Lightning SA MultiCom Скачать руководство пользователя | Manualshive

Страница: 109 / 172

background image

MultiCom Firewall User’s Manual 109

Frequently Asked Questions

What is the order that data goes through the firewall?

1. Data comes into an interface as Input and is subject to Input NAT rules for

the particular interface

2. Data is subject to filtering rules* (in the Filtering Forward Panel)

3. Data is subject to routing rules

4. Data goes out an Interface as Output and is subject to Output NAT rules for

the particular interface

*data going directly to the firewall (telnet for example) use the Filtering Input
panel and data leaving directly from the firewall (syslog message for example)
uses the Filtering Output panel

How can I filter any thing but a certain address?

In the filtering source window you have the option of adding a ! before the IP
address or Port number. For instance if you selected !10.0.0.1 you are
selecting every IP address but 10.0.0.1. The same reaction occurs for ports
such as !1000–2000 means all ports except those between 1000 and 2000.

If I log a packet will it continue through the filtering rules or will it be dropped?

Logging a packet in the filtering rules table does not stop it from going
through other rules which in turn could drop, accept or use any other available
action on them.

What is a connection and how does it affect my filtering rules?

Because data packets are necessarily small they may not contain all of the
information that was requested in a data transaction (such as downloading a
web page). When the first packet is allowed through you are actually saying
that traffic related to this connection should be allowed through until its
completion.

What is the IP address of my firewall?

Devices do not have IP addresses, only their interfaces. In that sense there are
two IP addresses that will reach you firewall, the one on the LAN side and the
one on the WAN side. If you have a DMZ, Wireless, DSL or multi-PPPoE
configurations, your MultiCom can be reached by IP addresses assigned to
those interfaces.

Do routing rules take place before or after IP addresses have been translated by
NAT?

Routing takes place after IP network address translation, unless Output NAT

«
...
107
108
109
110
111
...
»

Содержание MultiCom

Страница 1: ...For Firmware 3 7 10 19 04 MultiCom Firewall User s Manual ...

Страница 2: ...ii MultiCom Firewall User s Manual ...

Страница 3: ...rms by any means without the prior written consent of Apliware SA LIGHTNING Instrumentation SA Avenue des Boveresses 50 Lausanne Vaud 1010 Switzerland Phone 41 21 654 2000 Fax 41 21 654 2001 http www lightning ch info lightning ch APLIWARE SA rue du Grand Pré 70 1222 Geneva 2 Switzerland Phone 41 22 918 3610 Fax 41 22 918 3695 http www apliware com info apliware com ...

Страница 4: ...iv MultiCom Firewall User s Manual ...

Страница 5: ...company brand and product names may be registered trademarks or trademarks of their respective companies and are hereby recognized Revisions This publication and the information herein is furnished AS IS subject to change without notice and should not be construed as a commitment by LIGHNTING S A and APLIWARE S A Furthermore LIGHNTING S A and APLIWARE S A assumes no responsibility or liability for...

Страница 6: ...ightning strokes or wrong cabling on any interface are expressly excluded from the warranty Opening the products also voids the warranty LIGHNTING S A and APLIWARE S A assumes no liability for consequential damages and its liability shall in no case exceed the original purchase price of the equipment The warranties set forth above are the sole warranties applicable to LIGHNTING S A and APLIWARE S ...

Страница 7: ... necessary to use LIGHNTING S A and APLIWARE S A products If you wish to use it be sure to check that it meets your company s standards for reliability security and useability Please check with the developer of the software for any necessary information about the use or capabilities of such included software While all included software on this CD has been virus checked and tested LIGHNTING S A and...

Страница 8: ...ecrets and other proprietary materials and in order to protect them you may not decompile reverse engineer disassemble or otherwise reduce the LIGHNTING S A and APLIWARE S A software to a human perceivable form You may not modify network rent lease loan distribute or create derivative works based upon the LIGHNTING S A and APLIWARE S A software in whole or in part You may not electronically transm...

Страница 9: ...SULTS OF THE USE OF THE LIGHNTING S A AND APLIWARE S A SOFTWARE OR RELATED DOCUMENTATION IN THE TERMS OF THEIR CORRECTNESS ACCURACY RELIABILITY OR OTHERWISE NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY LIGHNTING S A AND APLIWARE S A OR A LIGHNTING S A AND APLIWARE S A AUTHORIZED REPRESENTATIVE SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF THIS WARRANTY SHOULD THE LIGHNTING S A A...

Страница 10: ...neous understandings or agreements written or oral regarding such subject matter No amendment to or modification of the License will be binding unless in writing and signed by a duly authorized representative of LIGHNTING S A and APLIWARE S A Export Some versions and options of LIGHNTING S A and APLIWARE S A s Software and Hardware including technical data may be subject to Swiss E U U S including...

Страница 11: ...ons 20 IPSec VPN Option 21 SSH VPN Option 21 High Availability Option 21 Network Monitoring Option 22 About This Manual 22 Conventions 23 Packaging Contents 24 If The Product Is Received Damaged 24 To Return The Product 24 Chapter 2 Introducing The MultiCom Firewalls 27 MultiCom Firewalls 27 Introducing the Ethernet II 28 Back Panel 28 Front Panel of the Ethernet II 29 ...

Страница 12: ...ted 39 Connecting the MultiCom Firewall 40 Configuring Your Computers 42 Windows 43 Macintosh 46 Linux 48 Choosing the Internet Connection 48 Common Configurations 48 Special Configurations 50 Configuration Checklist 52 Plug Play Configuration DHCP 54 Using the Easy Setup 55 Accessing the Easy Setup Web Server 56 WAN DHCP Easy Setup 57 WAN PPPoE Easy Setup 58 WAN PPTP Easy Setup 59 WAN Static IP E...

Страница 13: ... 86 Backup Your Configuration 87 Restoring A Configuration 88 Updating Your Firmware 88 LED Status During Upgrade 92 Troubleshooting Firmware Upgrade 93 Chapter 5 Troubleshooting 95 Basic Things To Check 96 Common Local Network Problems 97 DHCP Troubleshooting 98 DHCP To The Internet 98 DHCP On Your Local Network 100 PPPoE Troubleshooting 101 Incorrect Password 102 PPPoE Server ISP Not Available 1...

Страница 14: ...II 118 Physical Specifications 118 Declaration of Conformity 119 MultiCom SpeedSurf 120 Physical Specifications 120 Declaration of Conformity 121 Enterprise Ethernet 122 Physical Specifications 122 Declaration of Conformity 123 Pin Assignments 124 Appendix B Additional Licenses and Copyrights 125 Licensing 125 Apache License 125 BSD Copyright 125 GNU General Public License 127 OpenSSL License 133 ...

Страница 15: ...MultiCom Firewall User s Manual xv ...

Страница 16: ...xvi MultiCom Firewall User s Manual ...

Страница 17: ...nd that the MultiCom Firewalls can help You now have access to many networking possibilities for instance you can secure your data share your Internet connection with multiple computers and filter or receive notifications of potential network attacks For the latest release notes documentation firmware and software check the Lightning website at http www lightning ch support MultiCom Firewall Featu...

