manualshive.com logo in svg

Option Audio GlobeSurfer 3G, Reference Manual, Page: 142 / 209

Share
Download
Option Audio GlobeSurfer 3G Reference Manual Download Page 142

5.11

Applying Corporate-Grade Security

The following set of instructions is designed to assist you in applying corporate-
grade security standards to your network. When implementing these instruc-
tions, it is important to execute the configuration steps in the exact order they
are presented.

To apply corporate-grade firewall security standards perform the following:

• Do not allow non-administrative services access to the LAN:

1. Open a Telnet session from a LAN host that is connected to GlobeSurfer

3G.

2. Telnet to GlobeSurfer 3G at address 192.168.1.1.

3. Logon to GlobeSurfer 3G as an administrator (The default username

and password are both

admin

).

4. After logging on, issue the following command at the prompt:

OpenRG

>

r g c o n f s e t fw/ p r o t e c t / a l l o w r g r e m o t e a d m i n i s t r a t i o n o n l y 1

OpenRG

>

r e c o n f 1

OpenRG

>

e x i t

• Configure GlobeSurfer 3G to permit only HTTPS as means of remote ad-

ministration:

1. Click

Security

on the sidebar.

2. Click the

Remote Administration

tab.

3. Enable the following check boxes:

Using Primary HTTPS Port (443)

Using Secondary HTTPS Port (8443)

134

Summary of Contents for GlobeSurfer 3G

Page 1: ...GlobeSurfer 3G version 3 15 4 R2H Reference Manual...

Page 2: ...ions contained in this user guide All brands and registered brands are property of their respective owners Services may be changed added or deleted For the newest firmware version of your Globesurfer...

Page 3: ...Setup 9 1 6 Additional Network Configuration 9 1 7 Adding Computers to Your Network 10 2 GlobeSurfer 3G Management Console 11 2 1 Accessing the GlobeSurfer 3G Management Console 11 2 2 Left Sidebar 1...

Page 4: ...Network Connection Parameters 47 4 3 3 2 Wireless Access Point 47 4 3 3 3 MAC filtering settings 48 4 3 3 4 Advanced Wireless Options 48 4 3 3 5 Wireless Security 49 4 3 3 6 Internet Protocol 50 4 3 3...

Page 5: ...ol 107 5 3 Local Servers Port Forwarding 110 5 4 DMZ Host 113 5 5 Port Triggering 114 5 6 Remote Administration 117 5 7 IP Hostname Filtering 119 5 8 Advanced Filtering 122 5 8 1 Adding an Advanced Fi...

Page 6: ...Server Settings 170 6 13 3 Advanced PPTP Client Settings 170 6 14 IP Security IPsec 172 6 14 1 Technical Specifications 172 6 14 2 Basic IPsec Connection Settings 172 6 14 2 1 Key Management 173 6 14...

Page 7: ...a Network MAC Media Access Control MTU Maximum Transmission Unit NAPT Network Address Port Translation OAM Operations and Maintenance OEM Original Equipment Manufacturer PDA Personal Digital Assistant...

Page 8: ...URL Universal Resource Locator VPN Virtual Private Network WAN Wide Area Network WEP Wireless Encryption Protocol WLAN Wireless Local Area Network WPA Wireless Protected Access vii...

Page 9: ...will also be able to share the resources of the local computers connected to the GlobeSurfer 3G GlobeSurfer 3G is easy to install and use Yet it provides advanced network ing functions and security f...

Page 10: ...ion of the GlobeSurfer 3G It is intended as a complement to the GlobeSurfer 3G User Guide to provide ref erence information for the advanced user of the GlobeSurfer 3G It is assumed that the hardware...

Page 11: ...that all communication parameters are valid and that the physical cable con nections are correct The basic setup procedure consists of three consecutive configuration steps Please refer to figure 1 2...

Page 12: ...ally provided separately from the SIM card for security reasons 1 4 Step 2 PC Network Configuration The GlobeSurfer 3G provides a DHCP server which means that each computer connected to the LAN can ob...

Page 13: ...the Internet Protocol TCP IP component and click the Properties button 4 The Internet Protocol TCP IP properties window will be displayed see figure 1 3 a Select the Obtain an IP address automaticall...

Page 14: ...on your PC 2 Enter the address 192 168 1 1 to display the GlobeSurfer 3G management console When first logging on to the management console the welcome screen will appear see figure 1 4 enabling you t...

Page 15: ...eft sidebar The following sections describe the various configuration parameters of Quick setup Once you have filled the Quick setup sections as described below click the OK but ton to configure your...

Page 16: ...very basic form of security Other devices will still be able to connect provided that they are supplied with the SSID A recommendation is to install your wireless network with this feature enabled and...

Page 17: ...cal security is set which blocks all traffic that has been initiated by an external Internet source and allows all traffic that has been initiated from your local network Note It is the origin of the...

