you easily and quickly connected to the Internet. You can use an Internet browser (e.g. Microsoft¨ Internet Explorer 6.0 or Firefox¨ 1.5) and most personal computers, including Windows¨, Macintosh¨ and Linux¨. The ‘Quick Setup Wizard’ introduces you to the basic settings that need to be configured for use with the mobile network. Once you have configured, you can review and enable customised wireless security settings.

Instant protection

Your GlobeSurfer® III supports Network Address Translation (NAT). This network service hides the computers in your network so they cannot be found or directly accessed from outside your network. A firewall is also included which, by default, blocks incoming traffic and allows outgoing traffic.

Additional security

GlobeSurfer® III supports both Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA and WPA2) to protect your network data. Security logs keep you aware of potential security risks and intrusion attempts. You can view logs online or via email.

Stay in touch

You can use GlobeSurfer® III to send and receive SMS text messages. The display on the front of the unit lets you know when a new SMS arrives. You can use GlobeSurfer® III to make mobile phone calls. When you get a phone call the display shows the caller’s number and indicates missed calls.

Important note

To protect your network from unauthorised access, and to make it more difficult for hackers to analyse your data, please configure the WLAN security settings and enable WEP, WPA or WPA2 encryption on your GlobeSurfer® III.

About This Manual

This manual describes configuration and operation of GlobeSurfer® III. It is intended as a complement to the GlobeSurfer® III User Guide to provide reference information for the advanced user of the GlobeSurfer® III. It is assumed that the hardware installation of GlobeSurfer® III has been done when the Reference Manual is read. This version of the manual is valid for GlobeSurfer® III.

GlobeSurfer® III

Page 9 of 184

TECHNICAL REFERENCE MANUAL

2. Setup

Connecting your computer or home network to the gateway is a simple procedure, varying slightly depending on your operating system. This chapter will help you to seamlessly integrate GlobeSurfer® III with your computer or home network. The Windows default network settings dictate that in most cases the setup procedure described below will be unnecessary. For example, the default DHCP setting in Windows 2000 is client, requiring no further modiﬁcation. However, it is advised to follow the setup procedure described below to verify that all communication parameters are valid and that the physical cable connections are correct. The setup procedure consists of three consecutive conﬁguration stages:

• Setting up WAN and LAN connections (see section 2.1)

• PC Network Conﬁguration (see section 2.2)

• GlobeSurfer® III Quick Setup (see section 4.3)

2.1. Setting up WAN and LAN connections

• WAN Connection: setting up the WAN connection requires that a SIM card is inserted correctly into

the SIM slot of the GlobeSurfer® III. See the User Guide for instructions on how to insert the SIM card. With the SIM card in place you configure the WAN connection through the Quick Setup of GlobeSurfer® III (see section 4.3). The first time you login to GlobeSurfer® III you will have to enter a PIN code. The PIN code is received from your ISP, but normally provided separately from the SIM card for security reasons.

• LAN Connection: your computer can connect to the gateway in two ways, either through Ethernet

or through the use of Wireless. The most common type of connection is Ethernet, with most platforms featuring four such ports. Use an Ethernet cable to connect between an Ethernet port on your gateway and your computer’s network card. Please refer to the accompanying Installation Guides for additional information.

2.2. PC Network Conﬁguration

Each network interface on the PC should either be conﬁgured with a statically deﬁned IP address and DNS address, or should be instructed to automatically obtain an IP address using the Network DHCP server. GlobeSurfer® III provides a DHCP server on its LAN and it is recommended to conﬁgure your LAN to obtain its IP and DNS server IPs automatically. This conﬁguration principle is identical but performed differently on each operating system.

The following screen displays the TCP/IP Properties dialog box as it appears in Windows XP. Following are TCP/IP conﬁguration instructions for all supported operating systems.

GlobeSurfer® III

Page 10 of 184

TECHNICAL REFERENCE MANUAL

Windows XP

• Access Network Connections from the Control Panel.

• Right-click the Ethernet connection icon, and select Properties.

• Under the General tab, select the Internet Protocol (TCP/IP) component, and press the Properties

button.

• The Internet Protocol (TCP/IP) properties window will be displayed.

• Select the Obtain an IP address automatically radio button.

• Select the Obtain DNS server address automatically radio button.

• Click OK to save the settings.

Windows 2000/98/Me

• Access Network and Dialing Connections from the Control Panel.

• Right-click the Ethernet connection icon, and select Properties to display the connection’s

properties.

• Select the Internet Protocol (TCP/IP) component, and press the Properties button.

• The Internet Protocol (TCP/IP) properties will be displayed.

• Select the Obtain an IP address automatically radio button.

• Select the Obtain DNS server address automatically radio button.

• Click OK to save the settings.

Windows NT

• Access Network from the Control Panel.

• From the Protocol tab, select the Internet Protocol (TCP/IP) component, and press the Properties

button.

• From the IP Address tab select the Obtain an IP address automatically radio button.

• From the DNS tab, verify that no DNS server is deﬁned in the DNS Service Search Order box and no

sufﬁx is deﬁned in the Domain Sufﬁx Search Order box.

GlobeSurfer® III

Page 11 of 184

TECHNICAL REFERENCE MANUAL

Linux

• Login into the system as a super-user, by entering su at the prompt.

• Type ifconﬁg to display the network devices and allocated IP addresses.

• Type pump -i <dev>, where <dev> is the network device name.

• Type ifconﬁg again to view the new allocated IP address.

• Make sure no ﬁrewall is active on device <dev>.

GlobeSurfer® III

Page 12 of 184

TECHNICAL REFERENCE MANUAL

3. GlobeSurfer® III Management Console

The GlobeSurfer® III management console described here allows you to control various GlobeSurfer® III system parameters, using a user-friendly graphical interface. The management console includes a connection status screen, a quick setup screen, network configuration, security configuration, authentication with multiple-user support, connection monitoring and more.

3.1. Accessing the GlobeSurfer® III Management Console

To access the management console:

• Launch a Web-browser on a PC in the LAN or WLAN.

• Type the IP address of the GlobeSurfer® III or a name as provided by the supplier in the address bar

(Internet Explorer) or location bar (Netscape Navigator). The default IP address is 192.168.1.1, and default name is http://umts-gateway.mydomain.

• Enter your username and password to log on to the web-based management console.

Your session will automatically time-out after a few minutes of inactivity. If you try to operate the management console after the session has expired the Login screen will appear and you will have to reenter your user name and password before proceeding. This feature helps to prevent unauthorised users from accessing the management console and changing the GlobeSurfer® III settings.

3.2. Menu System

The GlobeSurfer® III management console screens have been grouped into several subject areas and may be accessed by clicking on the appropriate icon in the top menu.

The subject areas are:

• Home: displays an overview of the status of the Internet Connection, Local Network, Storage,

Printers and Services (see section 4)

• Quick Setup: quick access to basic configuration settings (see section 5)

• Internet Connection: configure internet connections (see section 6)

• Local Network: configure local network, storage and printer settings (see section 7)

• Services: configure Firewall, Print Server, Personal Domain Name, File Server and IPSec settings (see

section 8)

• System: configure system settings (see section 9)

• Shortcuts: displays icons to enable quick and easy access to all areas (see section 10)

• Telephone: manage your telephony options (see section 11)

• SMS: manage your SMS messages (see section 12)

GlobeSurfer® III

Page 13 of 184

TECHNICAL REFERENCE MANUAL

3.3. Managing Tables

Tables are used throughout the GlobeSurfer® III management console. They handle user-defined entries relating to elements such as network connections, local servers, restrictions and configurable parameters. The principles outlined in this section apply to all tables in the management console.

In a typical table each row defines an entry in the table. The following icons located in the Action column enable adding, editing and deleting table entries:

Click the Add icon to add an entry of the same type as on that row.

Click the Edit icon to edit the entry on that row.

Click the Delete icon to remove the entry on that row.

Click the Move Down icon to move an entry down.

Click the Move Up icon to move an entry up.

In many tables the last row includes a link that allows adding a new entry to the table.

GlobeSurfer® III

Page 14 of 184

TECHNICAL REFERENCE MANUAL

4. Home

From this screen you can click on the tabs at the top left hand side to route to the following screens:

• Overview - status of Internet Connection/Local Network/Storage/Printers/Services (see section 4.1)

• Map View - pictorial overview of all components connected to GlobeSurfer® III (see section 4.2)

• Installation Wizard - guides you through the main settings for your GlobeSurfer® III (see section 4.3)

• Quick Setup - routes directly to the Quick Setup area to change the main settings (see section 5)

4.1. Overview

This screen displays an overview of the status of the Internet Connection, Local Network, Storage, Printers and Services available to you with GlobeSurfer® III. For details of each component you can easily drill down by clicking on the area.

4.2. Map View

This screen shows a pictorial overview of all components currently connected to your GlobeSurfer® III including the firewall and all networks including wireless networks. For details of each component you can easily drill down by clicking on the component icon.

GlobeSurfer® III

Page 15 of 184

TECHNICAL REFERENCE MANUAL

4.3. GlobeSurfer® III Installation Wizard

The GlobeSurfer® III management console allows you to control various GlobeSurfer® III system parameters. The interface is accessed through a web browser:

• Start a web browser on your PC.

• Enter the address 192.168.1.1 to display the GlobeSurfer® III management console. When first

logging on to the management console, the Login screen will appear. Configure your language settings and enter a password. To verify correctness retype the password, and click OK to login to the management console. For security reasons it is strongly recommended that you specify a password. However, make sure you remember your new user name and password, since this is the only way you will be able to login to the GlobeSurfer® III from now on.

• After choosing your password and clicking OK you will be forwarded to the Installation Wizard page.

Click OK to continue the Installation Wizard.

• The Installation Wizard helps you to quickly set the most important settings of your GlobeSurfer® III.

If you would like to complete the Installation without using the Wizard just click Cancel. Alternatively, click the Quick Setup icon on the left sidebar, after login in. The following sections describe the various configuration parameters of Installation. Once you have filled the Installation sections as described below, click the OK button to configure your GlobeSurfer® III.

GlobeSurfer® III

Page 16 of 184

TECHNICAL REFERENCE MANUAL

4.3.1. Installation Wizard: Language

Select the language and time zone you would like to use on the GlobeSurfer® III Management Console and Display.

4.3.2. Installation Wizard: Telephony

Select the country for your telephone handset. This will adapt the telephone connector of GlobeSurfer® III to work with your handset.

GlobeSurfer® III

Page 17 of 184

TECHNICAL REFERENCE MANUAL

4.3.3. Installation Wizard: UMTS

Check or change the following settings on the Installation screen to configure the UMTS connection:

Access point name: enter the access point name as provided by your Internet Service Provider (ISP), or accept the name already set.

UMTS connect method:

• Connect Manually: connect to the Internet by clicking Connect on the Connection Status page in

the management console or press the Connect button on the GlobeSurfer® III unit.

• Automatically connect upon traffic: GlobeSurfer® III will automatically connect when you

attempt to send data via the Internet.

• Always connected: GlobeSurfer® III will connect to the internet when possible and will remain

connected.

In case of inactivity, disconnect after (minutes): the default is zero (0), meaning UMTS will stay connected until manually disconnected. The maximum is 1440 minutes (24hrs). Note: Incoming traffic is treated as inactivity.

GlobeSurfer® III

Page 18 of 184

TECHNICAL REFERENCE MANUAL

4.3.4. Installation Wizard: Wireless

SSID: the Service Set Identifier: enter a name for your local wireless network (WLAN) (maximum 32 characters). Note: Setting the SSID to something unique will make it much easier to identify your own wireless network, especially if there are other wireless networks available in the nearby area.

SSID broadcast: if you set the Enabled checkbox to broadcast, then other devices can detect and connect to your WLAN. Clear the checkbox to disable broadcasting and hide the name of your network. This provides minimal security, as other devices have to know the SSID to connect. You can install the WLAN with this feature enabled and then disable it once you have set up GlobeSurfer® III and its associated wireless clients.

GlobeSurfer® III

Page 19 of 184

TECHNICAL REFERENCE MANUAL

4.3.5. Installation Wizard: Wireless Encryption

In order to prohibit unauthorized access to your GlobeSurfer® III, make sure to apply sufficient security and encryption on your wireless network.

If WPA2 is supported by your wireless clients it is recommended to apply WPA2 encryption to your wireless network as it offers the highest level of security.