Страница 18: ... the web interface or the multi platform Configurator software DNS Cache for faster Internet response Dynamic DNS supporting 9 different services for finding your computer even if the IP address changes Multimedia H 323 IRC ICQ and PPTP client pass through support with NAT DHCP server up to 1 000 clients for automatic IP configuration to clients or DHCP Relay on any Interface Ethernet parameter ed...

Страница 19: ...ing the File Transfer Protocol FTP Built in Domain Name Server DNS to name local computers Multilingual with English French and German built in Upgradable flash memory Software Add on Options IPSec based Virtual Private Network VPN supporting Gateway client and point to point modes Preshared Manual and PKI x 509 Keys for central management and 3rd party vendor compatibility Support for multiple wo...

Страница 20: ...o be purchased and activated to be useable Activation of Options currently requires the user to install a unique key file versions before 3 4 required a special firmware containing the purchased options and then reboot the MultiCom Firewall Currently the options are available IPSec VPN 2 tunnels IPSec VPN 20 tunnels and unlimited IPSec VPN tunnel options IPSec VPN 2 Tunnels IPSec VPN 20 Tunnels IP...

Страница 21: ...tificates for more complex IPSec configurations For more information or to purchasing this option contact your distributor SSH VPN Option All existing MultiCom Firewalls offer Virtual Private Networks VPN using the SSH Port Forwarding protocol when the SSH option is purchased This is a powerful Secure Remote Access add on for the standard MultiCom Firewall functionality Using SSH Port Forwarding t...

Страница 22: ...status checks are written to the internal log optionally can be emailed to selected email accounts and is visible from the web interface and the Monitor software All NMS configurations require the use of the Configurator software included on the MultiCom Companion CDROM in the Advanced Configuration mode Refer to the Lightning Linux Reference Manual for information on configuring this feature For ...

Страница 23: ...les describe the typefaces and symbols used in this manual Table 1 Typography Table 2 Symbols Typography Meaning Computer Output is data generally displayed or presented by the computer User Input is text or commands that you type contrasted with onscreen computer output Button is the text on a button used to describe what button to click Menu indicates the name of a menu or tab that takes you to ...

Страница 24: ...extent of the damage to Customer Support so that action can be initiated to repair or replace damaged items or instructions issued for returning items The responsibility of the manufacturer ends at the delivery to the first carrier ALL CLAIMS for loss damage or nondelivery must be made against the delivering carrier WITHIN 8 DAYS OF RECEIPT of shipment To Return The Product An Return Material Auth...

Страница 25: ...n The Product Products returned without an RMA number will be returned to the sender at the sender s expense Improperly packaged products will not be covered under warranty For warranty repairs please include a copy of a dated proof of purchase ...

Страница 26: ...Chapter 1 Preface 26 MultiCom Firewall User s Manual ...

Страница 27: ...ware configurations to best meet your needs Each firewall uses Lightning Linux to provide additional features and options to the hardware In all cases you can configure your firewall either by using your Internet browser for Easy Setup Easy Firewall or Interface configuration or by using the Configurator software found on your MultiCom Companion CD ...

Страница 28: ... in memory position 1 RED to load the factory default configuration Power Use the Power interface to connect to the included MultiCom power adapter LAN Use the LAN Local Area Network interface to connect to your network devices workstations printer servers network camera or hub WAN Use the WAN Wide Area Network interface to connect to your Broadband modem xDSL Cable or Wireless Modem Kensington Lo...

Страница 29: ...nk is up Blinking ORANGE when traffic is passing Blinking RED when packet collisions occur Steady RED when link is down WAN Steady GREEN when link is up Blinking ORANGE when traffic is passing Blinking RED when packet collisions occur Steady RED when link is down First LED left of Power LED GREEN when SecureWall is ON ORANGE when filtering is ON and SecureWall is OFF RED when SecureWall and Filter...

Страница 30: ...Local Area Network interfaces to connect to your network devices workstations printer servers network camera DMZ Use the DMZ Demilitarized Zone interface to connect public servers www ftp This port allows customized security for these servers WAN Use the WAN Wide Area Network interface to connect to your Broadband modem xDSL Cable or Wireless Modem Console Use the console port with the included ca...

Страница 31: ...hen packet collisions occur Steady RED when link is down DMZ Steady GREEN when link is up Blinking ORANGE when traffic is passing Blinking RED when packet collisions occur Steady RED when link is down LAN 1 4 Steady GREEN when link is up Blinking ORANGE when traffic is passing Blinking RED when packet collisions occur Steady RED when link is down Security GREEN when SecureWall is ON ORANGE when fi...

Страница 32: ...connect to the included MultiCom power adapter Console Use the console port with the included cable to connect to the serial port of your workstation This allows you direct access to the CLI Command Line Interface an can be used to configure the firewall LAN Use the LAN Local Area Network interface to connect to your network devices workstations printer servers network camera or hub WAN Use the WA...

Страница 33: ...y GREEN when link is up Blinking ORANGE when traffic is passing Blinking RED when packet collisions occur Steady RED when link is down WAN Steady GREEN when link is up Blinking ORANGE when traffic is passing Blinking RED when packet collisions occur Steady RED when link is down Security GREEN when SecureWall is ON ORANGE when filtering is ON and SecureWall is OFF RED when SecureWall and Filtering ...

Страница 34: ...ower interface to connect to the included MultiCom power adapter LAN 1 4 Use the 4 LAN Local Area Network interfaces to connect to your network devices workstations printer servers network camera DMZ Use the DMZ Demilitarized Zone interface to connect public servers www ftp This port allows customized security for these servers WAN Use the WAN Wide Area Network interface to connect to your Broadba...

Страница 35: ...king RED when packet collisions occur Steady RED when link is down DMZ Steady GREEN when link is up Blinking ORANGE when traffic is passing Blinking RED when packet collisions occur Steady RED when link is down LAN 1 4 Steady GREEN when link is up Blinking ORANGE when traffic is passing Blinking RED when packet collisions occur Steady RED when link is down Security GREEN when SecureWall is ON ORAN...

Страница 36: ...rewalls administrative web server NOTE The Internet Connection can also be an office to office connection such as an ADSL line between two offices and a modem on each side to provide Ethernet connectivity Advanced Configuration Software Requirements For advanced configuration options you may install or run the Configurator Software from your MultiCom Companion CD Below are the requirements to use ...

Страница 37: ...L OPENING CASE VOIDS GUARANTEE VORSICHT KEIN TEIL IM GEHÄUSE KANN VOM BENÜTZER SELBST REPARIERT WERDEN BITTE WENDEN SIE SICH AN QUALIFIZIERTES WARTUNGSPERSONAL DAS ÖFFNEN DES GERÄTES FÜHRT ZUM VERLUST DER GARANTIE ATTENTION CET APPAREIL NE CONTIENT AUCUN ELEMENT QUE L UTILISATEUR PUISSE REPARER CONFIEZ LA MAINTENANCE AU PERSONNEL TECHNIQUE QUALIFIE L OUVERTURE DE L APPAREIL ANNULE LA GARANTIE ...