Page 18: ...s 4 7 1 7 Adding Computers to Your Network Any computers with a 802 11b g wireless adapter will be able to connect to the WLAN created with the GlobeSurfer 3G To connect additional computers without a...

Page 19: ...Surfer 3G Management Con sole To access the management console 1 Launch a Web browser on a PC in the LAN or WLAN 2 Type the IP address of the GlobeSurfer 3G or a name as provided by the supplier in th...

Page 20: ...sev eral subject areas and may be accessed by clicking on the appropriate icon in the left sidebar The subject areas are Connection status Display the status of the UMTS connection see Section 2 2 SM...

Page 21: ...owser select the radio button Automatically The following additional information is provided Current connection time the duration of the current connection Total connection time the cumulated duration...

Page 22: ...servers restrictions and configurable parameters The principles outlined in this section apply to all tables in the management console Figure 2 3 Typical Table Structure Figure 2 3 illustrates a typic...

Page 23: ...by clicking SMS in the left sidebar The display of the GlobeSurfer 3G shows an envelope symbol when a new SMS message is received 3 1 Reading an SMS 1 When starting the SMS Manager the Inbox tab of t...

Page 24: ...e SMS create tab of the SMS Manager 2 Type your message text in the SMS message field The Characters left field shows how many characters you can type before the size limit is reached 3 Enter the phon...

Page 25: ...chive and Templates folders is 100 1 Select the SMS that you want to store either from the Inbox or from the Sent folder 2 Click the Archive button below the open SMS The message is moved to the archi...

Page 26: ...es You are then moved to the SMS create tab to change the text and to enter the phone number of the receiver as required 2 Click the Send button when ready 3 5 SMS Settings The only specific SMS Manag...

Page 27: ...cribe the network connection screens to configure WAN Connecting via UMTS to the Internet UMTS connection see Section 4 1 LAN Creating a local network Ethernet connection see Section 4 2 Wireless conn...

Page 28: ...the sidebar see figure 4 1 Figure 4 1 Network connections Advanced 2 Click your connection entry in the network connections table to view the connection properties 3 Click New connection to start a wi...

Page 29: ...tworks through the 3G UMTS mobile telecommunications standard The WAN UMTS properties screen displays a summary of the connection properties Figure 4 2 WAN UMTS Properties Clicking on the Settings but...

Page 30: ...Enter the access point name as provided by your Internet Service Provider ISP or accept the name already set Connect automatically To automatically set up a UMTS connection when data is about to be s...

Page 31: ...AP version 2 or both are selected Figure 4 4 PPP Authentication Settings Login username As agreed with ISP Login password As agreed with ISP Support unencrypted password PAP Password Authentication Pr...

Page 32: ...in case your service provider requires it The server that assigns the GlobeSurfer 3G with an IP address also as signs a subnet mask You can override the dynamically assigned subnet mask by selecting...

Page 33: ...ed or Basic routing Routing Mode When Advanced routing is selected select one of the f ollowing Routing modes Route Use route mode if you want your GlobeSurfer 3G to function as a router between two n...

Page 34: ...oxy enables the system to issue IGMP host messages on behalf of hosts that the system discovered through stan dard IGMP interfaces IGMP proxy enables the routing of multicast pack ets according to the...

Page 35: ...ral Network Connection Parameters The top part of the configuration window displays general communication pa rameters It is recommended not to change the default values in this screen un less you are...

Page 36: ...screen will refresh and display relevant configuration settings No IP address Select No IP address if you require that this connection will have no IP address This can be useful if this connection is...

Page 37: ...lly configure DNS server addresses select Use the following DNS server addresses from the DNS server drop down menu see figure 4 100 Specify up to two different DNS server addresses one primary and on...

Page 38: ...a network user will be al lowed connection to the gateway with its currently issued dynamic IP address Just before the time is up the user will automatically request to extend the lease or get a new I...

Page 39: ...ifies a fixed routing path to neighboring destina tions Routing Select Advanced or Basic routing Device Metric The device metric is a value used by the GlobeSurfer 3G to de termine whether one route i...

Page 40: ...ion Settings The bottom part of the configuration screen displays the following options Internet connection firewall Select this check box to enable the GlobeSurfer 3G firewall on the connection To le...

Page 41: ...3 1 1 Configuring your GlobeSurfer 3G Wireless Connection GlobeSurfer 3G will automatically set up a wireless connection as a bridged LAN network device 1 Click the Network Connections icon on the sid...

Page 42: ...on figuration screen is available in section 4 3 3 4 3 1 2 Configuring Your Wireless Windows XP Client If your PC has wireless capabilities Windows XP will automatically recognize this and create a wi...

Page 43: ...k Connec tion screen will appear displaying all available wireless networks in your vicinity If your gateway is connected and active you will see GlobeSurfer 3G s wireless connection see figure 4 28 N...

Page 44: ...s your wireless network Se lect the Enable IEEE 802 1x authentication for this network check box to en able authenticated communication between the PC and the GlobeSurfer 3G If you choose to enable 80...

