manualshive.com logo in svg

Atlantis A02-RA340, User Manual, Page: 47 / 85

Share
Download
Atlantis A02-RA340 User Manual Download Page 47

                                                                                                                            

WebShare 340/440  

 

 

41 

3.6.3.4 Firewall 

 
Your router includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet 
access from your LAN, as well as helping to prevent attacks from hackers. In addition to this, 
when using NAT (Network Address Translation. Please see the 

WAN 

configuration section 

for more details on NAT) the router acts as a “natural” Internet firewall, as all PCs on your 
LAN will use private IP addresses that cannot be directly accessed from the Internet. 

Firewall

: Prevents access from outside your network. The router provides three levels of 

security support: 

NAT natural firewall

: This masks LAN users’ IP addresses which are invisible to outside 

users on the Internet, making it much more difficult for a hacker to target a machine on your 
network. This natural firewall is on when NAT function is enabled. 

Firewall Security and Policy (General Settings): 

Inbound direction of Packet Filter rules to 

prevent unauthorized computers or applications accessing your local network from the 
Internet. 

Intrusion Detection

: Enable Intrusion Detection to detect, prevent and log malicious attacks. 

Access Control: 

Prevents access from PCs on your local network: 

Firewall Security and Policy (General Settings): 

Outbound direction of Packet Filter rules 

to prevent unauthorized computers or applications accessing the Internet. 

MAC Filter rules

: To prevent unauthorized computers accessing the Internet. 

URL Filter: 

To block PCs on your local network from unwanted websites. 

You can find six items under the Firewall section: General Settings, Packet Filter, Intrusion 
Detection, MAC Address Filter, URL Filter and Firewall Log. 
You can choose not to enable Firewall, to add all filter rules by yourself, or enable the 
Firewall using preset filter rules and modify the port filter rules as required. The Packet Filter 
is divided into two sections: Port Filters and Address Filters, used to filter packets based-on 
Applications (Port) or IP addresses. 
There are four options when you enable the Firewall, they are: 
• All blocked/User-defined: no pre-defined port or address filter rules by default, meaning that 
all inbound (Internet to LAN) and outbound (LAN to Internet) packets will be blocked. Users 
have to add their own filter rules for further access to the Internet. 
• High/Medium/Low security level: the pre-defined port filter rules for High, Medium and Low 
security are displayed in Port Filters of Packet Filter. 
Select either 

High, Medium 

or 

Low security level 

to enable the Firewall. The only 

difference between these three security levels is the preset port filter rules in the Packet 
Filter. Firewall unfuctionality is the same for all levels; it is only the list of preset port filter that 
changes between each setting. 
If you choose of the preset security levels and then add custom filters, you may temporarily 
disable the firewall and recover your custom filter settings by re-selecting the same security 
level. 
The “

Block WAN Request

” is a stand-alone function and not relate to whether security 

enable or disable. Mostly it is for preventing any scan tools from WAN site by hacker. 
 
 
 
 
 
 

3.6.3.4.1 General Settings 

 

Summary of Contents for A02-RA340

Page 1: ...Where solutions begin Company certified ISO 9001 2000 WebShare 340 440 ADSL2 VPN Router A02 RA340 A02 RA440 USER S MANUAL A02 RA3 4 40_ME01...

Page 2: ......

Page 3: ...fically disclaims any warranties merchantability or fitness for any particular purpose Any software described in this manual is sold or licensed as is Should the programs prove defective following the...

Page 4: ...Windows 95 98 ME 12 For Windows NT4 0 14 For Windows 2000 15 For Windows XP 17 3 3 1 Configuration Check 19 3 4 FACTORY DEFAULT SETTINGS 19 3 4 1 Username and Password 20 3 4 2 LAN and WAN Port Addre...

Page 5: ...3 6 3 5 1 VPN PPTP 50 3 6 3 5 2 VPN IPSec 59 3 6 3 6 QoS 65 3 6 3 6 1 Prioritization 65 3 6 3 6 2 Outbound IP Throttling LAN to WAN 66 3 6 3 6 3 Inbound IP Throttling WAN to LAN 66 3 6 3 7 Virtual Se...

Page 6: ......

Page 7: ...rmance of entire network VPN The router supports embedded Virtual Private Network VPN protocols and up to 16 simultaneous IPSec VPN tunnels for users to establish private encrypted tunnels over the pu...

Page 8: ...over cable can be used directly this fast Ethernet switch will detect it automatically Multi Protocol to Establish A Connection Supports PPPoA RFC 2364 PPP over ATM Adaptation Layer 5 RFC 1483 encaps...

Page 9: ...www yahoo com and IP address When a local machine sets its DNS server with this router s IP address then every DNS conversion requests packet from the PC to this router will be forwarded to the real D...