Страница 38: ...Chapter 2 Introducing The MultiCom Firewalls 38 MultiCom Firewall User s Manual ...

Страница 39: ...ur local network will be able to access the Internet through your firewall Be sure that you have asked your ISP how they expect you to connect to the their services using DHCP PPPoE PPTP or a static IP Address NOTE The term Internet is used to describe the network that you use the MultiCom Firewall to connect to The MultiCom Firewall that you can also use to connect to other remote computers or se...

Страница 40: ...ion such as Syslog SNMP messaging Dynamic DNS Local Name Server Interface editing such as MAC address or link speed NTP FTP customized and standard filters requires the use of the Configuration Software and is described in the Lightning Linux Reference Manual You will also find information there on how to install and use the Configurator software Connecting the MultiCom Firewall Following are the ...

Страница 41: ...y are connected to a network device or blinking yellow to show that data is passing it will be possible to reach the web server of the firewall This does not mean that you are connected to your ISP only that the cable connection between the MultiCom Firewall and the modem router computer or hub is good If you have problems at this point please check the troubleshooting section later in this manual...

Страница 42: ...t gateway and DNS server used to reach the Internet The process to enter these settings into your computer varies depending on your operating system If you do not see your operating system represented in the following sections please refer to your computer s user manual for explanations on configuring your network settings Optionally you can make this configuration on only 1 computer to allow acce...

Страница 43: ...install that now To set your computer as a DHCP Client 1 choose the IP Address tab 2 click on Obtain IP address automatically 3 click on OK 4 click on OK 5 follow the onscreen instructions which will probably have you reboot your computer 6 if you have the option to select a DNS server choose Obtain DNS In your networking window you should be in the Configuration panel Here you will see the networ...

Страница 44: ...f your MultiCom Firewall s LAN interface by default this is 10 0 0 1 and click add 6 click on OK to close and save the properties window 7 click on OK to close and apply the network controls for your computer 8 follow the onscreen instructions which will probably have you reboot your computer Now you are finished configuring your Windows computer to access your MultiCom Firewall Please continue on...

Страница 45: ...creen instructions which might ask you to reboot your computer To manually set your computer s IP address 1 choose the General tab 2 click on Use the following IP address 3 enter the IP address Subnet mask and Default gateway Be sure that the Subnet Mask and Default gateway match the settings of the MultiCom Firewall s LAN interface For the first connection this should be IP address 10 0 0 1 Subne...

Страница 46: ... on OK 8 follow the onscreen instructions which might ask you to reboot your computer Now you are finished configuring your Windows computer to access your MultiCom Firewall Please continue onto the next section to verify that everything is set up correctly Macintosh To reach the network control panel on your Macintosh you need to choose on your Apple Menu Control Panels TCP IP Panel This is where...

Страница 47: ...ve your changes To manually set your computer s IP address 1 under Configure select Manually 2 enter the IP address for your computer in the IP address field 10 0 0 2 for example 3 enter your network mask in the Network mask field by default this should be 255 0 0 0 4 enter your firewall IP address the IP address of your MultiCom Firewall s LAN interface 10 0 0 1 by default in the firewall address...

Страница 48: ...e interface card iface eth0 inet static address 10 0 0 2 netmask 255 0 0 0 broadcast 10 255 255 255 firewall 10 0 0 1 Choosing the Internet Connection Common Configurations There are 5 common ways to configure your new MultiCom Firewall for use on your network and they are listed below These assume that your Broadband modem can be or already is configured in bridging mode allowing the firewall dir...

Страница 49: ...k and your xDSL cable or wireless modem to use the default configuration If your broadband modem is the DHCP server please read below for additional information Option 2 PPPoE is used when your Internet Service Provider requires you to only have a username and password to access the Internet This type of Internet connection is typical for use with DSL Broadband modems In this cases you enter the n...

Страница 50: ...terface 3 Network router is between Modem and Firewall 4 Network router is between Firewall and Local Network CAUTION Because you will be creating 2 networks one between the MultiCom Firewall and the Broadband Modem and one between the MultiCom Firewall and the local network you must be sure that both are using different subnets For example the default LAN interface uses subnet 10 0 0 0 255 0 0 0 ...

Страница 51: ...all If the Broadband Modem does not offer a DHCP server then you will need to use the Easy Setup s Static IP configuration to allow the MultiCom Firewall to reach it Configure the WAN interface of the Firewall to be on the same network as the Modem For instance if the Modem has an IP address of 192 168 0 1 subnet 255 255 255 0 then configure the Firewall s WAN IP address to be 192 168 0 2 subnet 2...

Страница 52: ...can be changed by you during the Easy Setup visiting http 10 0 0 1 setup lan or with the Configurator software Table 3 Pre set configuration of MultiCom Firewall NOTE When using the DHCP server of your firewall the necessary IP parameters will be distributed to your LAN by the built in DHCP server This saves you from having to manually configure each computer There can only be one DHCP server on a...

Страница 53: ...net Table 5 PPPoE PPTP configuration checklist for WAN interface If you are not using DHCP PPPoE or PPTP then you will need to configure a Static IP configuration The table below is all of the information that you will need from your ISP to successfully make a connection to the Internet WAN LAN DMZ Ethernet III only DHCP client DEFAULT optional optional DHCP server optional DEFAULT optional PPPoE ...

Страница 54: ... you your IP address DNS server address and default firewall configuration with a DHCP server 2 Are all of your internal network LAN devices configured as DHCP Clients If your Internet Service Provider uses DHCP to assign you your IP configuration parameters and your computers are configured as DHCP clients you can simply plug in the MultiCom Firewall immediately between your network and your xDSL...

Страница 55: ...ewall or use the Configurator software from the Companion CD to properly configure your MultiCom Firewall CAUTION Some Internet Service Providers that use DHCP also require you to register the hardware MAC address of your computer s Ethernet card If this was the case you will either have to ask them to change the MAC address to the WAN interface of your MultiCom Firewall 00 90 f4 xx xx xx where xx...

Страница 56: ...gure the MultiCom Firewall optionally a computer with a static IP address between 10 0 0 2 10 255 255 255 and with a subnet mask of 255 0 0 0 can be used If you are unsure how to do this see the previous section on Configuring Your Computers CAUTION if your MultiCom Firewall does not respond you may need to reset it to its default settings Refer to the Resetting Default Settings section of the Tro...

Страница 57: ...ice depends on how your Internet Service Provider connects you to the Internet You will see the WAN Configuration webpage where you can select the Connection Type that your ISP has asked you to use The next four sections describe the 4 possibilities for configuring the WAN interface using DHCP PPPoE PPTP or a static configuration WAN DHCP Easy Setup If your Internet Service Provider connects you u...

Страница 58: ... Provider connects you using a PPPoE server you need to click the PPPoE option in the Easy Setup window see the window above This window only requires a username and password to access your Internet Service Provider This information is available from your Internet Service Provider The PPPoE setting causes the MultiCom Firewall to automatically and regularly demand its IP configuration from a PPPoE...