Page 45: ...crypt the Wireless data transmitted between GlobeSurfer 3G and your Wireless device 6 Select the Authentication tab to configure wireless authentication proto cols see figure 4 30 When selecting an EA...

Page 46: ...n click the Connect button at the bottom of the screen After the connection is established its status will change to Connected Figure 4 31 Connected Wireless Network An icon will appear in the notific...

Page 47: ...ter with a wireless capability can connect to your LAN The following sec tion describes how to secure your wireless connection using the Wi Fi Pro tected Access WPA security protocol The Wi Fi Allianc...

Page 48: ...he Settings button to display the various wireless connection set tings The Configure LAN Wireless screen will appear see figure 4 35 Figure 4 35 Configure LAN Wireless 4 Enable the Wireless security...

Page 49: ...at ASCII is selected in the associated combo box Figure 4 36 LAN Wireless Security Parameters 8 Click OK An Attention screen will appear warning you that the browser page might require reloading Figur...

Page 50: ...uble click the wireless connection icon The Wireless Network Connec tion screen will appear displaying GlobeSurfer 3G s wireless connection see figure 4 39 Note that the connection is defined as Secur...

Page 51: ...following login window will appear ask ing for a Network Key which is the pre shared key you have configured above Figure 4 40 Wireless Network Connection Login 4 Enter the pre shared key in both fie...

Page 52: ...ee figure 4 38 and browsing the Internet Should the login window above not appear and the connection attempt fail please configure Window s connection manually 1 Click the connection once to mark it a...

Page 53: ...Figure 4 44 Wireless Network Connection Properties 3 Click your connection to highlight it and then click the Properties button Your connection s properties window will appear see figure 4 45 45...

Page 54: ...rm network key fields 4 Click OK on both windows to save the settings 5 When attempting to connect to the wireless network the login window will now appear pre filled with the pre shared key Click the...

Page 55: ...o Section 6 11 Physical Address The physical address of the network card used for your net work Some cards allow you to change this address MTU MTU is the Maximum Transmission Unit It specifies the la...

Page 56: ...denied or allowed comput ers MAC filtering mode Allow specifies that the list of MAC addresses is granted access to GlobeSurfer 3G MAC filtering mode Deny specifies that all computers except those in...

Page 57: ...than the pre set threshold the RTC CTS mechanism is not active If you encounter inconsistent data flow try a minor reduction of the RTS threshold size Figure 4 49 LAN Wireless Access Point Advanced Pa...

Page 58: ...t No IP address if you require that this connection will have no IP address This can be useful if this connection is under a bridge Figure 4 51 Internet Protocol Settings No IP address Obtain an IP ad...

Page 59: ...m part of the configuration screen displays the following options Internet connection firewall Select this check box to enable the GlobeSurfer 3G firewall on the connection To learn more about configu...

Page 60: ...the configuration window displays general communication pa rameters It is recommended not to change the default values in this screen un less you are familiar with the networking concepts they represe...

Page 61: ...ction is under a bridge Figure 4 56 Internet Protocol Settings No IP address Obtain an IP address automatically A LAN connection can be configured to obtain an IP address automatically You should only...

Page 62: ...NS Server Domain Name System DNS is the method by which website or domain names are translated into IP addresses You can configure the connection to auto matically obtain a DNS server address or speci...

Page 63: ...s Specify the end of the IP address range that can be used to automatically issue IP addresses Subnet mask The subnet mask determines which portion of a destina tion LAN IP address is the network port...

Page 64: ...s link will appear Figure 4 63 IP Address Distribution DHCP Relay Click the New IP address link The DHCP Relay server address screen will appear Figure 4 64 IP Address Distribution DHCP Server Definit...

Page 65: ...ables the routing of multicast pack ets according to the IGMP requests of LAN devices asking to join multi cast groups Select the Multicast IGMP proxy internal check box to enable this feature Routing...

Page 66: ...firewall Select this check box to enable the GlobeSurfer 3G firewall on the connection To learn more about configuring security settings please refer to Chapter 5 Figure 4 67 Additional Network Conne...

Page 67: ...protocol that is based on RC4 and routes using the generic routing encapsulation GRE protocol For more information on PPTP connections refer to Section 6 13 2 for PPTP server settings and Section 6 1...

Page 68: ...uration screen will appear see figure 4 70 Enter the following parameters supplied by your VPN server Hostname or IP address of destination Hostname or IP address of the VPN host server Login username...

Page 69: ...ver Connection To create a PPTP server connection perform the following steps 1 Click Network connections on the sidebar the Network connections screen will appear see figure 4 72 Figure 4 72 Network...

Page 70: ...user will use to access your local net work New password Type a new password for the remote user If you do not want to assign a password to the remote user leave this field empty Retype new password I...

Page 71: ...ion of Information Warning and Error events If the Warning level is selected the user will receive notification of Warning and Error events etc To configure email notification for a specific user Firs...