Depending on your choice of security method, the Wireless Encryption page will refresh with relevant configuration choices. Unless No Encryption is selected you will be asked to enter an encryption key in either HEX or ASCII format. HEX format requires a hexadecimal key (0-9, a-f) of various length depending on your selection. An ASCII key consists of a pass-phrase of various length that will be translated by the GlobeSurfer® III¨ II into a HEX key. Using an ASCII key could be easier to remember than a HEX key, but in some cases there are compatibility issues between different vendors of wireless equipment. Hence, if you are experiencing problems when using ASCII key, try to use HEX keys instead.

Available choices are:

• None/No encryption: this option is not recommended except during installation of your

network.

• WPA: Wi-Fi Protected Access is a 256-bit encryption method with keys that change automatically

over time.

• WPA2: a more secure version of WPA with implementation of the 802.11i standard.

• WPA and WPA2: allows both options

• 802.1X WEP: Wireless Equivalent Privacy is a 40-bit or 104-bit encryption method with user

configurable fixed keys. 802.1X indicates RADIUS support.

• WEP/Non-802.1X WEP: like 802.1X WEP but without RADIUS support.

• Authentication Only: authentication by physical MAC address.

GlobeSurfer® III

Page 20 of 184

TECHNICAL REFERENCE MANUAL

Note: WPA/WPA2 is recommended as it provides the higher level of security due to the longer key that changes automatically. You must configure your wireless PC clients to use the same encryption type and keys. Otherwise the devices will not understand each other. Enabling wireless encryption has no security effect on wired (Ethernet) connections.

Configuring WEP: select the desired level (104-bit provides higher security). Enter the Pre-Shared key in hexadecimal (10 or 26 characters), or in plain text (ASCII) format (5 or 13 characters).

Configuring WPA/WPA2: enter the Pre-Shared key as a plain text (ASCII) pass-phrase of at least 8 characters. Note: not all wireless client equipment supports ASCII-text format. If you are experiencing problems, use the hexadecimal key format since most vendors support it.

4.3.6. Installation Wizard: Firewall Policy

The GlobeSurfer® III has three different predefined Firewall Policies:

• Minimum Security: lowest level of firewall security allowing both incoming and outgoing traffic.

• Typical Security: offers some firewall security, but is still open for all connections initiated from

clients connected to the GlobeSurfer® III.

• Maximum Security: highest level of firewall security where only most commonly used protocols

are allowed also for local clients trying to connect to the Internet.

To learn more about these predefined security levels, please refer to section 8.2. It is also possible to add more advanced firewall policies than these three predefined levels.

GlobeSurfer® III

Page 21 of 184

TECHNICAL REFERENCE MANUAL

GlobeSurfer® III

Page 22 of 184

TECHNICAL REFERENCE MANUAL

4.3.7. Installation Wizard: Finish

The last page of the Installation Wizard shows all the settings made on previous pages. If they all look correct, press the Finish button to apply these settings.

If you want to change any settings, use the Back button to navigate to the appropriate page and modify that setting.

Press the Exit button if you want to quit the Installation Wizard without applying any new changes.

GlobeSurfer® III

Page 23 of 184

TECHNICAL REFERENCE MANUAL

5. Quick Setup

You can use the Quick Setup screen to change the main settings needed to use GlobeSurfer® III:

Web interface and display

• Language: select the language for GlobeSurfer® III. The current language setting will be restored

if you do not apply the settings.

Telephony

• Caller ID: select the country for the telephone handset interface, options available are:

• ETSI DTMF

• ETSI FSK ring pulse

• ETSI FSK dualtone

• ETSI FSK Line reversal + dualtone

• ETSI FSK during ring

• Bellcore

• Australia

UMTS

• Access point name: as provided by your mobile operator

• UMTS connect method: radio button with the following choices:

• Connect Manually: connect to the Internet by clicking Connect on the Connection Status page in

the management console or press the Connect button on GlobeSurfer® III

• Automatically connect upon traffic: GlobeSurfer® III will automatically connect when you

attempt to send data via the Internet

• Always connected: GlobeSurfer® III will stay connected

GlobeSurfer® III

Page 24 of 184

TECHNICAL REFERENCE MANUAL

• In case of inactivity, disconnect after (minutes): The default is 10 minures. Set it to zero (0) if

you want the UMTS to stay connected. The maximum is 1440 minutes (24 hours). Incoming traffic is treated as inactivity.

Wireless The following settings are the most important for the local Wireless LAN:

• Wireless: click on the Enabled checkbox to enable this function

• SSID: the Service Set Identifier – enter a name for your local wireless network (WLAN)

• SSID Broadcast

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

GlobeSurfer® III

Page 25 of 184

TECHNICAL REFERENCE MANUAL

6. Internet Connection

The WAN Cellular connection connects GlobeSurfer® III to the Internet and other networks through GSM or UMTS mobile telecommunications standards. The WAN Cellular Properties screen displays a summary of the connection.

From this screen you can click on the tabs at the top left hand side to route to the following detailed screens:

• General - summary of wireless connection (see section 6.1)

• Settings - general communications parameters (see section 6.2)

• Routing - sets static or dynamic routing options (see section 6.3)

• Advanced - activate firewall for network connection (see section 6.6)

6.1. General

The WAN Cellular connection connects the GlobeSurfer® III to the Internet and other networks through the GSM and UMTS mobile telecommunications standards. The WAN Cellular Properties screen displays a summary of the connection properties.

Press the OK button to apply changes and go back to the previous screen. Press the Apply button to apply changes and stay on this screen. Press the Cancel button to reject changes and go back to the previous screen.

GlobeSurfer® III

Page 26 of 184

TECHNICAL REFERENCE MANUAL

6.2. Settings

The top part of the configuration window displays general communication parameters. It is not recommended to change the default values in this screen unless you are familiar with the networking concepts they represent. Since your gateway is configured to operate with the default values, no parameter modification is necessary.

You can configure the following general connection settings:

• MTU: this is the Maximum Transmission Unit. It specifies the largest packet size permitted for

Internet transmission. Manual, allows you to enter the largest packet size that will be transmitted. The recommended size, is 1492. You should leave this value in the 1200 to 1500 range. To have the gateway select the best MTU for your Internet connection, select Automatic (default setting).

GlobeSurfer® III

Page 27 of 184

TECHNICAL REFERENCE MANUAL

6.3. Routing

You can choose to setup your gateway to use static or dynamic routing. Dynamic routing automatically adjusts how packets travel on the network, whereas static routing specifies a fixed routing path to neighbouring destinations.

You can configure the following routing settings:

• Routing Mode: select one of the following routing modes:

• Route: use route mode if you want your GlobeSurfer® III to function as a router between

two networks.

• NAPT: Network Address and Port Translation (NAPT) refers to network address translation

involving the mapping of port numbers, allowing multiple machines to share a single IP address. Use NAPT if your LAN encompasses multiple devices, a topology that necessitates port translation in addition to address translation.

• Device metric: this is a value used by the gateway to determine whether one route is superior to

another, considering parameters such as bandwidth, delay, and more.

• Default Route: select this checkbox to define this device as the default route.

• Multicast - IGMP Proxy Default: IGMP proxy enables the system to issue IGMP host messages on

behalf of hosts that the system discovered through standard IGMP interfaces. IGMP proxy enables the routing of multicast packets according to the IGMP requests of LAN devices asking to join multicast groups. Select the checkbox to enable this feature.

• Routing Information Protocol (RIP): select this checkbox to enable the Routing Information

Protocol (RIP). RIP determines a route based on the smallest hop count between source and destination.

• Routing Table: allows you to add or modify routes when this device is active. Use the New Route

button to add a route or edit existing routes.

Press the OK button to apply changes and go back to the previous screen.

GlobeSurfer® III

Page 28 of 184

TECHNICAL REFERENCE MANUAL

Press the Apply button to apply changes and stay on this screen. Press the Cancel button to reject changes and go back to the previous screen.

6.4. Connection Watchdog

When this feature is enabled and the Watchdog timeout duration is set, the GlobeSurfer will do periodic DNS queries to the DNS server to resolve pre-defined websites e.g. www.option.com, www.google.com,

www.microsoft.com. If the DNS query does not get resolved, the device will force a reset of the WWAN modem

and will try to re-establish the connection.

To enable the Connection Watchdog feature, check the 3G Connection watchdog checkbox and set the frequency of the DNS query by setting the Watchdog timeout duration. A duration of 60 seconds is suggested for this setting.

If the device is already set in Failover mode, this feature will automatically be deactivated.

6.5. Remote SMS Control

The GlobeSurfer can be set to receive SMS commands from pre-defined phone numbers to execute certain tasks.

GlobeSurfer® III

Page 29 of 184

TECHNICAL REFERENCE MANUAL

To enable the SMS Control feature, check the SMS Control Center checkbox and define a valid phone number. The phone number has to be in international format with the country prefix preceded by a ‘+’. e.g. +32475123456 for Belgium where 32 is the country prefix of Belgium.

Multiple phone numbers can be defined for this feature. The phone numbers have to be separated by a comma ‘,’.

SMS commands

SMS commands have to be in simple US characters with no space or other characters before or after the command itself.

REBOOT

The GlobeSurfer will do a power reboot.

CONNECT

If the device is set at ‘Manual Connect’ or ‘Connect Upon Traffic’ and the connection is off, this command will make a connection and change the connection state to ‘Connected’.

DISCONNECT

If the device is set at ‘Manual Connect’ or ‘Connect Upon Traffic’ and the connection is on, this command will make a disconnection and change the connection state to ‘Disconnect’.

6.6. Advanced

Your gateway's firewall helps protect your computer by preventing unauthorized users from gaining

GlobeSurfer® III

Page 30 of 184

TECHNICAL REFERENCE MANUAL

access to it through a network such as the Internet. The firewall can be activated per network connection.

To enable the firewall on this network connection, select the Enabled checkbox. To learn more about your gateway's security features, please refer to section 8.2.

GlobeSurfer® III

Page 31 of 184

TECHNICAL REFERENCE MANUAL

7. Local Network

This area provides an overview of and the ability to configure local network, storage and printer settings.

From this screen you can click on the tabs at the top left hand side to route to the following detailed screens:

• Overview - overview of local network, storage and printers (see section 7.1)

• Device - list of all devices in local network with ability to drill down to see detail (see section 7.2)

• Wireless - overview of wireless network with ability to drill down to see detail (see section 7.3)

• Shared Storage - manage your system storage area, disks and RAID devices (see section 7.4)

• Shared Printers - shows printers attached to the device via the USB connection (see section 7.5)

7.1. Overview

This screen displays an overview of the local network, storage and printers, and provides access to further screens where individual devices, wireless network, shared printers and shared storage can be configured and modified.

The following data is displayed:

• Local Network: the number of computers connected is shown. For each computer the following

data appears:

• Type

• Name

• IP address

• Status

• Block status

• Storage: the number of external hard disk drives connected is shown

• Printers: the number of printers connected is shown

Press the Refresh button to refresh the screen.

GlobeSurfer® III

Page 32 of 184

TECHNICAL REFERENCE MANUAL

7.2. Device

This screen displays a list of all the devices in the local network along with their status, and provides the ability to modify and delete each entry.

For each device the following data is displayed:

• Name

• Number of computers connected

• Status

Clicking on a LAN Bridge entry routes you to the LAN Bridge Properties screen in the System/Network Connections/General part of the system (see section 9.4.1)

Clicking on a LAN Ethernet entry routes you to the LAN Ethernet Properties screen in the System/Network Connections/General part of the system (see section 9.4.1)

Clicking on a LAN Wireless 802.11g Access Point entry routes you to the LAN Wireless 802.11g Access Point Properties screen in the System/Network Connections/General part of the system (see section

9.4.1)

7.3. Wireless

From this screen you can click on the tabs at the top right hand side to route to the following detailed screens:

• Overview (see section 7.3.1)

• Settings (see section 7.3.2)

• Advanced (see section 7.3.3)

GlobeSurfer® III

Page 33 of 184

TECHNICAL REFERENCE MANUAL

7.3.1. Overview

This screen provides an overview of the wireless network.

The following data is displayed:

• Enable Wireless: click to checkbox to enable wireless functionality

• Wireless Network (SSID): the SSID is the network name shared among all points in a wireless

network. It must be identical for all points in the wireless network. It is case-sensitive and must not exceed 32 characters (use any of the characters on the keyboard).