Page 10: ...mation from an SNTP server SNMP SNMP is an application layer protocol that is used for managing networks V1 V2 and V3 Web based GUI supports web based GUI for configuration and management It is user f...

Page 11: ...WebShare 340 440 5 1 4 ADSL2 VPN Router Application...

Page 12: ...not open or repair the case yourself If the ADSL2 VPN Router is too hot turn off the power immediately and have a qualified serviceman repair it Place the ADSL2 VPN Router on a stable surface Only use...

Page 13: ...one network PS2 CONSOLE 5 Connect RS232 cable to the PC LAN 4 RJ 45 4 Connect an UTP Ethernet cable to one of the four LAN ports when connecting to a PC or an office home network of 10Mbps or 100Mbps...

Page 14: ...at all other devices connected to the same telephone line as your router e g telephones fax machines analog modems have a line filter A01 AF2 connected between them and the wall socket unless you are...

Page 15: ...uter 9 If the ADSL Led flashes periodically You have to force modulation Click on Configuration WAN then ADSL On the combo box Connection Mode please choose ADSL Press Apply and then click on Save Con...

Page 16: ...WebShare 340 440 10...

Page 17: ...lt IP address of the ADSL2 VPN Router is 192 168 1 254 and subnet mask is 255 255 255 0 The best and easy way is to configure the PC to get an IP address from the ADSL2 VPN Router Also make sure you h...

Page 18: ...trol Panel In the Control Panel double click on Network and choose the Configuration tab 2 Select TCP IP NE2000 Compatible or the name of any Network Interface Card NIC in your PC 3 Click Properties 4...

Page 19: ...WebShare 340 440 13 5 Then select the DNS Configuration tab 6 Select the Disable DNS radio button and click OK to finish the configuration...

Page 20: ...1 Go to Start Settings Control Panel In the Control Panel double click on Network and choose the Protocols tab 2 Select TCP IP Protocol and click Properties 3 Select the Obtain an IP address from a D...

Page 21: ...For Windows 2000 1 Go to Start Settings Control Panel In the Control Panel double click on Network and Dial up Connections 2 Double click LAN Area Connection 3 In the LAN Area Connection Status windo...

Page 22: ...440 16 4 Select Internet Protocol TCP IP and click Properties 5 Select the Obtain an IP address automatically and the Obtain DNS server address automatically radio buttons 6 Click OK to finish the co...

Page 23: ...17 For Windows XP 1 Go to Start Control Panel in Classic View In the Control Panel double click on Network Connections 2 Double click Local Area Connection 3 In the LAN Area Connection Status window...

Page 24: ...440 18 4 Select Internet Protocol TCP IP and click Properties 5 Select the Obtain an IP address automatically and the Obtain DNS server address automatically radio buttons 6 Click OK to finish the co...

Page 25: ...54with 32 bytes of data Reply from 192 168 1 254 bytes 32 times 10ms TTL 64 Reply from 192 168 1 254 bytes 32 times 10ms TTL 64 Reply from 192 168 1 254 bytes 32 times 10ms TTL 64 3 If the ping comman...

Page 26: ...er function Enabled N A 3 5 Information from the ISP Before configuring this device you have to check with your ISP Internet Service Provider what kind of service is provided such as PPPoE PPPoA RFC14...

Page 27: ...ble DHCP Table PPTP Status IPSec Status L2TP Status Email Status Event Log Error Log Nat Sessions UPnP PortMap Quick Start Configuration LAN WAN System Firewall VPN QoS Virtual Server Advanced Save Co...

Page 28: ...ion will be shown When you click the Email Status it gives you a quick view to know if there is email in your predefined email account You will see the unread emails in the email server and once you h...

Page 29: ...Please check Chapter 3 5 Information from the ISP then enter the proper values into this web page click the Apply button and then Save Config to FLASH in the left panel After the router reboot you ma...

Page 30: ...uilding or floor of a building There are four items within the LAN section Bridge Filtering Ethernet Ethernet Client Filtering Port Setting DCHP Server 3 6 3 1 1 Bridge Filtering You can setup member...

Page 31: ...is 192 168 1 254 RIP RIP v1 RIP v2 RIP v1 v2 and RIP v2 Multicast The Subnet mask of the Secondary IP Address depends on the setting of the Primary IP Address 3 6 3 1 2 1 IP Alias IP Address Insert t...

Page 32: ...s set to Disable Allowed check to authorize specific device accessing your LAN by insert the MAC Address in the space provided Make sure your PC s MAC is listed Blocked check to prevent unwanted devic...

Page 33: ...the router s Ethernet ports to solve some of the compatibility problems that may be encountered while connecting to the Internet as well allowing users to tweak the performance of their network Port...