Page 72: ...n configure scheduler rules in order to define time segments during which the connection is active To configure scheduler rules click the New link To learn how to configure scheduler rules please refe...

Page 73: ...ts as provided by your ISP Figure 4 79 PPP Configuration 4 5 3 3 PPP Authentication Point to Point Protocol PPP currently supports four authentication protocols Password Authentication Protocol PAP Ch...

Page 74: ...crosoft CHAP Version 2 authentication protocol 4 5 3 4 PPP Encryption PPP supports encryption facilities to secure the data across the network con nection A wide variety of encryption methods may be n...

Page 75: ...using a permanent static IP address Your service provider should provide you with this IP address subnet mask and the default gateway IP ad dress Figure 4 83 Internet Protocol Settings Static IP 4 5...

Page 76: ...P proxy enables the system to issue IGMP host messages on behalf of hosts that the system discovered through stan dard IGMP interfaces IGMP proxy enables the routing of multicast pack ets according to...

Page 77: ...gaining access to it through a network or the Internet The firewall applies security per network connection for example the firewall can be applied on the UMTS WAN and the Wireless LAN but not on the...

Page 78: ...packets either at the remote user s PC or at an ISP that has an L2TP remote access concentra tor LAC The LAC transmits the L2TP packets over the network to the L2TP network server LNS 4 6 1 Creating a...

Page 79: ...4 90 Enter the following parameters supplied by your VPN server Hostname or IP address of destination Hostname or IP address of the VPN host server Shared secret A secret key represented as a sequenc...

Page 80: ...ler rules in order to define time segments during which the connection is active To configure scheduler rules click the New link To learn how to configure scheduler rules please refer to Section 6 11...

Page 81: ...and CHAP as well as other compression and encryption protocols L2TP Server Host name and shared secret should be configured according to your ISP information PPP on Demand Use PPP on demand to initia...

Page 82: ...t replay attacks remote client impersonation or remote server impersonation Support Challenge Handshake Authentication CHAP The Challenge Hand shake Authentication Protocol CHAP is a challenge respons...

Page 83: ...of the compression decompres sion mechanism in a reliable manner Figure 4 96 PPP Compression For each compression algorithm select one of the following from the drop down menu Reject Reject PPP conne...

Page 84: ...th this IP address subnet mask and the default gateway IP ad dress Figure 4 98 Internet Protocol Settings Static IP 4 6 2 7 DNS Server Domain Name System DNS is the method by which website or domain n...

Page 85: ...P proxy enables the system to issue IGMP host messages on behalf of hosts that the system discovered through stan dard IGMP interfaces IGMP proxy enables the routing of multicast pack ets according to...

Page 86: ...gaining access to it through a network or the Internet The firewall applies security per network connection for example the firewall can be applied on the UMTS WAN and the Wireless LAN but not on the...

Page 87: ...the host This section de scribes both GlobeSurfer 3G s configuration and a Windows XP client configu ration 4 7 1 1 Configuring IPsec on GlobeSurfer 3G 1 Click the Network connections icon on the side...

Page 88: ...xt The Internet Protocol Security IPsec topology screen will appear see fig ure 4 105 Figure 4 105 IPsec Topology Select the Network to Host radio button to create a secure connection between your LAN...

Page 89: ...secret Click Next the IPsec connection properties screen will appear see figure 4 107 Figure 4 107 IPsec Connection Properties Specify the following parameters Remote tunnel endpoint address Specify...

Page 90: ...r 3G LAN subnet address referred to as openrg lan subnet The configuration sequence 1 The first step is to create the IPsec policy a Click the Start button and select Run Type secpol msc and click OK...

Page 91: ...Click Next and type a name for your policy for example GlobeSurfer 3G Connection see figure 4 112 Click Next Figure 4 112 IP Security Policy Name d Deselect the Activate the default response rule chec...

Page 92: ...ke sure that the Edit Properties check box is checked see figure 4 114 and click the Finish button Figure 4 114 Completing the IP Security Policy Wizard f On the GlobeSurfer 3G Connection Properties w...

Page 93: ...ttings window right click the new GlobeSurfer 3G Connection policy created in the previous step and select Prop erties The Properties window will appear see figure 4 115 b Deselect the Use Add Wizard...

Page 94: ...Figure 4 116 New Rule Properties c Under the IP Filter List tab click the Add button The IP Filter List window will appear see figure 4 117 86...

Page 95: ...117 IP Filter List d Enter the name Windows XP to GlobeSurfer 3G for the filter list deselect the Use Add Wizard check box and click the Add button The Filter Properties window will appear see figure...

Page 96: ...like to enter a description for your filter h Click OK Click OK again in the IP Filter List window to save the settings 3 Building Filter List 2 GlobeSurfer 3G to Windows XP a Under the IP Filter Lis...

Page 97: ...tination address combo box select My IP Address e Click the Description tab if you would like to enter a description for your filter f Click OK Click OK again in the IP Filter List window to save the...