• 802.11 Mode: select the wireless communication standard that is compatible with your PC’s

wireless card. Options are:

• 802.11b/g Mixed

• 802.11g Only

• 802.11b Only

• Security: choose the required security option from the drop down box, options are:

• None

• Web Authentication

• Password Protected (WPA)

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

GlobeSurfer® III

Page 34 of 184

TECHNICAL REFERENCE MANUAL

7.3.2. Settings

This screen enables you to enter more wireless settings.

The following data is displayed:

• SSID Broadcast: click on this checkbox to enable the SSID's broadcast. SSID broadcast is used in

order to hide the name of the AP (SSID) from clients that should not be aware of its existence.

• Channel: choose the appropriate channel from the drop down list provided to correspond with

your network settings. All devices in your wireless network must be broadcast on different channels in order to function correctly.

• Security: choose the appropriate security option from the drop down list

• None

• WPA

• WPA2

• WPA and WPA2

• 802.1X WEP

• Non-802.1X WEP

• Authentication Only

• Clean Mac List: click this button to clean the Mac list

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

GlobeSurfer® III

Page 35 of 184

TECHNICAL REFERENCE MANUAL

7.3.3. Advanced

From this screen you can click on the tabs at the top left hand side to route to the following detailed screens:

• General (see section 7.3.3.1)

• Settings (see section 7.3.3.2)

• Wireless (see section 7.3.3.3)

• Advanced (see section 7.3.3.4)

7.3.3.1. General

7.3.3.2. Settings

GlobeSurfer® III

Page 36 of 184

TECHNICAL REFERENCE MANUAL

7.3.3.3. Wireless

7.3.3.4. Advanced

GlobeSurfer® III

Page 37 of 184

TECHNICAL REFERENCE MANUAL

7.4. Shared Storage/Disk Management

This screen enables you to manage your system storage area, disks and RAID devices.

The following data is displayed:

• Enabled: click this checkbox to enable disk management

• Status: this shows the status of disk management and how many disks are connected

• System Storage Area

• Status: shows the status of the system storage area and whether it is connected

• Automatically Create System Storage Area: click this checkbox to automatically create a

system storage area

• Disks: for each disk the following data appears:

• Device

• Description

• Type

• Size

• Partitions

• RAID Devices: for each RAID device the following data appears:

• Device

• Name

• Type

• Status

• Total Space

• Free Space

• RAID

• Action

• Add RAID Device: click to add a new device and go to the RAID Properties screen (see section 7.4.1)

Press the OK button to apply changes and go back to the previous screen.

GlobeSurfer® III

Page 38 of 184

TECHNICAL REFERENCE MANUAL

Press the Apply button to apply changes and stay on this screen. Press the Cancel button to reject changes and go back to the previous screen. Press the Refresh button to refresh the screen.

7.4.1. RAID Properties

This screen enables you to add a RAID device.

The following data can be entered:

• RAID level: choose one of the following options from the drop down list:

• RAID0

• RAID1

• RAID5

• Mount Enabled: add a mount point name for the created device

Press the Next button to apply changes and add another device. Press the Cancel button to reject changes and go back to the previous screen.

GlobeSurfer® III

Page 39 of 184

TECHNICAL REFERENCE MANUAL

7.5. Shared Printers/Print Server

GlobeSurfer® III includes a print server that allows printers attached to the device via the USB connection to be shared by all computers on the LAN.

On this screen you can see information about your printer, as well as view a list of print jobs (when prints are in the queue).

The following checkboxes can be modified:

• Enabled

• Spool to Disk

• Allow Guest Access

• LPD Support

• IPP Support

• Microsoft Shared Printing Support

For each print job, the following data is displayed:

• Printer

• Status

• Jobs in Queue

• Jobs Printed

• Action

• Storage: the number of external hard disk drives connected is shown

• Printers: the number of printers connected is shown

GlobeSurfer® III

Page 40 of 184

TECHNICAL REFERENCE MANUAL

8. Services

8.1. Overview

This screen displays icons/hyperlinks for the various services available:

• Firewall : this hyperlink routes to the Firewall Overview screen

• File Server : this hyperlink routes to the File Server Overview screen

• Print Server : this hyperlink routes to the Print Server Overview screen

• IPSec : this hyperlink routes to the IPSec Overview screen

• Personal Domain Name : this hyperlink routes to the Personal Domain Name Overview screen

Each service also shows a summary description of the status of the service.

8.2. Firewall

The GlobeSurfer® III includes comprehensive and robust security services: Stateful Packet Inspection Firewall, user authentication protocols and password protection mechanisms. These features together allow users to connect their computers to the Internet and simultaneously to be protected from the security threats of the Internet.

The firewall, the cornerstone of the GlobeSurfer® III’s security services, has been exclusively tailored to the needs of the residential/office user and has been pre-configured to provide optimum security.

The GlobeSurfer® III’s firewall provides both the security and flexibility that home and office users seek. It provides a managed, professional level of network security while enabling the safe use of interactive applications, such as Internet gaming and videoconferencing.

The GlobeSurfer® III’s firewall supports advanced filtering, designed to allow comprehensive control over the firewall’s behaviour. You can define specific input and output rules, control the order of logically similar sets of rules and make a distinction between rules that apply to WAN and LAN

GlobeSurfer® III

Page 41 of 184

TECHNICAL REFERENCE MANUAL

network devices.

• The Overview screen allows you to choose the security level for the firewall (see section 1.1.1).

• The Access Control screen can be used to restrict access from the local network to the Internet

(see section 8.2.2).

• The Port Forwarding screen can be used to enable access from the Internet to specified services

provided by computers in the local network and special Internet applications (see section 8.2.3).

• The DMZ Host screen allows you to configure a LAN host to receive all traffic arriving at your

GlobeSurfer® III, which does not belong to a known session (see section 8.2.4).

• The Port Triggering screen allows you to define port triggering entries, to dynamically open the

firewall for some protocols or ports (see section 1.1.1).

• The Website Restrictions screen allows you to block LAN access to a certain host or Web site on

the Internet (see section 8.2.6).

• The NAT (Network Address Translation) screen allows you to hide the computers in your

network so they cannot be found or directly accessed from outside your network (see section

8.2.7).

• The Connections screen allows you to view all the active connections on the system (see section

1.1.1).

• The Advanced Filtering screen allows you to implicitly control the firewall setting and rules (see

section 1.1.1).

• The Log screen allows you to view and configure the firewall Log (see section 1.1.1)

GlobeSurfer® III

Page 42 of 184

TECHNICAL REFERENCE MANUAL

8.2.1. Overview

Use the Overview screen to configure the gateway’s basic security settings.

The firewall regulates the flow of data between the home network and the Internet. Both incoming and outgoing data are inspected and then either accepted (allowed to pass through GlobeSurfer® III) or rejected (barred from passing through GlobeSurfer® III) according to a flexible and configurable set of rules. These rules are designed to prevent unwanted intrusions from the outside, while allowing home users access to the Internet services that they require.

The firewall rules specify what types of services available on the Internet may be accessed from the home network and what types of services available in the home network may be accessed from the Internet. Each request for a service that the firewall receives, whether originating in the Internet or from a computer in the home network, is checked against the set of firewall rules to determine whether the request should be allowed to pass through the firewall. If the request is permitted to pass, then all subsequent data associated with this request (a “session”) will also be allowed to pass, regardless of its direction.

For example, when you point your Web browser to a Web page on the Internet, a request is sent out to the Internet for this page. When the request reaches GlobeSurfer® III the firewall will identify the request type and origin, HTTP and a specific PC in your home network, in this case. Unless you have configured access control to block requests of this type from this computer, the firewall will allow this request to pass out onto the Internet (see section 8.2.2 for more on setting access controls). When the Web page is returned from the Web server the firewall will associate it with this session and allow it to pass, regardless of whether HTTP access from the Internet to the home network is blocked or permitted.

The important thing to note here is that it is the origin of the request, not subsequent responses

GlobeSurfer® III

Page 43 of 184

TECHNICAL REFERENCE MANUAL

to this request, that determines whether a session can be established or not.

You may choose from among three pre-defined security levels for GlobeSurfer® III: Minimum, Typical and Maximum. The table below summarizes the behaviour of GlobeSurfer® III for each of the three security levels.

Security level Requests Originating in the

WAN (Incoming Traffic)

Requests Originating in the LAN (Outgoing Traffic)

Maximum Security Blocked: No access to home

network from Internet, except as configured in the Port Forwarding, DMZ host and Remote Access screens

Limited: By default, only commonly-used services, such as Webbrowsing and email, are permitted *

Typical Security Blocked: No access to home

network from Internet, except as configured in the Port Forwarding, DMZ host and Remote Access screens

Blocked: No access to home network from Internet, except as configured in the Port Forwarding, DMZ host and Remote Access screens

Minimum Security Unrestricted: Permits full

access from Internet to home network; all connection attempts permitted.

Blocked: No access to home network from Internet, except as configured in the Port Forwarding, DMZ host and Remote Access screens

* These services include Telnet, FTP, HTTP, HTTPS, DNS, IMAP, POP3 and SMTP. The list of allowed services at 'Maximum Security' mode can be edited in the Access Control page. Attention: Some applications (such as some Internet messengers and Peer-To-Peer client applications) tend to use these ports, if they cannot connect with their own default ports. When applying this behaviour, these applications will not be blocked outbound, even at Maximum Security Level.

Choose from the among the three pre-defined security levels described in the table above:

• Maximum Security: if this option is chosen, remote administration settings will override

the security inbound policy and outbound access is allowed to the following services : DHCP, DNS, IMAP, POP3, HTTPS, FTP and Telnet.

• Typical Security: this is the default option where remote administration settings will

override the security inbound policy.

• Minimum security: this option is not recommended as it may expose the home network

to significant security risks, and thus should only be used, when necessary, for short periods of time.

• Block IP Fragments: click this checkbox in order to protect your home network from a

common type of hacker attack that could make use of fragmented data packets to sabotage your home network. (Note that VPN over IPSec and some UDP-based services

GlobeSurfer® III

Page 44 of 184

TECHNICAL REFERENCE MANUAL

make legitimate use of IP fragments. You will need to allow IP fragments to pass into the home network in order to make use of these select services.)

8.2.2. Access Control

You may want to block specific computers within the home network (or even the whole network) from accessing certain services on the Internet. For example, you may want to prohibit one computer from surfing the Web, another computer from transferring files using FTP, and the whole network from receiving incoming e-mail.

Access Control defines restrictions on the types of requests that may pass from the home network out to the Internet, and thus may block traffic flowing in both directions. It can also be used for allowing specific services when maximum security is configured. In the e-mail example given above, you may prevent computers in the home network from receiving e-mail by blocking their outgoing requests to POP3 servers on the Internet.

There are numerous services you should consider blocking, such as popular game and file sharing servers. For example, if you want to make sure that your employees do not put your business at risk from illegally traded copyright files, you may want to block several popular P2P and file sharing applications.

This screen offers the facility to block access to Internet services from within the LAN. Entries can be added, edited or deleted.

The following fields are displayed:

• Local Host: identifier

• Local Address: computer to apply the access control rule to

• Protocols: type of protocol

GlobeSurfer® III

Page 45 of 184

TECHNICAL REFERENCE MANUAL

• Status: shows the status of the access control rule

• Action: options for adding new entries or editing or deleting existing ones

Click on New Entry - this routes to the Add Access Control Rule screen (see section 8.2.2.1)

Click on the edit icon - this routes to the Edit Access Control Rule screen (see section 8.2.2.2)

Press the OK button to apply changes and go back to the Home screen. Press the Apply button to apply changes and stay on this screen. Press the Cancel button to reject changes and go back to the Home screen. Press the Resolve Now button to check the screen. Press the Refresh button to refresh the screen.

8.2.2.1. Add Access Control Rule

This screen allows the entry of new access control rules. The following fields should be entered:

• Address: specify the computer or group of computers to apply the access control rule

to: options available are:

o Any o User Defined – this routes to the Edit Network Object screen (see section

8.2.2.3)

o Specific computer address in your LAN

• Protocol: type of protocol that will be used: choose from the drop down list:

o Any o User Defined – this routes to the Edit Service screen (see section 8.2.2.5) o Show Basic Services – if this option is chosen a reduced list of options is

displayed including:

 FTP - File Transfer 

HTTP – Web Server

 HTTPS – Secured Web Server

GlobeSurfer® III

Page 46 of 184

TECHNICAL REFERENCE MANUAL

 IMAP – Messaging Server  L2TP – Layer 2 Tuneling Protocol  Ping – ICMP Echo Request  POP3 – Incoming Mail  SMTP – Outgoing Mail  SNMP – Simple Network Management Protocol  Telnet – Remote Connection  TFTP – Trivial File Transfer Protocol  Traceroute – Route Tracking Utility

o Show All Services – a more comprehensive list of services is displayed

• Reply an HTML Page to the Blocked Client: click this checkbox to send an HTML page

to the client when access is blocked – this is checked by default

• Schedule: define the time period during which this rule will take effect:

o Always – access is always controlled o User defined – this routes to the Edit Scheduler Rule screen (see section

8.2.2.7)

Press the OK button to apply changes and go back to the Access Control screen. Press the Cancel button to reject changes and go back to the Access Control screen.