Страница 59: ...ty this is the number of seconds before the PPP connection is closed 7 Optionally enable the TCP Frame Size Adaption as a troubleshooting step if you are having problems connecting to your Internet Service Provider or certain web pages 8 Click the Next button and goto the Section LAN Easy Setup on page 63 Diagnostics and status information on this connection is available from the MultiCom web serv...

Страница 60: ...me subnetwork as the Ethernet interface of the modem This creates 2 networks one between the MultiCom Firewall and the broadband modem and one between the MultiCom Firewall and the local network By default this PPTP Setup Panel configures your WAN interface s network to be 10 0 0 1 255 0 0 0 expects to find the broadband modem at IP address 10 0 0 138 and changes the LAN interface to 192 168 1 1 2...

Страница 61: ... have and IP Address of 10 0 0 1 7 Enter in the Subnet Mask of the broadband modem 8 Click the Next button and goto the Section LAN Easy Setup on page 63 WAN Static IP Easy Setup In some cases your Internet Service Provider will have you configure all of the necessary information manually This is common when you are assigned a static IP address that will not change The needed configuration informa...

Страница 62: ...ided you with all of the information necessary to fill in this form 2 Enter in the WAN IP Address that your MultiCom Firewall will be known as provided by your Internet Service Provider 3 Enter in the WAN Subnet Mask that will be used between the Internet Service Provider and the MultiCom Firewall 4 Enter in the Default Gateway address otherwise known as the IP address of the Internet Service Prov...

Страница 63: ...ubnet Mask that will be used on your local network 3 Choose to enable or disable the built in DHCP server for managing your network By default this is enabled and should not be changed unless you have another DHCP server on your network 4 If you enabled the DHCP server choose the first IP address that the MultiCom Firewall should assign on your local network to DHCP clients This IP Address must be...

Страница 64: ...at will be used on your local network 3 Choose to enable or disable the built in DHCP server for managing your network By default this is enabled and should not be changed unless you have another DHCP server on your network 4 If you enabled the DHCP server choose the first IP address that the MultiCom Firewall should assign on your DMZ network to DHCP clients This IP Address must be on the same su...

Страница 65: ...bpages allows you to enable or disable the Stateful Packet Inspection Firewall to work along with the SecureWall firewall When filtering is enabled all traffic from the DMZ network if available to the LAN is blocked Additionally you can choose to block NetBIOS traffic directed to the WAN interface or coming from the LAN interface Additional rules can be customized using the Configurator software a...

Страница 66: ... 1 in the SecureWeb HTTPS TCP 443 and or the Secure Shell SSH TCP 22 server fields Saving The Configuration 1 Finally you have a summary of your chosen configuration and the choice of how to save it You can either choose Apply Configuration to save the configuration to the temporary memory and start using it right away or you can choose Apply Configuration and Save as Boot config The second option...

Страница 67: ...on has been successfully saved using the Apply Configuration button you will see the following screen Your Easy Setup configuration is now finished 3 If you saved your configuration using the Apply Configuration and Save as Boot config button you will see the following screen Your Easy Setup configuration is now finished Fine Tuning Your Configuration The default configuration that you have just s...

Страница 68: ...ools options where 10 0 0 1 is the IP address of the LAN interface of the Firewall Finally click on the browse button to where the Option Key text file has been saved Finally click the button Update Options Key Configure Date And Time To set the correct date and time on the MultiCom Firewall you will need to use a web browser to goto the LAN interface http 10 0 0 1 tools date where 10 0 0 1 is the...

Страница 69: ...he default user multicom is disabled This means that only the new user will have the right to configure the MultiCom Firewall If you forget your username and password you will have to reset the MultiCom Firewall back into its default configuration and reload the configuration file from a backup copy NOTE When the first new Privileged user is created the multicom user will be deactivated and you wi...

Страница 70: ...o your modem or directly to the ISP if the modem is in bridge mode 5 your modem unless already connected will dial your Internet Service Provider authenticate your user name and password and then send information request to the Internet The information that you requested will follow the same route back in the opposite order to reach the computer making the request In most cases you will either get...

Страница 71: ...s wan and from the DHCP or PPP tab of the Configurator software s Monitor window Don t forget to register your MultiCom Firewall and consider reading up on the more advanced options available CAUTION A request to the Internet may be made without your being aware of it These requests could inadvertently open your network connection and cause you additional phone Check the Troubleshooting chapter fo...

Страница 72: ...nternationalspeedtests htm http www dslreports com stest http www gibroadband com pages speedtest asp http bandwidthplace com speedtest http www itzalist com com dsl speed test html Registering Your Firewall Registering your firewall allows you to keep up to date with the latest developments for your product Additionally registration takes away the burden of keeping proofs of purchase for upgrades...

Страница 73: ...rs can affect the way your network runs new software installations misconfigurations of hardware and even electromagnetic interference can all cause serious changes in the way data travels through your network Just as with any emergency preparation will minimize the effect on your business and peace of mind Your MultiCom Firewall has been equipped with numerous tools to assist in your maintenance ...

Страница 74: ...1 enter any necessary user names and passwords by default user multicom and there is no password You can print this information out using your web browser s print functions Starting in Lightning Linux 3 4 the web server provides direct status information of the Firewall services interfaces and logged events Simply select the STATUS link in the menu This page is shown below Tools Function System St...

Страница 75: ...will also show if a DHCP server is active on the interface and offer the option to see existing DHCP Leases Wireless LAN Status Shows the Wireless Interface diagnostics This is the window where the user can see the WLAN status and state of each hardware interface the current configuration of the selected interface the broadcast level VRRP Status If the High Availability option has been installed t...

Страница 76: ...your firewall whether it is on a local or remote network MultiCom Serial number http 10 0 0 1 config system hardware Software version http 10 0 0 1 config system software LAN status http 10 0 0 1 config interface ethernet LAN stat us LAN DHCP server leases http 10 0 0 1 config interface ethernet LAN ip d hcp server status leases WAN status http 10 0 0 1 config interface ethernet WAN stat us WAN DH...

Страница 77: ...ll and watch for alerts warnings notices and other information 1 To reach the monitoring screens of the Configurator you will need to first start the Configurator from CD hard disk or a remote drive see the section on Starting Easy Setup or Installing the Configuration Software if you need assistance in starting the Configurator 2 Click search to search for the MultiCom Firewall on your local netw...

Страница 78: ...active DNS servers for the firewall Dynamic DNS The current status of a Dynamic DNS configuration if one exists Interfaces Status of each interface port LAN WAN identifying information and data traffic reports DHCP Client Window shows all of the configuration data received from a DHCP server Server Window shows currently assigned IP addresses and their lease times PPP Describes current status of P...

Страница 79: ...I Status of PKI Keys Certificates and Certificate Revocation Lists installed on the Firewall when IPSec optionsa are installed VRRP Status of High Availability on each interface when the High Availability option is installed Monitor Status and delay of each listed service host when Network Monitoring options are installed Event Log Events being generated by the MultiCom Firewall Description Comman...