Page 98: ...r List b Click the Filter Action tab see figure 4 121 Figure 4 121 Filter Action c Select the Require Security radio button and click the Edit button The Require Security Properties window will appear...

Page 99: ...red communication but always respond using IPsec check box Select the Session key Perfect Forward Secrecy PFS the PFS op tion must be enabled on GlobeSurfer 3G and click the OK button e Under the Auth...

Page 100: ...string preshared key radio button and enter a string that will be used as the key for example 1234 Click the OK button g Under the Tunnel Setting tab select the The tunnel endpoint is speci fied by t...

Page 101: ...s selected i Click Apply and then click OK to save this rule 5 Configuring Individual Rule of Tunnel 2 GlobeSurfer 3G to Windows XP a Under the IP Filter List tab of the New Rule Properties window sel...

Page 102: ...dow will appear see fig ure 4 123 f Select the Use this string preshared key radio button and enter a string that will be used as the key for example 1234 Click the OK button g Under the Tunnel Settin...

Page 103: ...3G s VPN feature is VPNC certified 4 7 2 1 Network Configuration Establishing an IPsec tunnel between gateways A and B creates a transpar ent and secure network for clients from subnets A and B commun...

Page 104: ...pear Configure the following parameters see figure 4 132 Internet protocol Select Use the following IP address IP address Specify 10 5 6 1 Subnet mask Specify 255 255 255 0 DHCP Select DHCP server Sta...

Page 105: ...ay B s WAN Internet interface has the address 22 23 24 25 The Internet Key Exchange IKE Phase 1 parameters used are Main mode 3DES Triple DES SHA 1 MODP group 2 1024 bits Pre shared secret of hr5x SA...

Page 106: ...ear see figure 4 133 Figure 4 133 New Connection 3 Select the Internet Protocol Security IPsec radio button and click Next The Internet Protocol Security IPsec topology screen will appear see fig ure...

Page 107: ...ubnet radio button to allow an IPsec connection from a specific remote subnet 7 Click Next the Internet Protocol Security IPsec screen will appear see figure 4 136 Figure 4 136 IPsec Connection Proper...

Page 108: ...onnections screen will now list the newly cre ated IPsec connection see figure 4 138 Figure 4 138 Network Connections 11 Click the Edit action icon for VPN IPsec the VPN IPsec properties screen will a...

Page 109: ...the DH Group 5 1536 bit check box 16 Under Encryption algorithm deselect the Allow AH Protocol no encryption check box 17 Click OK The VPN IPsec properties screen will appear 18 Click OK The Network c...

Page 110: ...t The firewall the cornerstone of the GlobeSurfer 3G security services has been exclusively tailored to the needs of the residential office user and has been pre configured to provide optimum security...

Page 111: ...by computers in the local network and special Internet applications see section 5 3 Local servers is sometimes referred to as Port forwarding The DMZ host tab allows you to configure a LAN host to rec...

Page 112: ...nternet Each request for a service that the firewall receives whether originating in the Internet or from a com puter in the local network is checked against the set of firewall rules to de termine wh...

Page 113: ...ernet except as con figured in the Local servers DMZ host and Remote administration screens Unrestricted All ser vices are permitted except as configured in the Access control screen Minimum security...

Page 114: ...t could make use of fragmented data packets to sabotage your local network Note that VPN over IPsec and some UDP based services make legitimate use of IP fragments You will need to allow IP fragments...

Page 115: ...rections In the e mail example given above you may prevent computers in the local network from receiving e mail by blocking their outgoing requests to POP3 servers on the Internet The Access Control f...

Page 116: ...cts see Section 6 6 5 You might want to define the time period during which the access control rule will take effect You can either select from a predefined list of schedules by selecting one from the...

Page 117: ...ove the service from the Access control table This may be useful if you wish to make the service available only temporarily and expect that you will want to reinstate the restriction in the future To...

Page 118: ...st name of that computer in the right hand column All Net2Phone related data arriving at GlobeSurfer 3G from the Internet will henceforth be forwarded to the specified computer Similarly if you want t...

Page 119: ...vide 3 Enter the local IP address or the host name of the computer that will provide the service the server Note that only one LAN computer can be assigned to provide a specific service or application...

Page 120: ...seful if you wish to make the service unavailable only temporarily and expect that you will want to make it available again in the future How many computers can use a service or play a game simultaneo...

Page 121: ...l forward this request to the DMZ host if one is designated unless the service is being provided by another PC in the local network assigned in Local servers in which case that PC will receive the req...

Page 122: ...traffic by default The server replies to GlobeSurfer 3G s IP and the connection is not sent back to your host since it is not part of a session In order to solve this you need to define a port trigge...

Page 123: ...2 Figure 5 12 Define Service Server Ports Server Ports UDP ANY 2222 Opened Ports UDP ANY 3333 4 Select the Add port triggering rule check box next to your service de scription in the general Port trig...

Page 124: ...the port triggering screen Please note that disabling these rules may result in impaired gateway functionality 116...