8.2.2.2. Edit Access Control Rule

This screen allows the editing of existing access control rules. The following fields should be entered:

• Address: specify the computer or group of computers to apply the access control rule

to: options available are:

o Any o User Defined – this routes to the Edit Network Object screen (see section

8.2.2.3)

o Specific computer address in your LAN

• Protocol: type of protocol that will be used: choose from the drop down list:

GlobeSurfer® III

Page 47 of 184

TECHNICAL REFERENCE MANUAL

o Any o User Defined – this routes to the Edit Service screen (see section 8.2.2.5) o Show Basic Services – if this option is chosen a reduced list of options is

displayed including:

 FTP - File Transfer  HTTP – Web Server  HTTPS – Secured Web Server  IMAP – Messaging Server  L2TP – Layer 2 Tuneling Protocol  Ping – ICMP Echo Request  POP3 – Incoming Mail  SMTP – Outgoing Mail  SNMP – Simple Network Management Protocol  Telnet – Remote Connection  TFTP – Trivial File Transfer Protocol  Traceroute – Route Tracking Utility

o Show All Services – a more comprehensive list of services is displayed

• Reply an HTML Page to the Blocked Client: click this checkbox to send an HTML page

to the client when access is blocked – this is checked by default

• Schedule: define the time period during which this rule will take effect:

o Always – access is always controlled o User defined – this routes to the Edit Scheduler Rule screen (see section

8.2.2.7)

Press the OK button to apply changes and go back to the Access Control screen. Press the Cancel button to reject changes and go back to the Access Control screen.

8.2.2.3. Edit Network Object

This screen allows the editing of network objects. The following fields should be entered:

• Description: type the description of the object

GlobeSurfer® III

Page 48 of 184

TECHNICAL REFERENCE MANUAL

Click on New Entry - this routes to the Edit Item screen (see section 8.2.2.4)

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

8.2.2.4. Edit Item

This screen allows the editing of network object types. The following fields should be entered:

• Network Object Type: choose from the drop down list: o IP Address, then enter

 IP address

o IP Subnet, then enter

 Subnet IP Address  Subnet Mask

o IP Range, then enter

 From IP Address  To IP Address

o MAC Address, then enter

 MAC Address  MAC Mask

o Host Name, then enter

 Host Name

o DHCP Option, then choose from the drop down list:

 60:Vendor Class ID  61: Client ID  77: User Class ID  then enter the appropriate ID

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

GlobeSurfer® III

Page 49 of 184

TECHNICAL REFERENCE MANUAL

8.2.2.5. Edit Service

This screen allows the editing of services. The following fields should be entered:

• Service Name: type the name of the service

Click on New Server Ports - this routes to the Edit Service Server Ports screen (see section

8.2.2.6)

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

8.2.2.6. Edit Service Server Ports

This screen allows the editing of service server ports. The following fields should be entered:

• Protocol: choose from the drop down list: o TCP, then enter

 Source Ports, then choose from the drop down list:

• Any

• Single, then enter port number

GlobeSurfer® III

Page 50 of 184

TECHNICAL REFERENCE MANUAL

• Range, then enter range values

 Destination Ports, then choose from the drop down list:

• Any

• Single, then enter port number

• Range, then enter range values

o UDP, then enter

 Source Ports, then choose from the drop down list:

• Any

• Single, then enter port number

• Range, then enter range values

 Destination Ports, then choose from the drop down list:

• Any

• Single, then enter port number

• Range, then enter range values

o ICMP, then enter

 ICMP Message by choosing from the drop down list:

• Echo Reply

• Network Unreachable

• Host Unreachable

• Protocol Unreachable

• Port Unreachable

• Destination Network Unknown

• Destination Host Unknown

• Redirect for Network

• Redirect for Host

• Echo Request

• Other

o GRE o ESP o AH o Other, then enter

 Protocol Number

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

GlobeSurfer® III

Page 51 of 184

TECHNICAL REFERENCE MANUAL

8.2.2.7. Edit Scheduler Rule

This screen allows the editing of scheduler rules. The following fields should be entered:

• Name: type the name of the scheduler ruled and click on New Time Segment Entry

• Rule Activity settings: choose from the following radio buttons

o Rule will be Active at the Scheduled Time o Rule will be Inactive at the Scheduled Time

Click on New Time Segment Entry - this routes to the Edit Time Segment screen (see section

8.2.2.8)

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

GlobeSurfer® III

Page 52 of 184

TECHNICAL REFERENCE MANUAL

8.2.2.8. Edit Time Segment

This screen allows the editing of time segments. The following fields should be entered:

• Days of Week: check the days of the week when the rule should apply

Click on New Hours Range Entry - this routes to the Edit Hour Range screen (see section

8.2.2.9)

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

8.2.2.9. Edit Hour Range

This screen allows the entry of the hours during the day when the rules will apply. The following fields should be entered:

• Start Time in hours and minutes

• End Time in hours and minutes

GlobeSurfer® III

Page 53 of 184

TECHNICAL REFERENCE MANUAL

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

8.2.3. Port Forwarding

In its default state, GlobeSurfer® III blocks all external users from connecting to or communicating with your network. Therefore the system is safe from hackers who may try to intrude on the network and damage it. However, you may want to expose your network to the Internet in certain limited and controlled ways in order to enable some applications to work from the LAN (game, voice and chat applications, for example) and to enable Internet-access to servers in the home network. The Port Forwarding feature supports both of these functionalities. If you are familiar with networking terminology and concepts, you may have encountered this topic referred to as “Local Servers”.

The Port Forwarding screen lets you define the applications that require special handling by GlobeSurfer® III. All you have to do is select the application's protocol and the local IP address of the computer that will be using or providing the service. If required, you may add new protocols in addition to the most common ones provided by GlobeSurfer® III.

For example, if you wanted to use a File Transfer Protocol (FTP) application on one of your PCs, you would simply select FTP from the list and enter the local IP address or host name of the designated computer. All FTP-related data arriving at GlobeSurfer® III from the Internet will henceforth be forwarded to the specified computer.

Similarly, if you want to grant Internet users access to servers inside your home network, you must identify each service that you want to provide and the PC that will provide it. For example, if you want to host a Web server inside the home network you must select HTTP from the list of protocols and enter the local IP address or host name of the computer that will host the Web server. When an Internet user points her browser to the external IP address of GlobeSurfer® III, the gateway will forward the incoming HTTP request to the computer that is hosting the Web server.

GlobeSurfer® III

Page 54 of 184

TECHNICAL REFERENCE MANUAL

Additionally, port forwarding enables you to redirect traffic to a different port instead of the one to which it was designated. Let’s say, that you have a Web server running on your PC on port 8080 and you want to grant access to this server to anyone who accesses GlobeSurfer® III via HTTP. To accomplish this, do the following:

• Define a port forwarding rule for the HTTP service, with the PC's IP or host name.

• Specify 8080 in the 'Forward to Port' field.

All incoming HTTP traffic will now be forwarded to the PC running the Web server on port 8080. When setting a port forwarding service, you must ensure that the port is not already in use by another application, which may stop functioning. A common example is when using SIP signaling in Voice over IP - the port used by the gateway's VoIP application (5060) is the same port on which port forwarding is set for LAN SIP agents.

Note: Some applications, such as FTP, TFTP, PPTP and H323, require the support of special specific Application Level Gateway (ALG) modules in order to work inside the home network. Data packets associated with these applications contain information that allows them to be routed correctly. An ALG is needed to handle these packets and ensure that they reach their intended destinations. GlobeSurfer® III is equipped with a robust list of ALG modules in order to enable maximum functionality in the home network.

Note: The ALG is automatically assigned based on the destination port.

This screen offers the facility to expose services on the LAN to external Internet users. Entries can be added, edited or deleted.

The following fields are displayed:

• Local Host: identifier

• Local Address: IP address or host name of computer providing the service

• Protocols: type of protocol

• Status: shows the status of the port forwarding rule

• Action: options for adding new entries or editing or deleting existing ones

Click on New Entry - this routes to the Add Port Forwarding Rule screen (see section 8.2.3.1)

GlobeSurfer® III

Page 55 of 184

TECHNICAL REFERENCE MANUAL

8.2.3.1. Add Port Forwarding Rule

This screen allows the entry of new port forwarding rules. The following fields should be entered:

• Local Host: IP address or the host name of the computer that will provide the service

- the “server”. (Note that only one LAN computer can be assigned to provide a specific service or application): options available are:

o User Defined – this routes to the Edit Item screen (see section 8.2.3.2) o A specific address

• Protocol: type of protocol: choose from the drop down list:

o Any o User Defined – this routes to the Edit Service screen (see section 8.2.2.5) o Show Basic Services – if this option is chosen a reduced list of options is

displayed including:

o Show All Services – a more comprehensive list of services is displayed

Press the OK button to apply changes and go back to the Port Forwarding screen. Press the Cancel button to reject changes and go back to the Port Forwarding screen. Press the Advanced button to go to the Home screen.

GlobeSurfer® III

Page 56 of 184

TECHNICAL REFERENCE MANUAL

8.2.3.2. Edit Item

This screen allows the editing of network object types. The following fields should be entered:

• Network Object Type: choose from the drop down list: o IP Address, then enter

 IP address

o Host Name, then enter

 Host Name

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

8.2.4. DMZ Host

The DMZ (Demilitarized) Host feature allows one local computer to be exposed to the Internet. Designate a DMZ host when:

• You wish to use a special-purpose Internet service, such as an on-line game or video-

conferencing program, that is not present in the Port Forwarding list and for which no port range information is available.

GlobeSurfer® III

Page 57 of 184

TECHNICAL REFERENCE MANUAL

• You are not concerned with security and wish to expose one computer to all services

without restriction.

Warning: A DMZ host is not protected by the firewall and may be vulnerable to attack.

Designating a DMZ host may also put other computers in the home network at risk.

When designating a DMZ host, you must consider the security implications and protect it if necessary.

An incoming request for access to a service in the home network, such as a Web-server, is fielded by GlobeSurfer® III. GlobeSurfer® III will forward this request to the DMZ host (if one is designated) unless the service is being provided by another PC in the home network (assigned in Port Forwarding), in which case that PC will receive the request instead.

This screen offers the facility to allow a single LAN computer to be fully exposed to the Internet.

The following fields should be entered:

• DMZ Host IP Address: click on the checkbox and enter the local IP address of the

computer that you would like to designate as a DMZ host. Note that only one LAN computer may be a DMZ host at any time.

You can disable the DMZ host so that it will not be fully exposed to the Internet, but keep its IP address recorded on the DMZ Host screen. This may be useful if you wish to disable the DMZ host but expect that you will want to enable it again in the future.

• To disable the DMZ host so that it will not be fully exposed to the Internet, clear the

check-box next to the DMZ IP designation, and click OK.

• To reinstate it at a later time, simply reselect the check box.

GlobeSurfer® III

Page 58 of 184

TECHNICAL REFERENCE MANUAL

8.2.5. Port Triggering

Port triggering can be used for dynamic port forwarding configuration. By setting port triggering rules, you can allow inbound traffic to arrive at a specific LAN host, using ports different than those used for the outbound traffic. This is called port triggering since the outbound traffic triggers to which ports inbound traffic is directed.

For example, consider a gaming server that is accessed using UDP protocol on port 2222. The gaming server responds by connecting the user using UDP on port 3333 when starting gaming sessions. In such a case you must use port triggering, since this scenario conflicts with the following default firewall settings:

• The firewall blocks inbound traffic by default.

• The server replies to GlobeSurfer® III's IP, and the connection is not sent back to your

host, since it is not part of a session.

In order to solve this you need to define a Port Triggering entry, which allows inbound traffic on UDP port 3333, only after a LAN host generated traffic to UDP port 2222. This will result in accepting the inbound traffic from the gaming server, and sending it back to the LAN Host which originated the outgoing traffic to UDP port 2222.