Страница 80: ... hostname NT workstation WAN status info interface ethernet WAN status status status UP RUNNING WAN DHCP client status info interface ethernet WAN ip dhcp client status state state Assigned PPPoE status info interface ppp PPPoE status status status UP RUNNING PPPoE IP address info interface ppp PPPoE status ip_address ip_address 212 147 17 76 PPPoE IPCP info info interface ppp PPPoE ipcp status st...

Страница 81: ...n serial port This gives direct access to the firewall Available PPPoE servers info interface ppp PPPoE pppoe server_list indexes 0 1 2 info interface ppp PPPoE pppoe server_list 0 access_concentrator_name access_concentrator_na me ipc lsp690 r lc 01 info interface ppp PPPoE pppoe server_list 0 service_name service_name Any ARP entries info arp status arp_entry indexes 0 1 2 info arp status arp_en...

Страница 82: ...abled true saveconfig current DISABLE FILTERING set ip filtering enabled false saveconfig current ENABLE FILTERING OBJECTS set ip filtering_objects enabled true saveconfig current DISABLE FILTERING OBJECTS set ip filtering_objects enabled false saveconfig current ENABLE DNS PROXY set ip dns proxy enabled true saveconfig current DISABLE DNS PROXY set ip dns proxy enabled false saveconfig current EN...

Страница 83: ...properly connected a solid green light If an interface is not connected a solid red light If data is traversing the interface when the active port blinks orange data is traveling through that interface If there are collisions occurring on the firewall the light blinks red Starting with Lightning Linux 3 3 the Security LED is also functional and will show DISABLE SYSLOG DEBUG OUTPUT eventdebug stop...

Страница 84: ... logins logouts and failures Failed and successful attempts to save a configuration file to the firewall IPSec activity Network Monitoring activity Network Monitoring activity Email activity DHCP activity PPPoE activity PPTP activity Stateful Packet Inspection SPI activity SecureWall dropped packets Startup of firewall SNMP Messages The MultiCom firewall can be configured to respond to SNMP reques...

Страница 85: ...d will help identify what is causing the problem The information in this window can be cut and paste for printing or emailing to Technical Support To see the Log window click on the Tools Menu and select the Show Log command The error messages from the Configurator allow you to cut and paste the text in most operating systems Check with your operating system for it s method of cutting and pasting ...

Страница 86: ...e and time for the MultiCom Firewall Update the Firmware Tells the MultiCom Firewall where the upgrade firmware is and to start the upgrade process Reboot the Firewall Reboots the MultiCom Firewall using the configuration in the boot memory position Restore the Factory Defaults This will delete all passwords security parameters option keys and configuration files and reboot with the factory defaul...

Страница 87: ... a floppy or attach to an email User Configuration Create edit or delete users and permissions on the MultiCom Firewall Additionally you can login as a different user from this window See the Reference Manual chapter on Concepts for explanations on the different users and rights Manage IPSec Connections Enable disable or remove IPSec connections Requires an IPSec option to be installed Security Ed...

Страница 88: ...re traffic can move through the firewall Updating Your Firmware Because your MultiCom Firewall has been equipped with flash memory it is possible for you to update it with a newer operating system also known as firmware than was available when you purchased it NOTE Contact your distributor or check the Lightning web site for notifications on the latest firmware Additional charges may apply Upgradi...

Страница 89: ...upted during the upgrade process your MultiCom Firewall could become unusable and require repairs from your local distributor Continue at your own risk To install the latest firmware follow the steps below Please check the Support website for the latest version of the MultiCom Firmware Upgrade instructions ...

Страница 90: ...e MultiCom usually this is the LAN interface 3 Type in your username and password by default the username is multicom and there is no password 4 Select Toolbox or MultiCom Tools in firmware versions before 3 4 5 Select Update the Firmware 6 Type in the location of the new firmware file or click Browse to find the file on your hard disk If you use Browse you may need to choose All Files in the Type...

Страница 91: ...ss this button Otherwise you are asked to reload the firmware If the web server gives you an error or does nothing then try using a different web browser or check with your distributor for another copy of the firmware NOTE this step is skipped in firmware versions 3 1 and higher If the firmware is good you will jump to step 9 and write the new firmware If the firmware is bad your router will reboo...

Страница 92: ...ultiCom Firewall to reboot with the new firmware upgrade The lights on the front of the device will change colors during the upgrade process and will stop blinking after the MultiCom Firewall has rebooted WARNING While the firmware upgrade is being written do not interrupt the power to the MultiCom Firewall 10 You are finished Verify that your new version of Lightning Linux firmware is currently i...

Страница 93: ...all into the default configuration and then try reinstalling again download or contact your distributor for another copy of the firmware Remember that you will need to upgrade the Configurator software to the same version of the firmware that you just installed Status Description Checking the validity of the firmware All of the leds are lit green except the power led which is blinking green and bl...

Страница 94: ...Chapter 4 Maintenance 94 MultiCom Firewall User s Manual ...

Страница 95: ...To correctly fix the problem the source of it must be found In networking this is especially true because the problem may not necessarily point you toward the answer for instance a bad DNS server would stop you from reaching web addresses but not if you only used the IP address There are two questions you must always check 1 Were the instructions followed correctly 2 Has anything recently changed ...

Страница 96: ...tly and try switching the ethernet cable to one that you know is good If all of the physical connections are good as tested above the next steps is to verify that you can 1 from your computer communicate with the LAN interface of the MultiCom Firewall 2 from the MultiCom Firewall communicate with your ISP 3 from your computer communicate with the Internet TIP A simple troubleshooting step is to re...

Страница 97: ...ng an IP address such as http 193 247 134 2 to reach a web site If it does then your DNS is not reachable and you should check with your Internet Service Provider Is there another DHCP server on your Local Network in addition to the one on the MultiCom Firewall If so you can only have one so you must disable one of them Were you using an analogue modem before connecting the Broadband modem Maybe y...

Страница 98: ... pages found at Web Server Status Reports on page 74 Also be sure to check the IP configuration received by your workstations and that the firewall IP address received is the IP address of your MultiCom Firewall the default setting is 10 0 0 1 Table 12 WAN DHCP client status states DHCP is not being used by your Internet State of the interface Possible problem Disabled DHCP is not enabled for this...

Страница 99: ... your modem that it is indeed configured as a bridge If the two above steps are not showing a problem this may be your problem You changed the time on your firewall but did not reboot The default date of your MultiCom Firewall is January 1970 DHCP works on a lease system where IP configurations are good for a specified amount of time When the original lease runs out your MultiCom Firewall will att...

Страница 100: ...P address as your firewall you changed the time on the MultiCom Firewall but did not reboot Be sure to check the LAN DHCP server leases page to see what IP addresses have been assigned and their status These require using the web server diagnostic pages found at Web Server Status Reports on page 74 Your workstations are not configured as DHCP clients Check that each workstation is configured as a ...

Страница 101: ...ou cannot have another ethernet device on your network with this same IP address Consider changing the other devices IP address or change the IP address of your MultiCom Firewall You changed the time on your firewall but did not reboot The default date of your MultiCom Firewall is January 1970 DHCP works on a lease system where IP configurations are good for a specified amount of time When the ori...