Page 34: ...ill check the 2nd octet of each IP packet If the value in the Precedence of TOS field matches the checked values in the table 0 to 63 this packet will be treated as high priority 3 6 3 1 4 DHCP Server...

Page 35: ...erent computers DHCP Server Check to enable the ADSL Firewall Router to distribute IP Addresses subnet mask and DNS setting to computers Hence the following fields will be activated Starting IP Addres...

Page 36: ...factory default is PPPoE If your ISP uses this access protocol click Edit to input other parameters as below If your ISP does not use PPPoE you can change the default WAN connection entry by clicking...

Page 37: ...r LAN have public IP addresses and can access the Internet directly the NAT function can be disabled Username Enter the username provided by your ISP You can input up to 128 alphanumeric characters ca...

Page 38: ...rnet i e when a program on your computer attempts to access the Internet Idle Timeout Auto disconnect the broadband firewall gateway when there is no activity on the line for a predetermined period of...

Page 39: ...lect the encapsulation format the default is LLC Bridged Select the one provided by your ISP Only for RFC1483 Routed DHCP client Enable or disable the DHCP client specify if the router can get an IP a...

Page 40: ...ternet and the DNS allows you to find the telephone number for any particular domain name Since an IP Address is hard to remember the DNS converts the friendly name into its equivalent IP Address You...

Page 41: ...other values such as ALCTL ADI etc Activate Line Aborting false your ADSL line and making it active true again for taking effectwith setting of Connect Mode Coding Gain Select to Coding gain from 0 t...

Page 42: ...other than those in the drop down list simply enter its IP address as shown above Your ISP may provide an SNTP server for you to use Resync Period in minutes is the periodic interval the router waits...

Page 43: ...that you must decompress compressed zip files before you can upload them Upgrade Click upgrade to begin the upload process This process may take up to two minutes Do NOT upgrade firmware on any Atlant...

Page 44: ...changes to your router s configuration Press Backup to select where on your local PC to save the settings file You may also change the name of the file when saving if you wish to keep multiple backups...

Page 45: ...0 12 seconds while the router is turned on You have to Switch Off and Switch On the device that boot with factory default settings 3 6 3 3 6 User Management To prevent unauthorized access to your rout...

Page 46: ...cannot delete the default admin account however you can delete any other created accounts by clicking Cancel when editing the user You are strongly advised to change the password on the default admin...

Page 47: ...twork from unwanted websites You can find six items under the Firewall section General Settings Packet Filter Intrusion Detection MAC Address Filter URL Filter and Firewall Log You can choose not to e...

Page 48: ...ou have to configure the type of traffic passed between WAN and LAN please refer to Packet Filter below High Medium and Low security level By default your system uses High Medium and Low firewall secu...

Page 49: ...program allows you to set up different filter rules up to 10 for different users based on their IP addresses or their network Port number The relationship among all filters is or operation which mean...

Page 50: ...etail refer to Time Schedule section Source IP Address es Destination IP Address es This is the Address Filter used to allow or block traffic to from particular IP address es Selecting the Subnet Mask...

Page 51: ...ts to TCP port 80 Inbound will be blocked In this window you can decide to block or allow any protocol type Rule Name Insert rule name rule name must be different Time Schedule It is self defined time...

Page 52: ...Service DoS attack Possible DoS attacks this attempts to block include Ascend Kill and WinNuke Default value is 1800 seconds Scan Attack Block Duration This is the duration for blocking hosts that att...

Page 53: ...ilter rules allow you to prevent users on your network from accessing particular websites by their URL There are no predefined URL filter rules you can add filter rules to meet your requirements Enabl...

Page 54: ...ion attempts using port 80 only Domains Filtering This function checks the domain name only not the IP address in URLs accessed against your list of domains to block or allow If it is matched the URL...

Page 55: ...ion Block surfing by IP address function can be handy and helpful to Andy Now Andy can prevent Bobby from accessing other sites Block Java Applet This function can block Web content that includes the...

Page 56: ...e information Click Create to configure a new VPN connection Connection Name This allows you to identify this particular connection e g Connection to officeLAN Type Check Dial Out if you want your rou...

Page 57: ...nnection 128 bit keys provide stronger encryption than 40 bit keys Mode You may select Stateful or Stateless mode The key will be changed every 256 packets when you select Stateful mode If you select...

Page 58: ...e 340 440 52 Application Diagram Configuring PPTP VPN in the Office LAN Router The input IP address 192 168 1 200 will be assigned to the remote worker please make sure this IP is not used in the Offi...

Page 59: ...commercial VPN client software package e g SSH or the Dialup Adaptor in Windows Please follow the steps below if you are a Windows 2000 XP user 1 2 Follow the step and select Connect to a private netw...

Page 60: ...WebShare 340 440 54 4 Follow the step the following screen appears The setup is completed 5 To make the connection click the Virtual Private Connection icon in Dial up Networking Group...

Page 61: ...WebShare 340 440 55...

Page 62: ...ection with the file server located in the remote side The router is installed in the office connected with a couple of PCs and Servers Application Diagram Configuring PPTP VPN in the Office You can e...

Page 63: ...N to connect two private networks by leveraging the Internet infrastructure The routers are installed in the Office Lan and Remote Lan accordingly Remote LAN Office LAN Product Code A02 RA440 A02 RA34...

Page 64: ...PN in the Remote Lan The input IP address 69 121 1 32 is the Public IP address of the router located in the Office Lan If you have a domain name assigned to this IP address either you registered the D...

Page 65: ...of the remote VPN device that is connected and establishes a VPN tunnel Network Set the IP address subnet or address range of the remote network Proposal Select the IPSec security method There are tw...

Page 66: ...ovide better security but extends the VPN negotiation time Diffie Hellman is a public key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication cha...

Page 67: ...h Algorithm algorithms SHA1 is more resistant to brute force attacks than MD5 however it is slower MD5 A one way hashing algorithm that produces a 128 bit hash SHA1 A one way hashing algorithm that pr...

Page 68: ...ytime the VPN tunnel re negotiates access through the tunnel will be temporarily disconnected PING for Keepalive It is used to detect IPSec tunnel connection failure Connection failure is defined as a...

Page 69: ...0 A02 RA340 A02 WRA4 54G Picture Public IP 69 121 1 31 69 121 1 32 NAT Yes Yes LAN IP 192 168 1 X 192 168 2 X Subnet Mask 255 255 255 0 255 255 255 0 VPN IPSec ESP ESP Encryption DES or 3DES AES DES o...

Page 70: ...WebShare 340 440 64 Configuring IPSec VPN in the Office LAN Configuring IPSec VPN in the Remote LAN...

Page 71: ...The trigger of check can base on IP protocol port number and address And the balance of utilization of each priorities are High 60 Normal 30 and Low 10 Application A user define description to identif...

Page 72: ...Time Schedule Scheduling your prioritization policy Refer to Time Schedule for more information Protocol The name of supported protocol Source Port The source port of packets to be monitored Destinati...

Page 73: ...ackets to be monitored Destination Port The destination port of packets to be monitored Source IP Address Range The source IP address or range of packets to be monitored Destination IP address Range T...

Page 74: ...n the Remote WAN side used when accessing the virtual server Redirect Port The Port number used by the Local server in the LAN network Internal IP Address The private IP in the LAN network which will...

Page 75: ...time schedule or Always on for the usage of this Virtual Server Entry For setup and detail refer to Time Schedule section Application Users defined description to identify this entry or click to sele...

Page 76: ...schedule specific day s i e Monday through Sunday to restrict or allowing he usage of the Internet by users or applications This Time Schedule correlates closely with router s time since router does...

Page 77: ...3 6 3 9 Advanced Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of the router Users who do not understand the features should...

Page 78: ...exchange information with the DDNS server In addition to update periodically according to this period setting the Router will take the same action automatically whenever the assigned IP changes 3 6 3...

Page 79: ...ly dial out for checking emails When the function is enabled your ADSL router will connect to your ISP automatically to check emails if your Internet connection dropped Please be careful when using th...

Page 80: ...ou may wish to change the port SNMP Access Control SNMP V1 and V2 Read Community Specify a name to be identified as the Read Community and an P address This community string will be checked against th...

Page 81: ...1dStp group if configured as spanning tree RFC 1471 PPP LCP MIB pppLink group pppLqr group RFC 1472 PPP Security MIB PPP Security Group RFC 1473 PPP IP MIB PPP IP Group RFC 1474 PPP Bridge MIB PPP Bri...

Page 82: ...cisions Default is set to Enable 3 6 4 Save Config To Flash After configuring this network router you have to save all of the configuration parameters to FLASH 3 6 5 Logout To exit the website choose...

Page 83: ...ite DMT ITU T G 994 1 Multimode ITU G 992 3 G dmt bis ITU G 992 5 G dmt bisplus ADSL ADSL2 ADSL2 Protocols RFC2364 PPPoA RFC2516 PPPoE RFC1577 e RFC1483 ATM ATM AAL2 AAL5 and ATM service class CBR UBR...

Page 84: ...cell is 53 bytes 424 bits so a maximum speed of 832 Kbps gives a maximum PCR of 1962 cells sec This rate is not guaranteed because it is dependent on the line speed Sustained Cell Rate SCR is the mea...

Page 85: ...any other questions you can contact the Atlantis Land company directly at the following address Atlantis Land SpA Viale De Gasperi 122 20017 Mazzo di Rho MI Tel 39 02 93906085 39 02 93907634 help desk...

Reviews:

No comments