This screen offers the facility to trigger the opening of ports for incoming data. Entries can be added, edited or deleted.

The following fields are displayed:

• Protocol: the protocol for this entry

• Outgoing Trigger Ports: shows the range of trigger ports for this protocol

• Incoming Ports to Open: shows the ports to be opened when triggered

• Action: options for adding new entries or editing or deleting existing ones

To add a trigger, choose from the drop down list:

o User Defined – this routes to the Edit Port Triggering Rule screen (see section

8.2.5.1)

GlobeSurfer® III

Page 59 of 184

TECHNICAL REFERENCE MANUAL

o Show Basic Services – if this option is chosen a reduced list of options is

displayed

o Show All Services – a more comprehensive list services is displayed including

 L2TP – Layer 2 Tuneling Protocol  TFTP – Trivial File Transfer Protocol  AIM Talk  DialPad.com  ICQ  RealAudio on Port 7070

You can disable a port triggering rule without having to remove it from the Port Triggering screen.

• To temporarily disable a rule, clear the check box next to the service name.

• To reinstate it at a later time, simply reselect the check box.T

• To remove a rule, click the Remove action icon for the service. The service will be

permanently removed.

• There may be a few default port triggering rules listed when you first access the port

triggering screen. Please note that disabling these rules may result in impaired gateway functionality.

8.2.5.1. Edit Port Triggering Rule

GlobeSurfer® III

Page 60 of 184

TECHNICAL REFERENCE MANUAL

This screen allows the editing of port triggering rules. The following fields should be entered:

• Service Name: type the name of the service

Click on New Trigger Ports - this routes to the Edit Service Server Ports screen (see section

8.2.2.6)

Click on New Opened Ports - this routes to the Edit Service Opened Ports screen (see section

8.2.5.2)

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

8.2.5.2. Edit Service Opened Ports

This screen allows the editing of service opened ports. The following fields should be entered:

• Protocol: choose from the drop down list: o TCP, then enter

 Source Ports, then choose from the drop down list:

• Any

• Single, then enter port number

• Range, then enter range values

 Destination Ports, then choose from the drop down list:

• Any

• Single, then enter port number

• Range, then enter range values

• Same as Initiating Ports

o UDP, then enter

 Source Ports, then choose from the drop down list:

• Any

• Single, then enter port number

GlobeSurfer® III

Page 61 of 184

TECHNICAL REFERENCE MANUAL

• Range, then enter range values

 Destination Ports, then choose from the drop down list:

• Any

• Single, then enter port number

• Range, then enter range values

• Same as Initiating Ports

o ICMP, then enter

 ICMP Message by choosing from the drop down list:

• Echo Reply

• Network Unreachable

• Host Unreachable

• Protocol Unreachable

• Port Unreachable

• Destination Network Unknown

• Destination Host Unknown

• Redirect for Network

• Redirect for Host

• Echo Request

• Other

o GRE o ESP o AH o Other, then enter

 Protocol Number

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

8.2.6. Website Restrictions

You may configure GlobeSurfer® III to block specific Internet websites so that they cannot be

GlobeSurfer® III

Page 62 of 184

TECHNICAL REFERENCE MANUAL

accessed from computers in the home network. Moreover, restrictions can be applied to a comprehensive and automatically updated table of sites to which access is not recommended.

This screen offers the facility to restrict access from the LAN to websites. Entries can be added, edited or deleted.

The following fields are displayed:

• Local Host: the host for which restrictions are shown

• Local Address: shows the address for this entry

• Restricted Website: the website name to be restricted

• Restricted IP Address: the IP address to be restricted

• Status: shows the status of the website restriction

• Action: options for adding new entries or editing or deleting existing ones

Click on New Entry - this routes to the Restricted Website screen (see section 8.2.6.1)

Press the OK button to apply changes and go back to the Home screen. Press the Apply button to apply changes and stay on this screen. Press the Cancel button to reject changes and go back to the Home screen. Press the Resolve Now button to try to locate the site and resolve the URL into one or more IP addresses. Press the Refresh button to refresh the screen.

You may edit the website restriction by modifying its entry under the Local Host column. To modify an entry click the Edit action icon for the restriction. Modify the website address, group or schedule as necessary.

To ensure that all current IP addresses corresponding to the restricted websites are blocked, click the Resolve Now button. GlobeSurfer® III will check each of the restricted website addresses and ensure that all IP addresses at which this website can be found are included in the IP addresses column.

You can disable a restriction in order to make a website available again without having to remove it from the Website Restrictions screen. This may be useful if you wish to make the website available only temporarily and expect that you will want to block it again in the future.

• To temporarily disable a rule, clear the check box next to the service name.

• To reinstate it at a later time, simply reselect the check box.

• To remove a rule, click the Remove action icon for the service. The service will be

permanently removed.

GlobeSurfer® III

Page 63 of 184

TECHNICAL REFERENCE MANUAL

8.2.6.1. Restricted Website

This screen allows the entry of websites to be restricted. The following fields should be entered:

• Restricted Website: enter the website address (IP address or URL) that you would

like to make inaccessible from your home network (all web pages within the site will also be blocked and if the website address has multiple IP addresses, GlobeSurfer® III will resolve all additional addresses and automatically add them to the restrictions table)

• Local Host: specify the computer or group of computers for which you would like to

apply the website restriction: options available are:

o Any o User Defined – this routes to the Edit Network Object screen (see section

8.2.2.3)

o A specific computer address in your LAN

• Schedule: choose when the website is to be restricted, by default the rule will always

be active:

o Always – access is always controlled o User defined – this routes to the Edit Scheduler Rule screen (see section

8.2.2.7)

Press the OK button to apply changes and go back to the Restricted Website screen. Press the Cancel button to reject changes and go back to the Restricted Website screen.

“Resolving” will appear in the Status column while the site is being located (the URL is resolved into one or more IP addresses). If the site is successfully located then “Resolved” will appear in the status bar, otherwise “Hostname Resolution Failed” will appear. In case GlobeSurfer® III fails to locate the website, do the following:

o Use a web browser to verify that the website is available. If it is, then you

probably entered the website address incorrectly.

o If the website is not available, return to the “Website Restrictions” screen at

a later time and click the Resolve Now button to verify that the website can

GlobeSurfer® III

Page 64 of 184

TECHNICAL REFERENCE MANUAL

be found and blocked by GlobeSurfer® III.

8.2.7. NAT

The NAT (Network Address Translation) screen allows you to hide the computers in your network so they cannot be found or directly accessed from outside your network.

This screen offers the facility to translate network addresses. Entries can be added, edited or deleted.

The following fields are displayed:

• NAT (Network Address Translation) IP Addresses Pool

o IP address: the IP address to be translated o Action: options for adding new entries or editing or deleting existing ones

Click on New IP Address - this routes to the Edit Item screen (see section 8.2.7.1)

• NAT/NAPT Rule Sets

o Rule ID: the rule identifier o Source Address: IP address of source o Destination Address: IP address of source o Match: the condition that must exist for the rule to apply o Operation: protocol in use o Status: shows the status of the rule set o Action: options for adding new entries or editing or deleting existing ones

Click on New Entry - this routes to the Add NAT/NAPT Rule screen (see section 8.2.7.2)

Press the OK button to apply changes and go back to the Home screen.

GlobeSurfer® III

Page 65 of 184

TECHNICAL REFERENCE MANUAL

Press the Apply button to apply changes and stay on this screen. Press the Cancel button to reject changes and go back to the Home screen. Press the Resolve Now button to check the screen. Press the Refresh button to refresh the screen.

8.2.7.1. Edit Item

This screen allows the editing of network object types. The following fields should be entered:

• Network Object Type: choose from the drop down list: o IP Address, then enter

 IP address

o IP Subnet, then enter

 Subnet IP Address  Subnet Mask

o IP Range, then enter

 From IP Address  To IP Address

o DHCP Option, then choose from the drop down list:

 60:Vendor Class ID  61: Client ID  77: User Class ID  then enter the appropriate ID

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

GlobeSurfer® III

Page 66 of 184

TECHNICAL REFERENCE MANUAL

8.2.7.2. Add NAT/NAPT Rule

This screen allows the entry of new NAT (Network Address Translation) /NAPT rules. The following fields should be entered:

• Matching o Source Address: choose from the drop down list:

 Any  User Defined – this routes to the Edit Network Object screen (see

section 8.2.2.3)

 A specific address

o Destination Address: choose from the drop down list:

 Any  User Defined – this routes to the Edit Network Object screen (see

section 8.2.2.3)

 A specific address

o Protocol: choose from the drop down list:

 Any  User Defined – this routes to the Edit Service screen (see section

8.2.2.5)

 Show Basic Services – if this option is chosen a reduced list of options

is displayed including:

• FTP - File Transfer

• HTTP – Web Server

• HTTPS – Secured Web Server

• IMAP – Messaging Server

• L2TP – Layer 2 Tuneling Protocol

GlobeSurfer® III

Page 67 of 184

TECHNICAL REFERENCE MANUAL

• Ping – ICMP Echo Request

• POP3 – Incoming Mail

• SMTP – Outgoing Mail

• SNMP – Simple Network Management Protocol

• Telnet – Remote Connection

• TFTP – Trivial File Transfer Protocol

• Traceroute – Route Tracking Utility

 Show All Services – a more comprehensive list of services is displayed

• Operation: choose from the drop down list:

o NAT – Source IP translation rule

 NAT Addresses: choose from the drop down list:

• User Defined – this routes to the Edit Network Object screen

(see section 8.2.2.3)

o NAPT – Source IP and port translation rule

 NAPT Address: choose from the drop down list:

• User Defined – this routes to the Edit Item screen (see section

8.2.7.1)

 NAPT Ports: Choose from the drop down list:

• Single, then enter port number

• Range, then enter range values

• Logging

o Log Packets Matched by This Rule: click this checkbox to log packets matched

by this rule

• Schedule: choose when the rule is to be followed:

o Always – access is always controlled o User defined – this routes to the Edit Scheduler Rule screen (see section

8.2.2.7)

Press the OK button to apply changes and go back to the NAT screen. Press the Cancel button to reject changes and go back to the NAT screen.

GlobeSurfer® III

Page 68 of 184

TECHNICAL REFERENCE MANUAL

8.2.8. Connections

This screen shows all connections currently active.

The following fields are displayed:

• Active Connections: number of active connections

• Approximate Max. Connections: maximum number of possible connections

(approximate)

For each active connection the following fields are displayed:

• Number: number of connection in sequential order

• Protocol: protocol used

• LAN IP Port: IP address of LAN

• GlobeSurfer® III IP Port: IP address of GlobeSurfer® III

• WAN IP Port: IP address of WAN

• Direction: Outgoing/incoming

• Action: options for deleting connections

Press the Close button to go back to the previous screen. Press the Refresh button to refresh the screen. Press the Advanced button to go to the Home screen.

GlobeSurfer® III

Page 69 of 184

TECHNICAL REFERENCE MANUAL

8.2.9. Advanced Filtering

Advanced filtering is designed to allow comprehensive control over the firewall's behaviour. You can define specific input and output rules, control the order of logically similar sets of rules and make a distinction between rules that apply to WAN and LAN devices.

The screen is divided into three sections, one for Input Rule Sets, one for Output Rule Sets and one for ALG (Application Level Gateway) Rule Sets. The Input Rule Sets and Output Rule Sets sections are comprised of subsets, which can be grouped into three main subjects:

• Initial rules - rules defined here will be applied first, on all gateway devices.

• Network devices rules - rules can be defined per each gateway device.

• Final rules - rules defined here will be applied last, on all gateway devices.

Note: The order of the firewall rules' appearance in the Advanced Filtering screen represents the sequence by which they will be applied.

There are numerous rules automatically inserted by the firewall in order to provide improved security and block harmful attacks.

This screen displays advanced filtering rules. Entries can be added, edited, deleted, moved up or moved down.