Страница 102: ... PPPoE server to correctly use their services To check that this connection is available or not visit the PPPoE Link status page on your firewall If you see the error message Endpoint not connected that means there is no available connection to the ISP Check that your cables are connected properly all interface lights are green on your modem and MultiCom Firewall and that the modem is configured t...

Страница 103: ...g the problem can be half way around the world More information about this can be found in RFC2923 TCP Problems with Path MTU Discovery Other Sources Of DSL Information DSL Reports at http www dslreports com Web Page HTTP your browser will seem to connect but no data or web page comes back FTP you can login into a web server but cannot use dir ls of directories with a lot of files and cannot trans...

Страница 104: ...failed This means that a connection to the ISP is possible but that the username and password you have entered is incorrect Verify your username and password is correct and or contact your Internet Service Provider PPTP Server Not Available If your cabling is incorrect the modem is not functioning configured properly the xDSL line is not functioning or the IP Address of the WAN interface is not in...

Страница 105: ...ror message No route to host means the WAN Interface is configured for a different subnet than the IP address that was given for the PPTP Server Resetting The Default Configuration If you think that a configuration is preventing you from accessing the firewall you may want to restore the default configuration of the firewall and start with a fresh configuration file When you want to restore the de...

Страница 106: ...ait for the firewall to finish booting up this is when the LAN and WAN light remain either a steady green or red and the rest of the LEDs have stopped blinking The factory default configuration is then loaded up into the current memory location of the MultiCom Firewall Configurations that were stored in the firewall prior to the reset are still saved in the memory of the firewall CAUTION This conf...

Страница 107: ...l If you have saved your config to the memory of the firewall such as the config boot location then it will still be there when you boot up again If your changes were only made in the config current location then your changes are erased and you will need to load them from a backup copy However after 2 day without power your MultiCom Firewall will forget what the date is and reset itself back to Ja...

Страница 108: ... firewall see the Concepts Chapter of the Lightning Linux Reference Manual Why do some network services seem very slow after I have applied filtering Be sure to have read the chapter on filtering data and that you understand how your software communicates with remote servers In particular port 113 is often used to verify if a communication link is valid and if all external packets are being droppe...

Страница 109: ...and 2000 If I log a packet will it continue through the filtering rules or will it be dropped Logging a packet in the filtering rules table does not stop it from going through other rules which in turn could drop accept or use any other available action on them What is a connection and how does it affect my filtering rules Because data packets are necessarily small they may not contain all of the ...

Страница 110: ...an use NAT to have the Ethernet firewall accept data packets for an IP address other than the one assigned to the WAN interface ARP requests to the WAN interface are only replied to when the requested IP address is the one assigned to the WAN interface or if the ARP Proxy is configured to respond to a chosen IP address Otherwise no ARP replies will occur for the other IP addresses using NAT Check ...

Страница 111: ...umentation assumes no responsibility for the use maintenance or damage these software products may cause Please refer to the software s authors for support and any other information you may need Please check the author s web sites for the latest information on these software packages General Utilities Adobe Acorbat document reader at http www adobe com Firefox web browser at http www mozilla org p...

Страница 112: ...SH SSH SCP SFTP server client at http sshwindows sourceforge net PuTTY ssh telnet at http www chiark greenend org uk sgtatham putty RealVNC visual remote control at http www realvnc com RSS News Ticker RSS News feeds at http www rssnewsticker com Sam Spade network query tool at http www samspade org The Green Bow IPSec VPN client at http www thegreenbow fr vpn html WAMP webserver database for wind...

Страница 113: ...apacket html Chicken of the VNC remote control at http sourceforge net projects cotvnc Dans Guardian web content filtering at http www lopata net staticpages index php page DGCHome Fugu SFTP SCP and SSH Frontend at http rsug itd umich edu software fugu IPSecuritas IPSec client at http www lobotomo com iStumbler finding wireless networks and devices at http www istumbler net JellyfiSSH SSH telnet c...

Страница 114: ...v IP Traffic at http cebu mozcom com riker iptraf Knoppix at http www knoppix net Nessus at http www nessus org Netstatpl at http freshmeat net Net tools at http freshmeat net NMAP at http www insecure org nmap RealVNC visual remote control at http www realvnc com Sniffit at http reptile rug ac be coder sniffit sniffit html Tcpdump at http www tcpdump org Tkined Scotty at http wwwsnmp cs utwente n...

Страница 115: ... are unsure what model you have refer to the title on the cover of the firewall or to the box that your firewall arrived in Additionally the pin assignments for MultiCom products is at the end of this section The MultiCom Firewall line of products is as follows MultiCom Ethernet II MultiCom Ethernet III MultiCom SpeedSurf MultiCom Enterprise Ethernet ...

Страница 116: ...3 or better Cabling 100BaseTX STP Category 5 or better Dimensions 26 x 18 x 3 5 cm Weight 0 6 kg Ethernet 1 x 10BaseT RJ45 MDI 10 Mbits s WAN 1 x 100BaseTX RJ45 MDI 10 100 Mbits s autosensing LAN supporting full and half duplex modes LED Display WAN LAN Power Power 12V DC 1 2 A Temperature 5 to 40 C Humidity 10 to 85 non condensing Noise Noiseless Approvals CE Standards IEEE 802 3 10Base T CSMA CD...

Страница 117: ...unity EN 61000 6 2 EN 6100 4 2 Electrostatic discharge EN 6100 4 3 Electromagnetic fields EN 6100 4 4 Fast electric transcients EN 6100 4 5 Surge EN 6100 4 6 Conducted disturbance EN 6100 4 11 Voltage dips short interruptions following the provisions of the EC directive RTTE 99 5 EEC Lausanne Switzerland November 2000 Manufacturer LIGHTNING Instrumentation S A Address Avenue des Boveresses 50 CH 1...

Страница 118: ...Mbits s WAN 4 x 100BaseTX RJ45 MDI X 10 100 Mbits s autosensing switched ports LAN 1 x 100BaseTX RJ45 MDI 10 100 Mbits s autosensing DMZ supporting full and half duplex modes LED Display WAN LANx4 DMZ Security Power Power 12V DC 1 2 A Temperature 5 to 40 C Humidity 10 to 85 non condensing Noise Noiseless Approvals CE Console RS 232 RX TX only with special cable Standards IEEE 802 3 10Base T CSMA C...

Страница 119: ... B FCC Part 15 subpart B class B Immunity EN 61000 6 2 EN 6100 4 2 Electrostatic discharge EN 6100 4 3 Electromagnetic fields EN 6100 4 4 Fast electric transcients EN 6100 4 5 Surge EN 6100 4 6 Conducted disturbance EN 6100 4 11 Voltage dips short interruptions following the provisions of the EC directive RTTE 99 5 EEC Lausanne Switzerland June 2001 Manufacturer LIGHTNING Instrumentation S A Addre...