Page 125: ...s and you may use the Re mote administration screen to selectively enable these services if they are needed Figure 5 14 Remote Administration To allow remote access to GlobeSurfer 3G services 1 Click...

Page 126: ...ther settings making it difficult or impossible to access the GlobeSurfer 3G from the local network Therefore remote access to Telnet or HTTP services should be blocked and should only be permitted wh...

Page 127: ...will resolve all additional addresses and automatically add them to the restrictions table 3 You can select this is optional not compulsory the group of com puters to which you would like to apply th...

Page 128: ...ify the web site address group and schedule as necessary If it is long and or complicated you may want to use your browser s copy and paste functions to copy the address from the address bar to the ma...

Page 129: ...To remove a restriction click the Remove button The restriction will be removed from the restrictions list 121...

Page 130: ...f rules is comprised of three subsets Initial rules Network devices rules and Final rules These subsets determine the sequence by which the rules will be applied Following is a description of the set...

Page 131: ...erted by the firewall in order to provide improved security and block harmful attacks To configure advanced filtering rules click the Edit button next to the rule title or click on the title directly...

Page 132: ...tion IP addresses and service ports defined in Matching Reject Deny access to packets that match the source and destination IP addresses and service ports defined in Matching and sends and sends an IC...

Page 133: ...hedule sets the time period during which the rules are active inactive For information on how to configure Scheduler Rules refer to 6 11 5 Services Select the services to which you would like to apply...

Page 134: ...a result of an incoming packet Outbound traffic The event is a result of outgoing packet Firewall setup Configuration message WBM Login Indicates that a user has logged in to WBM CLI Login Indicates t...

Page 135: ...one network has been blocked 14 Trusted device a packet from a trusted device has been accepted 15 Default policy a packet has been accepted blocked according to the de fault policy 16 Remote administ...

Page 136: ...ecause of a certain service as spec ified in the event type 44 Advanced Filter Rule a packet has been accepted blocked because of an advanced filter rule 45 Fragmented packet header too small a packet...

Page 137: ...connection pool is full No connection created a message notifying that a connection has not been created because the connection pool is full 62 NAT Error No free NAT IP a message notifying that there...

Page 138: ...uc cessful attempt to establish an outgoing connection to the public network Blocked connection attempts write a log message for each blocked attempt to establish an inbound connection to the local ne...

Page 139: ...e this option to track con nection handling by the firewall and Application Level Gateways ALGs Select the Prevent log overrun checkbox in order to stop logging fire wall activities when the memory al...

Page 140: ...r defined services never need to be entered twice To add a new service 1 Click the New user defined service link at the top of either the Add access control rule screen or the Add local server screen...

Page 141: ...dify a user defined service 1 Click the Edit button for the service The Edit service screen will appear see figure 5 22 2 Modify the service name or description as necessary 3 To modify the port setti...

Page 142: ...en a Telnet session from a LAN host that is connected to GlobeSurfer 3G 2 Telnet to GlobeSurfer 3G at address 192 168 1 1 3 Logon to GlobeSurfer 3G as an administrator The default username and passwor...

Page 143: ...he LAN Ethernet connection link 3 Click the Settings button 4 Enable the Internet Connection Firewall check box Figure 5 25 Apply Firewall Protection 5 Click OK to save your changes At this point you...

Page 144: ...g their respective icons DNS Server View and modify the DNS Hosts table see Section 6 2 Network Map Display a map representation of your current local network see Section 6 4 DHCP Modify the behavior...

Page 145: ...er 3G s SNMP agent see Sec tion 6 16 System settings Modify administrator settings including GlobeSurfer 3G s hostname see Sec tion 6 1 Diagnostics Perform networking diagnostics see Section 6 17 Remo...

Page 146: ...Figure 6 1 Advanced Settings 138...

Page 147: ...s local domain 6 1 2 GlobeSurfer 3G Management Console Settings Use this section to configure the following Automatic refresh of system monitoring web pages Select this checkbox to enable the automat...

Page 148: ...he hostname of your outgoing SMTP server in the Server field 2 Each email requires a from address and some outgoing servers refuse to forward email without a valid from address for anti spam considera...

Page 149: ...taneously Automatically appends a domain name to unqualified names Allows new domain names to be added to the database using the GlobeSurfer 3G management console Permits a computer to have multiple h...

Page 150: ...ost name or IP address of an entry 1 Click the Edit icon in the Action column The DNS entry screen will appear see figure 6 4 2 If the host was manually added to the DNS Table then you may modify its...

Page 151: ...ilable when customizing GlobeSurfer 3G s DDNS support For more information regarding Dynamic DNS please refer to http www dyndns org Figure 6 5 Dynamic DNS Settings 6 3 1 Using Dynamic DNS 1 Click Dyn...

Page 152: ...e Ethernet or WLAN 5 Local network computers and peripherals Clicking a network element takes you to a configuration screen to configure the corresponding network element The following table explains...