The following fields are displayed:

GlobeSurfer® III

Page 70 of 184

TECHNICAL REFERENCE MANUAL

• Input Rule Sets for configuring inbound traffic

o Rule ID: the rule identifier o Source Address: source address of the packets sent to or received from the

network object

o Destination Address: destination address of the packets sent to or received from

the network object – this address can be configured in the same manner as the source address

o Match: the condition that must exist for the rule to apply o Operation: action the rule will take o Status: shows the status of the rule set o Action: options for adding new entries or editing, deleting, moving up or moving

down existing ones

Click on New Entry - this routes to the Add Advanced Filter screen (see section 8.2.9.1)

• Output Rule Sets for configuring outbound traffic

o Rule ID: the rule identifier o Source Address: source address of the packets sent to or received from the

network object

o Destination Address: destination address of the packets sent to or received from

the network object – this address can be configured in the same manner as the source address

down existing ones

Click on New Entry - this routes to the Add Advanced Filter screen (see section 8.2.9.1)

• ALG Rule Sets

o Rule ID: the rule identifier o Source Address: source address of the packets sent to or received from the

network object

o Destination Address: destination address of the packets sent to or received from

the network object – this address can be configured in the same manner as the source address

o Match: the condition that must exist for the rule to apply o Operation: protocol in use o Status: shows the status of the rule set o Action: options for adding new entries or editing, deleting, moving up or moving

down existing ones

Click on New Entry - this routes to the Add ALG Rule screen (see section 8.2.9.2)

GlobeSurfer® III

Page 71 of 184

TECHNICAL REFERENCE MANUAL

8.2.9.1. Add Advanced Filter

This screen allows the entry of advanced filtering rules. The following fields should be entered:

• Matching – to apply a rule, a matching must be made between IP addresses and a

traffic protocol must be defined:

o Source Address: source address of the packets sent to or received from the

network object: choose from the drop down list:

 Any  User Defined – this routes to the Edit Network Object screen (see

section 8.2.2.3)

 A specific address

o Destination Address: destination address of the packets sent to or received

from the network object – this address can be configured in the same manner as the source address: choose from the drop down list:



Any

 User Defined – this routes to the Edit Network Object screen (see

GlobeSurfer® III

Page 72 of 184

TECHNICAL REFERENCE MANUAL

section 8.2.2.3)

 A specific address

o Protocol: traffic protocol: choose from the drop down list:

 Any  User Defined – this routes to the Edit Service screen (see section

8.2.2.5)

 Show Basic Services – if this option is chosen a reduced list of options

is displayed including:

• FTP - File Transfer

• HTTP – Web Server

• HTTPS – Secured Web Server

• IMAP – Messaging Server

• L2TP – Layer 2 Tuneling Protocol

• Ping – ICMP Echo Request

• POP3 – Incoming Mail

• SMTP – Outgoing Mail

• SNMP – Simple Network Management Protocol

• Telnet – Remote Connection

• TFTP – Trivial File Transfer Protocol

• Traceroute – Route Tracking Utility

 Show All Services – a more comprehensive list of services is displayed

o Length: click this checkbox to enter packet or data length, then choose from

the drop down list:

 Packet Length, then enter range in bytes  Data Length, then enter range in bytes

• Operation: define what action the rule will take, by selecting one of the following

from the drop down list:

o Drop – Deny access to packets that match the source and destination IP

addresses and service ports defined in Matching.

o Reject – Deny access to packets that match the source and destination IP

addresses and service ports defined in Matching and sends an ICMP error or a TCP reset to the origination peer.

o Accept Connection – Allow access to packets that match the source and

destination IP addresses and service ports defined in Matching. The data transfer session will be handled using Stateful Packet Inspection (SPI).

o Accept Packet – Allow access to packets that match the source and

destination IP addresses and service ports defined in Matching. The data transfer session will not be handled using Stateful Packet Inspection (SPI), meaning that other packets that match this rule will not be automatically allowed access. For example, this can be useful when creating rules that allow broadcasting.

• Logging o Log Packets Matched by This Rule: click this checkbox to log the first packet

from a connection that was matched by this rule

• Schedule: choose when the rule is to be followed:

GlobeSurfer® III

Page 73 of 184

TECHNICAL REFERENCE MANUAL

o Always – access is always controlled o User defined – this routes to the Edit Scheduler Rule screen (see section

8.2.2.7)

Press the OK button to apply changes and go back to the Advanced Filtering screen. Press the Cancel button to reject changes and go back to the Advanced Filtering screen.

8.2.9.2. Add ALG Rule

This screen allows the entry of ALG (Application Level Gateway) rules. The following fields should be entered:

• Matching - to apply a rule, a matching must be made between IP addresses and a

traffic protocol must be defined:

o Source Address: source address of the packets sent to or received from the

network object: choose from the drop down list:

 Any  User Defined – this routes to the Edit Network Object screen (see

section 8.2.2.3)

 A specific address

o Destination Address: destination address of the packets sent to or received

from the network object – this address can be configured in the same manner as the source address: choose from the drop down list:

 Any  User Defined – this routes to the Edit Network Object screen (see

section 8.2.2.3)

GlobeSurfer® III

Page 74 of 184

TECHNICAL REFERENCE MANUAL

 A specific address

o Protocol: traffic protocol: choose from the drop down list:

 Any  User Defined – this routes to the Edit Service screen (see section

8.2.2.5)

 Show Basic Services – if this option is chosen a reduced list of options

is displayed including:

• FTP - File Transfer

• HTTP – Web Server

• HTTPS – Secured Web Server

• IMAP – Messaging Server

• L2TP – Layer 2 Tuneling Protocol

• Ping – ICMP Echo Request

• POP3 – Incoming Mail

• SMTP – Outgoing Mail

• SNMP – Simple Network Management Protocol

• Telnet – Remote Connection

• TFTP – Trivial File Transfer Protocol

• Traceroute – Route Tracking Utility

 Show All Services – a more comprehensive list of services is displayed

• Operation: choose from the drop down list:

o FTP o H.323 CSL o SIP o IPSec

• Logging

o Log Packets Matched by This Rule: click this checkbox to log the first packet

from a connection that was matched by this rule

• Schedule: choose when the rule is to be followed:

o Always – access is always controlled o User defined – this routes to the Edit Scheduler Rule screen (see section

8.2.2.7)

Press the OK button to apply changes and go back to the Advanced Filtering screen. Press the Cancel button to reject changes and go back to the Advanced Filtering screen.

GlobeSurfer® III

Page 75 of 184

TECHNICAL REFERENCE MANUAL

8.2.10. Log

The Security Log displays a list of firewall-related events, including attempts to establish inbound and outbound connections, attempts to authenticate through an administrative interface (Web-based management or Telnet terminal), firewall configuration and system startup.

The following fields are displayed:

• Time: the date and time the event occurred

• Event: there are five kinds of events:

o Inbound Traffic: the event is a result of an incoming packet. o Outbound Traffic: the event is a result of outgoing packet. o Firewall Setup: configuration message. o WBM Login: indicates that a user has logged in to WBM. o CLI Login: indicates that a user has logged in to CLI (via Telnet).

• Event Type: a textual description of the event:

o Blocked: the packet was blocked – the message is coloured red o Accepted: the packet was accepted – the message is coloured green

• Details: more details about the packet or the event, such as protocol, IP addresses, ports,

etc.

Press the Close button to go back to the Home screen. Press the Clear Log button to delete all entries in the log and stay on this screen. Press the Download Log button to download the log into a Microsoft Excel spreadsheet. Press the Settings button to go to the Log Settings screen (see section 8.2.10.1) Press the Refresh button to refresh the screen.

GlobeSurfer® III

Page 76 of 184

TECHNICAL REFERENCE MANUAL

The following are the available event types that can be recorded in the firewall log:

1 Firewall internal - an accompanying explanation from the firewall internal mechanism

will be added in case this event-type is recorded.

2 Firewall status changed - the firewall changed status from up to down or the other way

around, as specified in the event type description.

3 STP packet - an STP packet has been accepted/rejected. 4 Illegal packet options - the options field in the packet's header is either illegal or

forbidden.

5 Fragmented packet - a fragment has been rejected. 6 WinNuke protection - a WinNuke attack has been blocked. 7 ICMP replay - an ICMP replay message has been blocked. 8 ICMP redirect protection - an ICMP redirected message has been blocked. 9 Packet invalid in connection - a packet has been blocked, being on an invalid connection. 10 ICMP protection - a broadcast ICMP message has been blocked. 11 Broadcast/Multicast protection - a packet with a broadcast/multicast source IP has been

blocked.

12 Spoofing protection - a packet from the WAN with a source IP of the LAN has been

blocked.

13 DMZ network packet - a packet from a demilitarized zone network has been blocked. 14 Trusted device - a packet from a trusted device has been accepted. 15 Default policy - a packet has been accepted/blocked according to the default policy. 16 Remote administration - a packet designated for GlobeSurfer® III¨ II management has

been accepted/blocked.

17 Access control - a packet has been accepted/blocked according to an access control rule. 18 Parental control - a packet has been blocked according to a parental control rule. 19 NAT out failed - NAT failed for this packet. 20 DHCP request - GlobeSurfer® III¨ II sent a DHCP request (depends on the

distribution).

21 DHCP response - GlobeSurfer® III¨ II received a DHCP response (depends on the

distribution).

22 DHCP relay agent - a DHCP relay packet has been received (depends on the distribution). 23 IGMP packet - an IGMP packet has been accepted. 24 Multicast IGMP connection - a multicast packet has been accepted. 25 RIP packet - a RIP packet has been accepted. 26 PPTP connection - a packet inquiring whether GlobeSurfer® III¨ II is ready to receive a

PPTP connection has been accepted.

27 Kerberos key management 1293 - security related, for future use. 28 Kerberos 88 - for future use. 29 AUTH:113 request - an outbound packet for AUTHprotocol has been accepted (for

maximum security level).

30 Packet-Cable - for future use. 31 IPV6 over IPV4 - an IPv6 over IPv4 packet has been accepted. 32

ARP - an ARP packet has been accepted.

GlobeSurfer® III

Page 77 of 184

TECHNICAL REFERENCE MANUAL

33 PPP Discover - a PPP discover packet has been accepted. 34 PPP Session - a PPP session packet has been accepted. 35 802.1Q - a 802.1Q (VLAN) packet has been accepted. 36 Outbound Auth1X - an outbound Auth1X packet has been accepted. 37 IP Version 6 - an IPv6 packet has been accepted. 38 GlobeSurfer® III¨ II initiated traffic - all traffic that GlobeSurfer® III¨ II initiates is

recorded.

39 Maximum security enabled service - a packet has been accepted because it belongs to a

permitted service in the maximum security level.

40 SynCookies Protection - a SynCookies packet has been blocked. 41 ICMP Flood Protection - a packet has been blocked, stopping an ICMP flood. 42 UDP Flood Protection - a packet has been blocked, stopping a UDP flood. 43 Service - a packet has been accepted because of a certain service, as specified in the

event type.

44 Advanced Filter Rule - a packet has been accepted/blocked because of an advanced filter

rule.

45 Fragmented packet, header too small - a packet has been blocked because after the

defragmentation, the header was too small.

46 Fragmented packet, header too big - a packet has been blocked because after the

defragmentation, the header was too big.

47 Fragmented packet, drop all - not used. 48 Fragmented packet, bad align - a packet has been blocked because after the

defragmentation, the packet was badly aligned.

49 Fragmented packet, packet too big - a packet has been blocked because after the

defragmentation, the packet was too big.

50 Fragmented packet, packet exceeds - a packet has been blocked because

defragmentation found more fragments than allowed.

51 Fragmented packet, no memory - a fragmented packet has been blocked because there

was no memory for fragments.

52 Fragmented packet, overlapped - a packet has been blocked because after the

defragmentation, there were overlapping fragments.

53 Defragmentation failed - the fragment has been stored in memory and blocked until all

fragments arrived and defragmentation could be performed.

54 Connection opened - usually a debug message regarding a connection. 55 Wildcard connection opened - usually a debug message regarding a connection. 56 Wildcard connection hooked - usually debug message regarding connection. 57 Connection closed - usually a debug message regarding a connection. 58 Echo/Chargen/Quote/Snork protection -a packet has been blocked, protecting from

Echo/Chargen/Quote/Snork.

59 First packet in connection is not a SYN packet - a packet has been blocked because of a

TCP connection that had started without a SYN packet.

60 Error: No memory - a message notifying that a new connection has not been established

because of lack of memory.

61 NAT Error : Connection pool is full - a message notifying that a connection has not been

created because the connection pool is full.

GlobeSurfer® III

Page 78 of 184

TECHNICAL REFERENCE MANUAL

62 NAT Error: No free NAT IP - a message notifying that there is no free NAT IP, therefore

NAT has failed.

63 NAT Error: Conflict Mapping already exists - a message notifying that there is a conflict

since the NAT mapping already exists, therefore NAT has failed.

64 Malformed packet: Failed parsing - a packet has been blocked because it is malformed. 65 Passive attack on ftp-server: Client attempted to open Server ports - a packet has been

blocked because of an unauthorized attempt to open a server port.

66 FTP port request to 3rd party is forbidden (Possible bounce attack) - a packet has been

blocked because of an unauthorized FTP port request.

67 Firewall Rules were changed - the firewall rule set has been modified. 68 User authentication - a message during login time, including both successful and failed

authentication.

69 First packet is Invalid - First packet in connection failed to pass firewall or NAT

8.2.10.1. Log Settings

This screen allows you to select the types of activities for which you would like to have a log message generated:

The following checkboxes can be clicked:

• Accepted Events o Accepted Incoming Connections - write a log message for each successful

attempt to establish an inbound connection to the home network.

o Accepted Outgoing Connections - write a log message for each successful

attempt to establish an outgoing connection to the public network.

GlobeSurfer® III

Page 79 of 184

TECHNICAL REFERENCE MANUAL

• Blocked Events o All Blocked Connection Attempts - write a log message for each blocked

attempt to establish an inbound connection to the home network or vice versa. You can enable logging of blocked packets of specific types by disabling this option, and enabling some of the more specific options below it.

o Specify the blocked events that should be monitored. Use this to monitor

specific event such as SynFlood. A log message will be generated if either the corresponding check-box is checked, or the “All Blocked Connection Attempts” check-box is checked.

 Winnuke  Defragmentation Error  Blocked Fragments  Syn Flood  Echo Chargen  Multicast/Broadcast  Spoofed Connection  Packet Illegal Options  UDP Flood  ICMP Replay  ICMP Redirect  ICMP Multicast  ICMP Flood

• Other Events

o Remote Administration Attempt - write a log message for each remote-

administration connection attempt, whether successful or not.

o Connection States - provide extra information about every change in a

connection opened by the firewall. Use this option to track connection handling by the firewall and Application Level Gateways (ALGs).

• Log Buffer o Prevent Log Overrun - select this check box in order to stop logging firewall

activities when the memory allocated for the log fills up.

Press the OK button to apply changes and go back to the Log screen. Press the Apply button to apply changes and stay on this screen. Press the Cancel button to reject changes and go back to the Log screen.

GlobeSurfer® III

Page 80 of 184

TECHNICAL REFERENCE MANUAL

8.3. VPN/Internet Protocol Security (IPSec)

This screen allows the entry of Internet Protocol Security (IPSec) data. The following fields should be entered:

• Block Unauthorised IP

o Enabled: click this checkbox to block unauthorized attempts, and then enter o Maximum Number of Authentication Failures: number allowed before blocking o Block Period: time in seconds

• Anti-Replay Protection

o Enabled: click this checkbox to provide anti-replay protection

• Connections: for each connection the following fields are displayed:

• Name: description of connection

• Status: status of connection

• Action: options for adding new entries or editing or deleting existing ones

Press the OK button to apply changes and go back to the Overview screen. Press the Apply button to apply changes and stay on this screen. Press the Cancel button to reject changes and go back to the Home screen. Press the Settings button to go to the Internet Protocol Security (IPSec) Settings screen (see section

1.1.1). Press the Log Settings button to refresh the screen.

GlobeSurfer® III

Page 81 of 184

TECHNICAL REFERENCE MANUAL

8.3.1. Internet Protocol Security (IPSec) Settings

This screen displays the IPSec public key and allows it to be recreated.

Press the Recreate Key button to recreate the IPSec public key.

Press the Close button to go back to the VPN/Internet Protocol Security (IPSec) screen. Press the Refresh button to refresh the screen.

8.3.2. IPSec Log Settings

GlobeSurfer® III

Page 82 of 184

TECHNICAL REFERENCE MANUAL

This screen allows the customization of the IPSec log, by allowing the user to choose what data is recorded. It is important to note the enabling many of these options may reduce GlobeSurfer® III’s performance.

The following checkboxes can be clicked:

• IKE Log Settings

o Message’s Raw Bytes o Message’s Encryption and Decryption o Message’s Input Structure o Message’s Output Structure o Verbose Automatic Keying o Verbose IKE IPSec Interaction o Verbose Private Keys o Verbose Dead Peer Detection o Verbose NAT Traversal Negotiation o Verbose IKE Reject Packets o Print All IKE Messages Ignoring Rate Limit

• IPSec Log Settings

o Tunneling Code o Tunneling Transmit Code o User-Space Communication Code o Transform Selection and Manipulation Code o Internal Route Table Manipulation Code o Secure Association Table Manipulation Code o Radij Tree Manipulation Code o Encryption Transforms Code o Authentication Transforms Code o Receive Code o IP Compression Transforms Code o Even More Verbose Output o Verbose Rejected Packets o Print All IPSec Messages Ignoring Rate Limit

Press the OK button to apply changes and go back to the VPN/Internet Protocol Security (IPSec) screen. Press the Apply button to apply changes and stay on this screen. Press the Cancel button to reject changes and go back to the VPN/Internet Protocol Security (IPSec) screen.

GlobeSurfer® III

Page 83 of 184

TECHNICAL REFERENCE MANUAL

9. System

This area enables the user to configure system settings and perform maintenance functions.

From this screen you can click on the tabs at the top left hand side to route to the following detailed screens:

• Overview - system overview including version, release date, platform, load average (see section 9.1)

• Settings - configure systems settings, date and time parameters and set the clock (see section 9.2)

• Users - list of remote users/groups, and ability to add, edit or delete users/groups (see section 9.3)

• Network Connections - configure parameters of physical connections, LAN/WAN (see section 9.4)

• Monitor - monitors traffic within local network or between local network/Internet (see section 9.5)

• Routing - routing overview + enable RIP, IGMP, Domain Routing, BGP, OSPF, PPPoE (see section 9.6)

• Management - ability to configure UPnP, SNP and Remote Administration (see section 9.7)

• Maintenance - config file, reboot, restore settings, perform upgrade, diagnostics (see section 9.8)

• Objects and Rules - protocols, network objects, scheduler rules + X.509 certificates (see section 9.9)

9.1. Overview

This screen displays general system information:

• Gateway ID: displays the 12 character gateway ID.

• Software Version: displays the 5 character software version.

• Release Date: displays the date the software was released.

• Platform: displays the platform the software runs on.

• System Has Been Up For: shows the time in hours and minutes that the system has been running.

• Load Average: shows the average load over 1, 5 and 15 minutes.

Click on the Upgrade hyperlink to be routed to the Firmware upgrade screen in the Maintenance tab in the System area (see section 9.8.5)

GlobeSurfer® III

Page 84 of 184

TECHNICAL REFERENCE MANUAL

9.2. System Settings

Access GlobeSurfer® III's system settings by clicking the Settings tab in the System area.

From this screen you can click on the tabs at the top right hand side to route to the following detailed screens:

• Overview (see section 9.2.1)

• Date and Time (see section 9.2.2)

9.2.1. Overview/System Settings

To access the System Settings screen, click the Overview tab at the top right hand side of the Settings screen in the System area.

The System Settings screen allows you to configure various system and management parameters:

System:

• GlobeSurfer® III’s Hostname: hostname is the URL address of the GlobeSurfer® III.

• Local Domain: specify your network’s local domain.

GlobeSurfer® III Management Console:

• Automatic Refresh of System Monitoring Web Pages: select this checkbox to enable the automatic

refresh of system monitoring web pages.

• Warn User Before Network Configuration Changes: select this checkbox to activate user warnings

before network configuration changes take effect.

GlobeSurfer® III

Page 85 of 184

TECHNICAL REFERENCE MANUAL

• Session Lifetime: controls the session lifetime (seconds) for logins to the management console.

When the time has expired the login screen will appear again.

Management Application Ports: this section allows you to configure the following management application ports:

• Primary HTTP Management Port

• Secondary HTTP Management Port

• Primary HTTPS Management Port

• Secondary HTTPS Management Port

• Primary Telnet Port

• Secondary Telnet Port

• Secure Telnet over SSL Port

• Jungo.net Port

• Jungo.net SSL Port

Management Application SSL Authentication Options:

• Primary HTTPS Management SSL Client Authentication: select from the drop down list:

• None

• Optional

• Required

• Secondary HTTPS Management SSL Client Authentication select from the drop down list:

• None

• Optional

• Required

• Secure Telnet over SSL Client Authentication: select from the drop down list:

• None

• Optional

• Required

System Logging:

• System Log Buffer Size: size in KB

• Remote System Notify Level: select from the drop down list:

• None

• Error

• Warning

• Information

• Persistent System Log: select this checkbox to keep the system log.

Security Logging:

• Security Log Buffer Size: size in KB

• Remote Security Notify Level: select from the drop down list:

• None

• Error

• Warning

GlobeSurfer® III

Page 86 of 184

TECHNICAL REFERENCE MANUAL

• Information

• Persistent Security Log: select this checkbox to keep the security log.

Outgoing Mail Server:

• Server: enter the hostname of your outgoing (SMTP) server.

• From Email Address: each email requires a from address and some outgoing servers refuse to

forward email without a valid from address for anti-spam considerations.

• Port: used to alter the server port, if your mail server does not use the standard port 25.

• Server Requires Authentication: select the checkbox if your outgoing email server requires

authentication, and then enter:

• User Name: your username

• Password: your password

Swap:

• Enabled: select this checkbox to enable swapping.

• Status: shows the swap status. Possible options are:

•••• Disabled

•••• Inactive

•••• Active

• Swap Size: enter the swap size in MB.

HTTP Interception:

• Intercept HTTP Traffic for Assisting with Internet Connectivity Problems: select this checkbox to

intercept HTTP traffic.

• Perform Web Authentication Over HTTPS: select this checkbox to perform web authentication over

HTTPS.

Host Information:

• Enable Auto Detection of Host Services: select this checkbox to enable automatic detection of host

services.

Installation Wizard:

• Use Installation Wizard Pre-configured Values: select this checkbox if you wish to use the

installation wizard’s pre-configured values.

LCD Settings:

• Screensaver Timeout: sets the time in seconds before the screensaver is displayed

• Go Home Timeout: sets the time in seconds for the Go Home timeout

• Contrast: sets the contrast level on the LCD

GlobeSurfer® III

Page 87 of 184

TECHNICAL REFERENCE MANUAL

9.2.2. Date and Time

To access the Date and Time screen, click the Date and Time tab at the top right hand side of the Settings screen in the System area.

To configure date and time settings enter the following: Localization:

• Local Time: shows the current date and time. This is set automatically if automatic update has been

chosen, or manually by pressing the Clock Set button at the bottom of the screen.

• Time Zone: select the local time zone from the pull-down menu.

Daylight Saving Time:

• Enabled: select this checkbox if you would like the Daylight Saving/British Summertime offset to be

made to the time in the time zone.

• Start Time: enter the date and time when the daylight saving offset should start from.

• End Time: enter the date and time when the daylight saving offset should end.

• Offset: enter the number of minutes that should be added during the daylight saving period.

Automatic Time Update:

• Enabled: select this checkbox If you want the GlobeSurfer® III to update the time automatically.

• Protocol: select the protocol to be used to perform the time update by selecting one of the two

following radio buttons:

o Time of Day (TOD) o Network Time Protocol (NTP)

• Update Every: specify how often to perform the update (in hours).You can change the default

GlobeSurfer® III

Page 88 of 184

TECHNICAL REFERENCE MANUAL

timeserver address by clicking the New Entry link at the bottom of the section.

• Press the Sync Now button to synchronise the time.

• Status: shows the date and time when the time was last updated.

• Click on the edit icon in the Time Server table to modify an entry, or click on the New Entry

hyperlink or the add icon to add an entry. In both cases you will be routed to the Time Server

Settings screen (see section 9.2.2.1). Press the OK button to apply changes and go back to the Home screen. Press the Apply button to apply changes and stay on this screen. Press the Cancel button to reject changes and go back to the Home screen. Press the Clock Set button to go to the Clock Set screen. Press the Refresh button to update the status and stay on this screen

9.2.2.1. Time Server Settings

To access the Time Server Settings screen, click the New Entry hyperlink from the Date and Time screen in the System area.

To configure time server settings enter the following:

• Time Server: enter server IP address or domain name

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

GlobeSurfer® III

Page 89 of 184

TECHNICAL REFERENCE MANUAL

9.2.2.2. Clock Set

To access the Clock Set screen, click the Clock Set button on Date and Time screen in the System area.

To set the clock enter the following:

• Local Date: choose the current month, day and year from the drop down lists.

• Local Time : manually enter the current hours, minutes and seconds.

9.3. Users

Access the list of defined remote users by clicking the Users tab in the System area.

You can add, edit and delete users allowed to access the GlobeSurfer® III and your local network by managing the user table as described in section 3.3.

For each user the following data is displayed:

• Full Name: the remote user’s full name

GlobeSurfer® III

Page 90 of 184

TECHNICAL REFERENCE MANUAL

• User Name: the name the remote user will use to access your local network

• Permissions: the remote user’s privileges on your local network

• Action: add, modify or delete

For each group the following data is displayed:

• Name

• Description

• Members

• Action: add, modify or delete

Click on the Microsoft File and Printer Sharing Access Permission hyperlink to be routed to the File Server screen off the Storage tab in the Services area (see section 8.4.1).

Click on a specific User hyperlink or the edit icon in the Users table to modify an entry, or click on the New User hyperlink or the add icon to add an entry. In both cases you will be routed to the User Settings screen (see section 9.3.1).

Click on a specific Group hyperlink or the edit icon in the Groups table to modify an entry, or click on the New Group hyperlink or the add icon to add an entry. In both cases you will be routed to the Group Settings screen (see section 9.3.2).

Press the Close button to go back to the previous screen.

9.3.1. User Settings

To access the User Settings screen, click New User hyperlink from the Users screen in the System area.

To configure user settings enter the following:

GlobeSurfer® III

Page 91 of 184

TECHNICAL REFERENCE MANUAL

General:

• Full Name: the remote user’s full name

• User Name: the name the remote user will use to access your local network

• New Password: type a new password for the remote user. If you do not want to

assign a password to the remote user leave this field empty. This field is case sensitive.

• Retype New Password: if a new password was assigned, type it again to verify correctness.

• Permissions: selecting the remote user’s privileges on your local network:

• Administrator Permissions: selecting this checkbox grants remote system setting

modification via the web-based management console or telnet

• Wireless Permissions: selecting this checkbox grants wireless permissions

• Microsoft File and Printer Sharing Access: selecting this checkbox grants access to

Microsoft’s file and printer sharing.

• Microsoft File and Printer Sharing Access: click on the hyperlink and you will be routed to

File Server screen off the Storage tab in the Services area (see section 8.4.1).

• Internet Printer Access: selecting this checkbox grants access to internet printers.

• Internet Printer Access: click on the hyperlink and you will be directed to the Print Server

screen off the Shared Printers tab in the Local Network area (see section 7.5).

• Remote Access by VPN: selecting this checkbox enables remote access by VPN

802.1X Authentication:

• Authentication Method: choose a method from the drop down list – options are:

o None o MD5 o TLS o TTLS

Disk Management:

• Enable User Home Directory: selecting this checkbox enables the user’s home directory.

Email Notification:

• Click here to configure notification Mail Server: click on the hyperlink and you will be routed to the

System Settings Overview screen off the Settings tab in the System area (see section 9.2.1).

• Notification Address: enter the appropriate address

• Systems Notify Level: choose a method from the drop down list – options are:

o None o Error o Warning o Information

• Security Notify Level: choose a method from the drop down list – options are:

o None o Error o Warning o Information

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

GlobeSurfer® III

Page 92 of 184

TECHNICAL REFERENCE MANUAL

9.3.2. Group Settings

To access the Group Settings screen, click the New Group hyperlink from the Users screen in the System area.

To configure group settings enter the following:

General:

• Name: group name

• Description: group description

Group Members:

• Administrator: selecting this checkbox grants administrator status

Press the OK button to apply changes and go back to the previous screen. Press the Cancel button to reject changes and go back to the previous screen.

9.4. Network Connections

GlobeSurfer® III supports various network connections, both physical and logical. The Network Connections screen enables you to configure the various parameters of your physical connections, the LAN and WAN, and create new connections, using tunneling protocols over existing connections, such as PPP and VPN.

When clicking the Network Connections tab in the System area, the following typical screen will appear:

GlobeSurfer® III

Page 93 of 184

TECHNICAL REFERENCE MANUAL

This section describes the different network connections available with GlobeSurfer® III in their order of appearance in the Network Connections screen, as well as the connection types that you can create using the Connection Wizard.

GlobeSurfer® III's default network connections are:

• LAN - Creating a home/SOHO network

• LAN Bridge (see section 9.4.2)

• LAN Ethernet (see section 9.4.3)

• LAN Wireless (see section 9.4.4)

• WAN - Internet Connection

• WAN Cellular (see section 9.4.5)

The logical network connections available with GlobeSurfer® III are:

• Virtual Private Network over the Internet

• Point-to-Point Tunneling Protocol Virtual Private Network

• Layer 2 Tunneling Protocol over Internet Protocol Security

• Internet Protocol Security

• Point-to-Point Tunneling Protocol Server

• Layer 2 Tunneling Protocol Server

• Internet Protocol Security Server

• Advanced Connections

• Point-to-Point Protocol over Ethernet

• Network Bridging

• VLAN Interface

• Point-to-Point Tunneling Protocol

• Point-to-Point Tunneling Protocol Virtual Private Network

• Point-to-Point Tunneling Protocol Server

• Layer 2 Tunneling Protocol

GlobeSurfer® III

Page 94 of 184

TECHNICAL REFERENCE MANUAL

• Layer 2 Tunneling Protocol over Internet Protocol Security

• Layer 2 Tunneling Protocol Server

• Internet Protocol Security

• Internet Protocol Security Server

• Internet Protocol over Internet Protocol

• General Routing Encapsulation

9.4.1. Connection Wizard

The logical network connections can be easily created using the Connection Wizard. This wizard is consists of a series of web-based management screens, intuitively structured to gather all the information needed to create a logical connection.

In order to create a connection using the Connection Wizard, click the New Connection hyperlink in the Network Connections screen. The Connection Wizard screen will appear.

This screen presents you with the main connection types. Each option that you choose will lead you to further options in a tree-like formation, adding more information with each step and narrowing down the parameters towards the desired network connection.

Connect to a Virtual Private Network over the Internet: selecting this option will take you to the Connect to a Virtual Private Network over the Internet screen. This section will help you connect GlobeSurfer® III to a business network using a Virtual Private Network (VPN) so you can work from home, your workplace or another location.

GlobeSurfer® III

Page 95 of 184

TECHNICAL REFERENCE MANUAL

VPN Client or Point-To-Point: selecting this option will take you to the VPN Client or Point-To-Point screen.

From here you can choose one of the following protocols to connect to a remote VPN server:

• Point-to-Point Tunneling Protocol Virtual Private Network (PPTP VPN): enable the secure

transfer of data to another location over the Internet, using name/password authentication

• Layer 2 Tunneling Protocol over Internet Protocol Security (L2TP IPSec VPN): enable the secure

transfer of data to another location over the Internet using private and public keys for encryption and digital certificates and user name/password for authentication

• Internet Protocol Security (IPSec): enable the secure transfer of data to another location over

the Internet using private and public keys for encryption and digital certificates or shared secret for authentication

VPN Server: selecting this option will take you to the VPN Server screen.

GlobeSurfer® III

Page 96 of 184

TECHNICAL REFERENCE MANUAL

From here you can choose one of the following VPN protocols to allow a remote host to connect to GlobeSurfer® III:

• Point-to-Point Tunneling Protocol Server (PPTP Server): enable Virtual Private Network (VPN)

connections to your home network from other locations

• Layer 2 Tunneling Protocol Server (L2TP Server): enable Virtual Private Network (VPN)

connections to your home network from other locations

• Internet Protocol Security Server(IPSec Server): enable secure connections to GlobeSurfer® III

from other locations, using private and public keys for encryption and digital certificates or shared secret for authentication

Going back to the Connection Wizard page:

Advanced Connection: selecting this option will take you to the Advanced Connection screen. This section is a central starting point for all the advanced logical network connections. In addition, it provides the sequence for creating the Network Bridge and VLAN Interface connections.

From here you can choose your connection type:

• Point-to-Point Protocol over EthernetServer (PPTP Server): connect to the Internet using a PPP

tunnel over the Ethernet protocol

• Network Bridging: connect separate network interfaces to form one seamless LAN

• VLAN Interface: connect to an external virtual network

• Point-to-Point Tunneling Protocol (PPTP): connect to the Internet using a PPTP connection

• Point-to-Point Tunneling Protocol Virtual Private Network (PPTP VPN): enable secure transfer of

data to another location over the Internet, using user name/password authentication

• Point-to-Point Tunneling Protocol Server (PPTP Server): enable Virtual Private Network (VPN)

connections to your home network from other locations

• Layer 2 Tunneling Protocol (L2TP): connect to the Internet using an L2TP connection

• Layer 2 Tunneling Protocol over Internet Protocol Security (L2TP IPSec VPN): enable secure

transfer of data to another location over the Internet, using private and public keys for

GlobeSurfer® III

Page 97 of 184

TECHNICAL REFERENCE MANUAL

encryption and digital certificates and user name/password authentication

• Layer 2 Tunneling Protocol Server (L2TP Server): enable Virtual Private Network (VPN)

connections to your home network from other locations

• Internet Protocol Security (IPSec): enable secure transfer of data to another location over the

Internet, using private and public keys for encryption and digital certificates or shared secret for authentication

• Internet Protocol Security Server (IPSec Server): enable secure connections to GlobeSurfer® III

from other locations, using private and public keys for encryption and digital certificates or shared secret for authentication

• Internet Protocol over Internet Protocol (IPIP): enable transfer of data to another location over

the Internet, using a non-encrypted virtual private network

• General Routing Encapsulation (GRE): enable transfer of data to another location over the

Internet, using a non-encrypted virtual private network

How to configure a LAN Bridge will be described in section 9.4.2. For more information on how to configure the other advanced connections, please contact the Option customer support centre.

9.4.2. LAN Bridge

The LAN bridge connection is used to combine several LAN devices under one virtual network. For example, creating one network for LAN Ethernet and LAN wireless devices.

Please note, that when a bridge is removed, its underlying devices inherit the bridge's DHCP settings. For example, the removal of a bridge that is configured as DHCP client, automatically configures the

GlobeSurfer® III

Page 98 of 184

TECHNICAL REFERENCE MANUAL

LAN devices formerly constituting the bridge as DHCP clients, with the exact DHCP client configuration.

To configure an existing bridge or create a new one, perform the following steps:

• Click the New Connection hyperlink in the Network Connections screen. The Connection Wizard

screen will appear.

• Select the Advanced Connection radio button and click Next. The Advanced Connection screen

will appear.

• Select the Network Bridging radio button and click Next. The Bridge Options screen will appear.

Configure Existing Bridge: select this option and click Next. (This option will only appear if a bridge exists). The Network Bridging screen will appear allowing you to add new connections or remove existing ones, by checking or unchecking their respective check boxes. For example, checking the LAN Wireless check box will add the Wireless LAN interface to the existing bridge.

Add a New Bridge: select this option and click Next. A different Network Bridging screen will appear allowing you to add a bridge over the unbridged connections, by checking their respective check boxes.

GlobeSurfer® III

Page 99 of 184

TECHNICAL REFERENCE MANUAL

Important notes:

• The same connections cannot be shared by two bridges.

• A bridge cannot be bridged.

• Bridged connections will lose their IP settings.

Click Next. The Connection Summary screen will appear, corresponding to your changes.

Check the Edit the Newly Created Connection check box if you wish to be routed to the new connection's configuration screen after clicking Finish. Click Finish to save the settings.

The new bridge will be added to the network connections list, and will be configurable like any other bridge.

GlobeSurfer® III

Page 100 of 184

TECHNICAL REFERENCE MANUAL

9.4.2.1. General

From the Network Connections screen, if you click on a LAN Bridge connection, you will be routed to the LAN Bridge Properties screen.

From this screen you can click on the tabs at the top left hand side to route to the following detailed screens:

• General – displays an overview of the LAN Bridge (see section 1.1.1.1)

• Settings – allows you to edit general LAN Bridge parameters (see section 9.4.2.2)

• Routing - allows you to set up your gateway to use static or dynamic routing (see section 0)

• Bridging - allows you to specify LAN devices to join under the network bridge (see section 9.4.2.4)

• Advanced - allows you to enable the firewall and add additional IP addresses (see section 9.4.2.5)

Option Audio GlobeSurfer III Technical Reference Manual

Specifications and Main Features

Frequently Asked Questions

User Manual