Страница 120: ...Ethernet 1 x 10BaseT RJ45 MDI 10 Mbits s WAN 1 x 100BaseTX RJ45 MDI 10 100 Mbits s autosensing LAN supporting full and half duplex modes LED Display WAN LAN Security Power Power 4 5V DC 1 5 A Temperature 5 to 40 C Humidity 10 to 85 non condensing Noise Noiseless Approvals Console RS 232 RX TX only with special cable Standards IEEE 802 3 10Base T CSMA CD IEEE 802 3u 100BaseTX CSMA CD Security Kensi...

Страница 121: ...munity EN 61000 6 2 EN 6100 4 2 Electrostatic discharge EN 6100 4 3 Electromagnetic fields EN 6100 4 4 Fast electric transcients EN 6100 4 5 Surge EN 6100 4 6 Conducted disturbance EN 6100 4 11 Voltage dips short interruptions following the provisions of the EC directive RTTE 99 5 EEC Lausanne Switzerland September 2001 Manufacturer LIGHTNING Instrumentation S A Address Avenue des Boveresses 50 CH...

Страница 122: ... Weight 2 8 kg Ethernet 4 x 100BaseTX RJ45 MDI X 10 100 Mbits s autosensing switched ports LAN 2 x 100BaseTX RJ45 MDI 10 100 Mbits s autosensing WAN DMZ supporting full and half duplex modes LED Display WAN LANx4 DMZ Security Power Power 100 240V AC 50 60HZ 0 5 A Temperature 5 to 40 C Humidity 10 to 85 non condensing Noise Noiseless Approvals CE Console RS 232 RX TX only with special cable Standar...

Страница 123: ...rt 15 subpart B class B Immunity EN 61000 6 2 EN 6100 4 2 Electrostatic discharge EN 6100 4 3 Electromagnetic fields EN 6100 4 4 Fast electric transcients EN 6100 4 5 Surge EN 6100 4 6 Conducted disturbance EN 6100 4 11 Voltage dips short interruptions following the provisions of the EC directive RTTE 99 5 EEC Lausanne Switzerland November 2001 Manufacturer LIGHTNING Instrumentation S A Address Av...

Страница 124: ...Ethernet 10 100 Mbits s MDI X DMZ Interface of Ethernet III DMZ WAN of Enterprise Ethernet 10 100 Mbits s MDI 1 Ethernet TX Ethernet TX Ethernet RX Ethernet TX 2 Ethernet TX Ethernet TX Ethernet RX Ethernet TX 3 Ethernet RX Ethernet RX Ethernet TX Ethernet RX 4 5 6 Ethernet RX Ethernet RX Ethernet TX Ethernet RX 7 8 Pin Description 2 Console RX 3 Console TX 5 Console GND RJ45Pin Description DB9 Pi...

Страница 125: ... the property of their owners and require their permission to redistribute For a complete listing of the software used within the MultiCom Firewalls and the terms under which it can be distributed refer to the LIGHTNING Web site at http www lightning ch and http www lightning ch opensource Licensing Apache License Apache License The MultiCom Firewalls include software developed by the Apache Group...

Страница 126: ...e code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must dInternet Providerlay...

Страница 127: ...D TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE GNU General Public License GNU General Public License GNU GENERAL PUBLIC...

Страница 128: ...o surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have You must make sure that they too receive or can get the source code And you must show them these terms so they...

Страница 129: ...am Whether that is true depends on what the Program does 1 You may copy and distribute verbatim copies of the Program s source code as you receive it in any medium provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty keep intact all the notices that refer to this License and to the absence of any warranty and give any oth...

Страница 130: ...ach and every part regardless of who wrote it Thus it is not the intent of this section to claim rights or contest your rights to work written entirely by you rather the intent is to exercise the right to control the distribution of derivative or collective works based on the Program In addition mere aggregation of another work not based on the Program with the Program or with a work based on the ...

Страница 131: ... not copy modify sublicense or distribute the Program except as expressly provided under this License Any attempt otherwise to copy modify sublicense or distribute the Program is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so long as such parties remain in...

Страница 132: ...of the free software distribution system which is implemented by public license practices Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system it is up to the author donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choic...

Страница 133: ...F ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU SHOULD THE PROGRAM PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORRECTION 12 IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING ...

Страница 134: ... prior written permission of the OpenSSL Project 6 Redistributions of any form whatsoever must retain the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MER...

Страница 135: ...textual provided with the package Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the ...

Страница 136: ...ions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of t...

Страница 137: ... distribution 3 Neither the name of Julianne F Haugh nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR...

Страница 138: ...IDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMA...

Страница 139: ... ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Copyrights BSD Copyright BSD Copyright This product includes software developed by the University of California Berkeley and its contributors Copyright c 1980 1998 Regents of the University of California All rights reserved Copyright c 1980 1998 Regents of the University of California All rights r...

Страница 140: ...MITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF L...

Страница 141: ...MultiCom Firewall User s Manual 141 BSD Copyright ...

Страница 142: ...Appendix B Additional Licenses and Copyrights 142 MultiCom Firewall User s Manual ...

Страница 143: ...MultiCom Firewall User s Manual 143 BSD Copyright ...

Страница 144: ...Appendix B Additional Licenses and Copyrights 144 MultiCom Firewall User s Manual ...

Страница 145: ...MultiCom Firewall User s Manual 145 BSD Copyright ...

Страница 146: ...Appendix B Additional Licenses and Copyrights 146 MultiCom Firewall User s Manual ...

Страница 147: ...s the same cable connectors RJ45 as does its slower counterpart 10Base T 10Base T A networking standard that allows for data transfer rates of up to 10 megabits per second between 2 or more devices It is also referred to as twisted pair ethernet because it uses twisted pairs of cable The standard cable for the 10Base T standard uses an RJ45 connector Action The activity to occur when a specified d...

Страница 148: ...e will send the IP packet to the ARP Proxy for further processing This process can allow multiple IP addresses to receive traffic as if they were directly connected to the Internet when in fact they are hidden behind a network firewall Authentication The process of identifying oneself over a network This is commonly done by entering a user name and secret password to receive access to a network or...

Страница 149: ...ue to a power outage The number of machines that a broadcast reaches depends on the type of the broadcast network broadcast where subnet and host parts of an IP address are set to 255 as in 128 190 255 255 subnet broadcast where only the host part of the IP address is set to 255 as in 128 190 1 255 or a cable broadcast where all hosts on the local physical network are targeted to receive a message...

Страница 150: ...h presents information to the user and often allows for interaction with that data as well This information is retrieved from a server which will actually do the work of preparing the information for the client An example of this is an email program where the program on your computer is the client and the computer that you connect to to retrieve your email is the server Compression The action of t...

Страница 151: ...stination The IP address of the firewall or host to which the data packet should be sent DHCP Dynamic Host Configuration Protocol simplifies network administration by assigning IP addresses and other configurations from a central DHCP server This information is given out to DHCP Clients that request it usually for a preset period of time before a new request must be made See RFC1531 DHCP Client A ...

Страница 152: ...ely keeping a group of computers together using a domain tells your router that there is network that can be reached internally and that it may not need to connect to the Internet to reach a computer or web address ending in that name Download To copy data such as a file from a remote source to a local destination Usually referred to as the action of the recipient when taking the data When you cop...