Page 153: ...etwork parameters for the Wireless LAN device see Section 4 Represents a bridge connected in the local net work Click this icon to view the bridge s under lying devices Represents a computer connected...

Page 154: ...to the network If the host wishes to terminate a lease before its expiration it can send a release message to the DHCP server which will then make the IP address available for use by others The DHCP s...

Page 155: ...d in this subnet and End IP address specifies the last IP address in the range Subnet Mask A mask used to determine what subnet an IP address belongs to An example of a subnet mask value is 255 255 0...

Page 156: ...link under the DHCP Relay section The DHCP Server Relay Address screen will appear see figure 6 10 Use this screen to specify your DHCP server s IP address Figure 6 10 DHCP Server Relay 4 Click OK to...

Page 157: ...operties 2 Continue with step 2 below To define a new connection with a fixed IP address 1 Click the New Static Connection button that appears on top of the DHCP Connections screen The DHCP Connection...

Page 158: ...To remove a host from the table click the Delete icon in the Action column Figure 6 13 Editing a DHCP Connection 150...

Page 159: ...instead of IP addresses This may be useful since IP addresses change from time to time Moreover it is possible to define network objects according to MAC addresses making rule application more persist...

Page 160: ...object from the Network object type combo box IP address MAC address Hostname 7 Specify the appropriate description for the network object type 8 You may repeat the actions described above several ti...

Page 161: ...twork device LAN Bridge or WAN UMTS Destination The destination is the destination host subnet address net work address or default route The destination for a default route is 0 0 0 0 Netmask The netw...

Page 162: ...ges addressed to the group much like what happens when an e mail message is sent to a mailing list IGMP multicasting enables UPnP capabilities over wireless networks and may also be useful when connec...

Page 163: ...ess your local net work New password Type a new password for the remote user If you do not want to assign a password to the remote user leave this field empty Retype new password If a new password was...

Page 164: ...tion If the Information level is selected the user will receive notification of Information Warning and Error events If the Warning level is selected the user will receive notification of Warning and...

Page 165: ...rrect person s public key Man in the middle attacks pose a potential threat where an ill intending 3rd party posts a phony key with the name and user ID of an intended recipient Data transfer that is...

Page 166: ...will expire The unique name of the certificate issuer the unique name of the entity that signed the certificate This is normally a CA Using the certificate implies trusting the entity that signed this...

Page 167: ...en will appear see figure 6 22 Figure 6 22 Create X 509 Request 4 Enter the following certification request parameters Certificate Name Subject Organization State Country 5 Click the Generate button A...

Page 168: ...t to a file and send it to a CA for signing 8 Click the Close button The main certificate management screen will ap pear listing your certificate as Unsigned Figure 6 25 Unsigned Certification Request...

Page 169: ...t should re semble what you see in figure 6 27 Figure 6 27 Loading a Signed Certificate 11 Click the Load button to register the signed certificate If the registration is successful the certificate ma...

Page 170: ...cates on the Advanced screen of the management console The Certificates screen will appear see figure 6 21 2 Click the CA tab 3 Click the Load Certificate entry in the table the Load CA s Certificate...

Page 171: ...fields will be displayed Enabled Select this check box to enable daylight saving time Start Date and time when daylight saving starts End Date and time when daylight saving ends Offset Daylight savin...

Page 172: ...ink The Scheduler rule edit screen will ap pear see figure 6 32 Figure 6 32 Scheduler Rule Edit 3 Specify a name for the rule in the Name field 4 Specify if the rule will be active inactive during the...

Page 173: ...Figure 6 33 Time Segment Edit 165...

Page 174: ...reen The GlobeSurfer 3G Firmware upgrade screen will appear see figure 6 34 Figure 6 34 GlobeSurfer 3G Firmware Upgrade 2 Click the Firmware upgrade button The Firmware upgrade screen will ap pear see...

Page 175: ...l begin and should take no longer than one minute to complete see figure 6 37 Figure 6 37 Upgrade in Progress When the upgrading is ready the GlobeSurfer 3G will automatically reboot The new software...

Page 176: ...ng your local network Advanced PPTP client server connection settings Figure 6 38 PPTP Settings 6 13 1 Managing Remote Users Select the Users link to define and manage remote users see figure 6 39 Fig...

Page 177: ...the con nection associated with the user to terminate For changes to take effect you should activate the connection manually after modifying user parameters You can use email notification to receive...

Page 178: ...lapse before the GlobeSurfer 3G disconnects a PPTP connection Authentication Encryption required Select whether PPTP will use au thentication encryption or both Allowed authentication algorithms Selec...

Page 179: ...er Select all the check boxes if no information is available about the server s authen tication methods PPP encryption Select the encryption algorithms your GlobeSurfer 3G may use when negotiating wit...

Page 180: ...es a common language on which communications between two parties is based Developed by the In ternet Engineering Task Force IETF IPsec and IKE together standardize the way data protection is performed...

Page 181: ...hentication failures The block period in seconds 6 14 2 1 Key Management 1 Click the IPsec icon from the Advanced screen to access the IPsec settings screen see figure 6 43 2 Click the Settings button...

Page 182: ...screen see figure 6 43 To configure advanced IPsec settings perform the following steps 1 Click the connection s Edit icon in the Action column The Connection properties screen will appear see figure...

Page 183: ...authenticate your IPsec peer Shared secret RSA signature Certificate Phase 1 encryption algorithm Select the encryption algorithms that GlobeSurfer 3G will attempt to use when negotiating with the IP...

Page 184: ...d be entered in HEX format Routing Define the connection s routing rules Please refer to Section 6 7 for instructions about creating routing rules Internet connection firewall Select this check box to...

Page 185: ...PnP services and rules every 5 minutes Any UPnP defined service which is found to be old and not in use is removed unless any user defined rule see Security screen depends on it This feature is disabl...

Page 186: ...specify the SNMP parame ters as provided by your Internet service provider Read Only Read Write Community Names SNMP community strings are passwords used in SNMP messages between the management system...

Page 187: ...Advanced Diagnostics 6 17 1 Diagnosing Network Connectivity To diagnose network connectivity perform the following steps 1 Click Diagnostics on the Advanced screen of the management console The Diagno...

Page 188: ...rvices and you may use the Re mote administration screen to selectively enable these services if they are needed Figure 6 49 Remote Administration To allow remote access to GlobeSurfer 3G services 1 C...

Page 189: ...ther settings making it difficult or impossible to access the GlobeSurfer 3G from the local network Therefore remote access to Telnet or HTTP services should be blocked and should only be permitted wh...

Page 190: ...nges to the SIM setup Figure 6 50 SIM Setup To change the settings of your SIM card perform the following 1 Click SIM Setup on the Advanced screen of the management console The SIM Setup screen will a...

Page 191: ...to get from your ISP Normally there are certain conditions that must be fulfilled to be able to unlock the device To unlock the GlobeSurfer 3G 1 Click Unlock Device on the Advanced screen of the manag...

Page 192: ...tion Figure 6 51 Restore Defaults To restore default settings 1 Click Restore defaults on the Advanced screen of the management console The Restore defaults screen will be displayed see figure 6 51 2...

Page 193: ...the Advanced screen of the management console The Restart screen will be displayed see figure 6 52 2 Click OK to restart the GlobeSurfer 3G This may take up to one minute To reenter the management co...

Page 194: ...The Technical information screen will appear Figure 6 53 Technical Information 2 Click Configuration file to view the contents of GlobeSurfer 3G s configu ration file Figure 6 54 Configuration File 3...

Page 195: ...nt of time that has passed since the system was last started To display the System monitoring screen 1 Click System monitoring in the left sidebar The screen consists of four tabs with the first summa...

Page 196: ...7 1 Monitoring Connections The Connections tab shows a table summarizing data of the monitored connec tions Figure 7 1 Monitoring Connections 188...

Page 197: ...d between the local network and the Internet Select the Traffic tab to display up to the second statistical information about data received from and transmitted to the Internet WAN and about data re c...

Page 198: ...7 3 System Log Select the System log tab to display a list of the most recent activity that has taken place on GlobeSurfer 3G Figure 7 3 System Log 190...

Page 199: ...7 4 System Up Time Select the System tab to display the amount of time that has passed since the system was last started Figure 7 4 System Up Time 191...

Page 200: ...he process of giving individuals access to system objects based on their identity Authentication merely ensures that the individual is who he or she claims to be but says nothing about the access righ...

Page 201: ...ion that describes the characteristics of Ethernet wired connections Access point A device that exchanges data between computers on a network An access point typically does not have any Firewall or NA...

Page 202: ...additional system resources This dependence on a server differentiating a client server network from a peer to peer network Computer name A name that uniquely identifies a computer on the network so t...

Page 203: ...vice that enables a broadband connection to access the In ternet DSL modems rely on telephone lines that operate at DSL speeds Duplex A mode of connection Full duplex transmission allows for the si mu...

Page 204: ...registered jack computer users on a home network can share resources such as an Internet connection files and printers without in terfering with regular telephone service HomePNA currently offers data...

Page 205: ...An architecture that standardizes levels of service and types of interaction for computers that exchange information through a communications net work The ISO OSI reference model separates computer to...

Page 206: ...ngle name of a grouping of computers that are linked together to form a network Network printer A printer that is not connected directly to a computer but is instead connected directly to a network th...

Page 207: ...settings of your device to restore factory settings You accomplish this by pressing the Reset button and holding it for five or more seconds Note that this is different from just resetting the device...

Page 208: ...parties to exchange information Messages are routed switched through intermediary stations that together serve to connect the sender and the receiver TCP IP Acronym for Transmission Control Protocol I...

Page 209: ...floors so you can connect computers that are in different rooms in the house without physically attaching them to one another Wireless access point A device that exchanges data between wireless com pu...

Reviews:

No comments