Страница 153: ...irewall from one network to another Filter Input The filtering table used to list rules affecting IP packets that only arrive at one of the firewall s interfaces and is not meant to be passed any further For example accessing the built in webserver or a ping to the firewall itself Filter Forward The filtering table used to list rules affecting IP packets that originate from the firewall For exampl...

Страница 154: ...firmware it will not know how to manage any activity Higher version numbers often contain additional functionality Please check the Lightning Instrumentation website at http www lightning ch support for information on the most recent version available Flag A TCP identifier found in the header of a TCP data packet Common types include Flash Memory This is a type of memory that has similarities to b...

Страница 155: ...l connection over TCP IP which allows file sharing For example an FTP client your computer asks an FTP server a remote computer with files you want for permission to transfer files You will often need a login ID and password to access the FTP server though many servers have a guest account under the login ID anonymous and password of the users email address See RFC959 Firewall The networking hardw...

Страница 156: ... speed Some hubs work only at 10Base T speeds or 100Base T speeds while some can support mixed speeds together Be sure the hub matches your needs and existing hardware ICMP Internet Control Message Protocol messages are typically messages relating to network errors congestion timeouts of data packets and echoes used by the ping command by a device on the network These messages are sent in the IP h...

Страница 157: ...nies that manage your Internet connection Frequently they will have a local phone number for you to call with your modem which will give you access to the whole Internet email and other services they may offer IP Address A 32 bit number broken up into 4 octets and used to identify a computer on a TCP IP network This address takes the form of x x x x where each x is an octet a number from 0 255 It ...

Страница 158: ...on Header AH Encapsulating Security Payload ESP Internet Key Exchange IKE See RFC2401 Kernel This is the kernel or operating system corresponding to the release of the Linux Operating System Lightning Linux is the operating system that runs the MultiCom Firewall Because it is a customized version of Linux each version of Lightning Linux will have its corresponding Linux kernel that was integrated ...

Страница 159: ...d actions such as dropping or rejecting can be specified LLC Logical Link Control is one of 2 different methods for encapsulating data over a DSL connection Sometimes it is also known as LLC SNAP Logical Link Control Sub Network Access Protocol The other method is VC Mux Login A part of authenticating so that the computer or network will know who you are This is often used with a secret password t...

Страница 160: ...ket or frame that can be sent through a connected network Ethernet networks can use up to 1500 MTU while interfaces configured to use PPPoE can have a maximum MTU of 1492 NAT Network Address Translation is done on a device resting between 2 or more networks for instance between the WAN and the LAN IP packets arriving or leaving can have their source or destination changed to a different IP address...

Страница 161: ... Network A group of computers connected together to share data This group can be the computers in your home or the computers in your office building as compared to a remote network WAN that you may connect to through the phone company or satellite uplinks Networks are typically differentiated by the media cabling connecting the devices the protocols being run over the media and the layout or topol...

Страница 162: ...et exchange took Port While people are getting more familiar with the IP addresses used on the Internet few people realize that for each different address there are over 65 000 channels over which the data can travel Fortunately most communication takes place over preset channels such as channel 80 for reaching for a web page Some software makes use of random channels so if you want to filter data...

Страница 163: ...roxy DNS For instance clients on a local network will make DNS requests to a Proxy DNS device which in turn forwards those requests to the appropriate external DNS server Frequently there is a cache that keeps a list of frequently requested names so that the responses from the local network can be replied to quickly Reboot Rebooting is when your router is powered off and then turned back on again ...

Страница 164: ...works By keeping a table of IP addresses and the remote location that they should be forwarded to the router is able to distribute data in the most efficient manner The routing table can either be maintained statically where the routes are manually entered or dynamically when routing devices pass information automatically between themselves Shareware Software that is freely distributable to friend...

Страница 165: ...could be communicated remotely as well Straight Cable An RJ45 ethernet cable that connects network devices together through a hub This will not allow you to connect network devices directly to each other for that situation you would use a crossed wire cable Subnet Dividing an TCP IP network into smaller equally sized logical networks By using what used to be the host part of an IP address a networ...

Страница 166: ...s should be in TCP provides for reliable data transmissions and interactions If a data packet is lost or damaged during transit it is TCP that asks for that data packet to be retransmitted See RFC793 TCP Option A very technical variable in the TCP header Filtering for these markers should be for advanced users only RFC1323 describes the last two options in more detail Common types include end of l...

Страница 167: ... you are logged in you can use commands as though you were typing them directly into the telnet server even if the server or device is around the world though that may make communication a little slower Your router contains a telnet server to allow you remote control access to run commands or get reports The telnet program is sometimes referred to as a terminal emulator See RFC854 Threshold Settin...

Страница 168: ...loading the data to your router URL The Uniform Resource Locator is the global format to access documents and resources on the Internet A URL uses three parts to reach a specified resource or file The first part of the address describes the protocol to be used such as http or ftp the second part identifies the IP address or domain name of where the desired resource is located www mycompany com Fin...

Страница 169: ...ver may be read only or interactive xDSL Digital Subscriber Lines such as ADSL SDSL HDSL are collectively referred to as xDSL It is a high speed networking technology allowing connection to the Internet from your home or office Data rates for downloading information will be from 1 5 to 9 Mbps and uploading information from 16 to 640 Kbps depending on your service provider xDSL Modem These modems a...

Страница 170: ...Glossary 170 Glossary User s Manual ...

Страница 171: ...rface Ethernet III 118 serial interface MultiCom SpeedSurf 120 Configuration Software system requirements 36 using 55 Connecting cables 40 D Declaration of Conformity Ethernet Enterprise 123 Ethernet II 117 Ethernet III 119 MultiCom SpeedSurf 121 Default Configuration 52 Diagnostics with Console Telnet 79 with the Monitor 76 with the Webserver 74 E Error messages 83 F FAQ 107 Firmware updating you...

Страница 172: ...ments 124 R Resetting default configuration 105 S SSH Port Forwarding 21 22 Status using Monitor screens 76 via telnet or console 79 via the webserver 74 System Requirements 36 Configuration Software 36 T Telnet status reports 79 Testing configuration 70 connection speed 72 security 71 Troubleshooting 95 DHCP to the Internet 98 Error Messages 83 getting status from Console Telnet 79 getting status...

Отзывы:

Нет отзывов

Похожие инструкции для MultiCom

Бренд: Meraki Страницы: 9

Бренд: 3Com Страницы: 182

Бренд: Cisco Страницы: 52

Бренд: Cisco Страницы: 36

881W - Integrated Services Router Wireless

Бренд: Cisco Страницы: 4

Бренд: Cisco Страницы: 42

Бренд: Cisco Страницы: 12

Бренд: Cisco Страницы: 412

Бренд: Cisco Страницы: 196

Бренд: Cisco Страницы: 134

Бренд: PaloAlto Networks Страницы: 34

Бренд: Secure Computing Страницы: 2

Бренд: Neoware Страницы: 28

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды