Option Audio GlobeSurfer 3G Скачать руководство пользователя страница 105 | Manualshive

Страница: 105 / 209

Option Audio GlobeSurfer 3G Скачать руководство пользователя страница 105

Figure 4.132: LAN Bridge Settings

5. Click

OK

.

4.7.2.2

Network-to-Network with Pre-shared Secrets

A typical network-to-network VPN uses a pre-shared secret for authentication.
Gateway A connects its internal LAN 10.5.6.0/24 to the Internet. Gateway A’s
LAN interface has the address 10.5.6.1, and its WAN (Internet) interface has
the address 14.15.16.17.

Gateway B connects the internal LAN 172.23.9.0/24 to the Internet. Gateway
B’s WAN (Internet) interface has the address 22.23.24.25.

The Internet Key Exchange (IKE) Phase 1 parameters used are:

• Main mode

• 3DES (Triple DES)

• SHA-1

• MODP group 2 (1024 bits)

• Pre-shared secret of ”hr5x”

• SA lifetime of 28800 seconds (eight hours) with no Kbytes re-keying

The IKE Phase 2 parameters used are:

• 3DES (Triple DES)

• SHA-1

• ESP tunnel mode

• MODP group 2 (1024 bits)

• Perfect forward secrecy for re-keying

• SA lifetime of 3600 seconds (one hour) with no Kbytes re-keying

• Selectors for all IP protocols, all ports, between 10.5.6.0/24 and 172.23.9.0/24,

using IPv4 subnets

To set up Gateway A for this scenario, follow these steps:

97

«
...
103
104
105
106
107
...
»

Содержание GlobeSurfer 3G

Страница 1: ...GlobeSurfer 3G version 3 15 4 R2H Reference Manual...

Страница 2: ...ions contained in this user guide All brands and registered brands are property of their respective owners Services may be changed added or deleted For the newest firmware version of your Globesurfer...

Страница 3: ...Setup 9 1 6 Additional Network Configuration 9 1 7 Adding Computers to Your Network 10 2 GlobeSurfer 3G Management Console 11 2 1 Accessing the GlobeSurfer 3G Management Console 11 2 2 Left Sidebar 1...

Страница 4: ...Network Connection Parameters 47 4 3 3 2 Wireless Access Point 47 4 3 3 3 MAC filtering settings 48 4 3 3 4 Advanced Wireless Options 48 4 3 3 5 Wireless Security 49 4 3 3 6 Internet Protocol 50 4 3 3...

Страница 5: ...ol 107 5 3 Local Servers Port Forwarding 110 5 4 DMZ Host 113 5 5 Port Triggering 114 5 6 Remote Administration 117 5 7 IP Hostname Filtering 119 5 8 Advanced Filtering 122 5 8 1 Adding an Advanced Fi...

Страница 6: ...Server Settings 170 6 13 3 Advanced PPTP Client Settings 170 6 14 IP Security IPsec 172 6 14 1 Technical Specifications 172 6 14 2 Basic IPsec Connection Settings 172 6 14 2 1 Key Management 173 6 14...

Страница 7: ...a Network MAC Media Access Control MTU Maximum Transmission Unit NAPT Network Address Port Translation OAM Operations and Maintenance OEM Original Equipment Manufacturer PDA Personal Digital Assistant...

Страница 8: ...URL Universal Resource Locator VPN Virtual Private Network WAN Wide Area Network WEP Wireless Encryption Protocol WLAN Wireless Local Area Network WPA Wireless Protected Access vii...

Страница 9: ...will also be able to share the resources of the local computers connected to the GlobeSurfer 3G GlobeSurfer 3G is easy to install and use Yet it provides advanced network ing functions and security f...

Страница 10: ...ion of the GlobeSurfer 3G It is intended as a complement to the GlobeSurfer 3G User Guide to provide ref erence information for the advanced user of the GlobeSurfer 3G It is assumed that the hardware...

Страница 11: ...that all communication parameters are valid and that the physical cable con nections are correct The basic setup procedure consists of three consecutive configuration steps Please refer to figure 1 2...

Страница 12: ...ally provided separately from the SIM card for security reasons 1 4 Step 2 PC Network Configuration The GlobeSurfer 3G provides a DHCP server which means that each computer connected to the LAN can ob...

Страница 13: ...the Internet Protocol TCP IP component and click the Properties button 4 The Internet Protocol TCP IP properties window will be displayed see figure 1 3 a Select the Obtain an IP address automaticall...

Страница 14: ...on your PC 2 Enter the address 192 168 1 1 to display the GlobeSurfer 3G management console When first logging on to the management console the welcome screen will appear see figure 1 4 enabling you t...

Страница 15: ...eft sidebar The following sections describe the various configuration parameters of Quick setup Once you have filled the Quick setup sections as described below click the OK but ton to configure your...

Страница 16: ...very basic form of security Other devices will still be able to connect provided that they are supplied with the SSID A recommendation is to install your wireless network with this feature enabled and...

Страница 17: ...cal security is set which blocks all traffic that has been initiated by an external Internet source and allows all traffic that has been initiated from your local network Note It is the origin of the...

Страница 18: ...s 4 7 1 7 Adding Computers to Your Network Any computers with a 802 11b g wireless adapter will be able to connect to the WLAN created with the GlobeSurfer 3G To connect additional computers without a...

Страница 19: ...Surfer 3G Management Con sole To access the management console 1 Launch a Web browser on a PC in the LAN or WLAN 2 Type the IP address of the GlobeSurfer 3G or a name as provided by the supplier in th...

Страница 20: ...sev eral subject areas and may be accessed by clicking on the appropriate icon in the left sidebar The subject areas are Connection status Display the status of the UMTS connection see Section 2 2 SM...

Страница 21: ...owser select the radio button Automatically The following additional information is provided Current connection time the duration of the current connection Total connection time the cumulated duration...

Страница 22: ...servers restrictions and configurable parameters The principles outlined in this section apply to all tables in the management console Figure 2 3 Typical Table Structure Figure 2 3 illustrates a typic...

Страница 23: ...by clicking SMS in the left sidebar The display of the GlobeSurfer 3G shows an envelope symbol when a new SMS message is received 3 1 Reading an SMS 1 When starting the SMS Manager the Inbox tab of t...

Страница 24: ...e SMS create tab of the SMS Manager 2 Type your message text in the SMS message field The Characters left field shows how many characters you can type before the size limit is reached 3 Enter the phon...

Страница 25: ...chive and Templates folders is 100 1 Select the SMS that you want to store either from the Inbox or from the Sent folder 2 Click the Archive button below the open SMS The message is moved to the archi...

Страница 26: ...es You are then moved to the SMS create tab to change the text and to enter the phone number of the receiver as required 2 Click the Send button when ready 3 5 SMS Settings The only specific SMS Manag...

Страница 27: ...cribe the network connection screens to configure WAN Connecting via UMTS to the Internet UMTS connection see Section 4 1 LAN Creating a local network Ethernet connection see Section 4 2 Wireless conn...

Страница 28: ...the sidebar see figure 4 1 Figure 4 1 Network connections Advanced 2 Click your connection entry in the network connections table to view the connection properties 3 Click New connection to start a wi...

Страница 29: ...tworks through the 3G UMTS mobile telecommunications standard The WAN UMTS properties screen displays a summary of the connection properties Figure 4 2 WAN UMTS Properties Clicking on the Settings but...

Страница 30: ...Enter the access point name as provided by your Internet Service Provider ISP or accept the name already set Connect automatically To automatically set up a UMTS connection when data is about to be s...

Страница 31: ...AP version 2 or both are selected Figure 4 4 PPP Authentication Settings Login username As agreed with ISP Login password As agreed with ISP Support unencrypted password PAP Password Authentication Pr...

Страница 32: ...in case your service provider requires it The server that assigns the GlobeSurfer 3G with an IP address also as signs a subnet mask You can override the dynamically assigned subnet mask by selecting...

Страница 33: ...ed or Basic routing Routing Mode When Advanced routing is selected select one of the f ollowing Routing modes Route Use route mode if you want your GlobeSurfer 3G to function as a router between two n...

Страница 34: ...oxy enables the system to issue IGMP host messages on behalf of hosts that the system discovered through stan dard IGMP interfaces IGMP proxy enables the routing of multicast pack ets according to the...

Страница 35: ...ral Network Connection Parameters The top part of the configuration window displays general communication pa rameters It is recommended not to change the default values in this screen un less you are...

Страница 36: ...screen will refresh and display relevant configuration settings No IP address Select No IP address if you require that this connection will have no IP address This can be useful if this connection is...

Страница 37: ...lly configure DNS server addresses select Use the following DNS server addresses from the DNS server drop down menu see figure 4 100 Specify up to two different DNS server addresses one primary and on...

Страница 38: ...a network user will be al lowed connection to the gateway with its currently issued dynamic IP address Just before the time is up the user will automatically request to extend the lease or get a new I...

Страница 39: ...ifies a fixed routing path to neighboring destina tions Routing Select Advanced or Basic routing Device Metric The device metric is a value used by the GlobeSurfer 3G to de termine whether one route i...

Страница 40: ...ion Settings The bottom part of the configuration screen displays the following options Internet connection firewall Select this check box to enable the GlobeSurfer 3G firewall on the connection To le...

Страница 41: ...3 1 1 Configuring your GlobeSurfer 3G Wireless Connection GlobeSurfer 3G will automatically set up a wireless connection as a bridged LAN network device 1 Click the Network Connections icon on the sid...

Страница 42: ...on figuration screen is available in section 4 3 3 4 3 1 2 Configuring Your Wireless Windows XP Client If your PC has wireless capabilities Windows XP will automatically recognize this and create a wi...

Страница 43: ...k Connec tion screen will appear displaying all available wireless networks in your vicinity If your gateway is connected and active you will see GlobeSurfer 3G s wireless connection see figure 4 28 N...

Страница 44: ...s your wireless network Se lect the Enable IEEE 802 1x authentication for this network check box to en able authenticated communication between the PC and the GlobeSurfer 3G If you choose to enable 80...

Страница 45: ...crypt the Wireless data transmitted between GlobeSurfer 3G and your Wireless device 6 Select the Authentication tab to configure wireless authentication proto cols see figure 4 30 When selecting an EA...

Страница 46: ...n click the Connect button at the bottom of the screen After the connection is established its status will change to Connected Figure 4 31 Connected Wireless Network An icon will appear in the notific...

Страница 47: ...ter with a wireless capability can connect to your LAN The following sec tion describes how to secure your wireless connection using the Wi Fi Pro tected Access WPA security protocol The Wi Fi Allianc...

Страница 48: ...he Settings button to display the various wireless connection set tings The Configure LAN Wireless screen will appear see figure 4 35 Figure 4 35 Configure LAN Wireless 4 Enable the Wireless security...

Страница 49: ...at ASCII is selected in the associated combo box Figure 4 36 LAN Wireless Security Parameters 8 Click OK An Attention screen will appear warning you that the browser page might require reloading Figur...

Страница 50: ...uble click the wireless connection icon The Wireless Network Connec tion screen will appear displaying GlobeSurfer 3G s wireless connection see figure 4 39 Note that the connection is defined as Secur...

Страница 51: ...following login window will appear ask ing for a Network Key which is the pre shared key you have configured above Figure 4 40 Wireless Network Connection Login 4 Enter the pre shared key in both fie...

Страница 52: ...ee figure 4 38 and browsing the Internet Should the login window above not appear and the connection attempt fail please configure Window s connection manually 1 Click the connection once to mark it a...

Страница 53: ...Figure 4 44 Wireless Network Connection Properties 3 Click your connection to highlight it and then click the Properties button Your connection s properties window will appear see figure 4 45 45...

Страница 54: ...rm network key fields 4 Click OK on both windows to save the settings 5 When attempting to connect to the wireless network the login window will now appear pre filled with the pre shared key Click the...

Страница 55: ...o Section 6 11 Physical Address The physical address of the network card used for your net work Some cards allow you to change this address MTU MTU is the Maximum Transmission Unit It specifies the la...

Страница 56: ...denied or allowed comput ers MAC filtering mode Allow specifies that the list of MAC addresses is granted access to GlobeSurfer 3G MAC filtering mode Deny specifies that all computers except those in...

Страница 57: ...than the pre set threshold the RTC CTS mechanism is not active If you encounter inconsistent data flow try a minor reduction of the RTS threshold size Figure 4 49 LAN Wireless Access Point Advanced Pa...

Страница 58: ...t No IP address if you require that this connection will have no IP address This can be useful if this connection is under a bridge Figure 4 51 Internet Protocol Settings No IP address Obtain an IP ad...

Страница 59: ...m part of the configuration screen displays the following options Internet connection firewall Select this check box to enable the GlobeSurfer 3G firewall on the connection To learn more about configu...

Страница 60: ...the configuration window displays general communication pa rameters It is recommended not to change the default values in this screen un less you are familiar with the networking concepts they represe...

Страница 61: ...ction is under a bridge Figure 4 56 Internet Protocol Settings No IP address Obtain an IP address automatically A LAN connection can be configured to obtain an IP address automatically You should only...

Страница 62: ...NS Server Domain Name System DNS is the method by which website or domain names are translated into IP addresses You can configure the connection to auto matically obtain a DNS server address or speci...

Страница 63: ...s Specify the end of the IP address range that can be used to automatically issue IP addresses Subnet mask The subnet mask determines which portion of a destina tion LAN IP address is the network port...

Страница 64: ...s link will appear Figure 4 63 IP Address Distribution DHCP Relay Click the New IP address link The DHCP Relay server address screen will appear Figure 4 64 IP Address Distribution DHCP Server Definit...

Страница 65: ...ables the routing of multicast pack ets according to the IGMP requests of LAN devices asking to join multi cast groups Select the Multicast IGMP proxy internal check box to enable this feature Routing...

Страница 66: ...firewall Select this check box to enable the GlobeSurfer 3G firewall on the connection To learn more about configuring security settings please refer to Chapter 5 Figure 4 67 Additional Network Conne...

Страница 67: ...protocol that is based on RC4 and routes using the generic routing encapsulation GRE protocol For more information on PPTP connections refer to Section 6 13 2 for PPTP server settings and Section 6 1...

Страница 68: ...uration screen will appear see figure 4 70 Enter the following parameters supplied by your VPN server Hostname or IP address of destination Hostname or IP address of the VPN host server Login username...

Страница 69: ...ver Connection To create a PPTP server connection perform the following steps 1 Click Network connections on the sidebar the Network connections screen will appear see figure 4 72 Figure 4 72 Network...

Страница 70: ...user will use to access your local net work New password Type a new password for the remote user If you do not want to assign a password to the remote user leave this field empty Retype new password I...

Страница 71: ...ion of Information Warning and Error events If the Warning level is selected the user will receive notification of Warning and Error events etc To configure email notification for a specific user Firs...

Страница 72: ...n configure scheduler rules in order to define time segments during which the connection is active To configure scheduler rules click the New link To learn how to configure scheduler rules please refe...

Страница 73: ...ts as provided by your ISP Figure 4 79 PPP Configuration 4 5 3 3 PPP Authentication Point to Point Protocol PPP currently supports four authentication protocols Password Authentication Protocol PAP Ch...

Страница 74: ...crosoft CHAP Version 2 authentication protocol 4 5 3 4 PPP Encryption PPP supports encryption facilities to secure the data across the network con nection A wide variety of encryption methods may be n...

Страница 75: ...using a permanent static IP address Your service provider should provide you with this IP address subnet mask and the default gateway IP ad dress Figure 4 83 Internet Protocol Settings Static IP 4 5...

Страница 76: ...P proxy enables the system to issue IGMP host messages on behalf of hosts that the system discovered through stan dard IGMP interfaces IGMP proxy enables the routing of multicast pack ets according to...

Страница 77: ...gaining access to it through a network or the Internet The firewall applies security per network connection for example the firewall can be applied on the UMTS WAN and the Wireless LAN but not on the...

Страница 78: ...packets either at the remote user s PC or at an ISP that has an L2TP remote access concentra tor LAC The LAC transmits the L2TP packets over the network to the L2TP network server LNS 4 6 1 Creating a...

Страница 79: ...4 90 Enter the following parameters supplied by your VPN server Hostname or IP address of destination Hostname or IP address of the VPN host server Shared secret A secret key represented as a sequenc...

Страница 80: ...ler rules in order to define time segments during which the connection is active To configure scheduler rules click the New link To learn how to configure scheduler rules please refer to Section 6 11...

Страница 81: ...and CHAP as well as other compression and encryption protocols L2TP Server Host name and shared secret should be configured according to your ISP information PPP on Demand Use PPP on demand to initia...

Страница 82: ...t replay attacks remote client impersonation or remote server impersonation Support Challenge Handshake Authentication CHAP The Challenge Hand shake Authentication Protocol CHAP is a challenge respons...

Страница 83: ...of the compression decompres sion mechanism in a reliable manner Figure 4 96 PPP Compression For each compression algorithm select one of the following from the drop down menu Reject Reject PPP conne...

Страница 84: ...th this IP address subnet mask and the default gateway IP ad dress Figure 4 98 Internet Protocol Settings Static IP 4 6 2 7 DNS Server Domain Name System DNS is the method by which website or domain n...

Страница 85: ...P proxy enables the system to issue IGMP host messages on behalf of hosts that the system discovered through stan dard IGMP interfaces IGMP proxy enables the routing of multicast pack ets according to...

Страница 86: ...gaining access to it through a network or the Internet The firewall applies security per network connection for example the firewall can be applied on the UMTS WAN and the Wireless LAN but not on the...

Страница 87: ...the host This section de scribes both GlobeSurfer 3G s configuration and a Windows XP client configu ration 4 7 1 1 Configuring IPsec on GlobeSurfer 3G 1 Click the Network connections icon on the side...

Страница 88: ...xt The Internet Protocol Security IPsec topology screen will appear see fig ure 4 105 Figure 4 105 IPsec Topology Select the Network to Host radio button to create a secure connection between your LAN...

Страница 89: ...secret Click Next the IPsec connection properties screen will appear see figure 4 107 Figure 4 107 IPsec Connection Properties Specify the following parameters Remote tunnel endpoint address Specify...

Страница 90: ...r 3G LAN subnet address referred to as openrg lan subnet The configuration sequence 1 The first step is to create the IPsec policy a Click the Start button and select Run Type secpol msc and click OK...

Страница 91: ...Click Next and type a name for your policy for example GlobeSurfer 3G Connection see figure 4 112 Click Next Figure 4 112 IP Security Policy Name d Deselect the Activate the default response rule chec...

Страница 92: ...ke sure that the Edit Properties check box is checked see figure 4 114 and click the Finish button Figure 4 114 Completing the IP Security Policy Wizard f On the GlobeSurfer 3G Connection Properties w...

Страница 93: ...ttings window right click the new GlobeSurfer 3G Connection policy created in the previous step and select Prop erties The Properties window will appear see figure 4 115 b Deselect the Use Add Wizard...

Страница 94: ...Figure 4 116 New Rule Properties c Under the IP Filter List tab click the Add button The IP Filter List window will appear see figure 4 117 86...

Страница 95: ...117 IP Filter List d Enter the name Windows XP to GlobeSurfer 3G for the filter list deselect the Use Add Wizard check box and click the Add button The Filter Properties window will appear see figure...

Страница 96: ...like to enter a description for your filter h Click OK Click OK again in the IP Filter List window to save the settings 3 Building Filter List 2 GlobeSurfer 3G to Windows XP a Under the IP Filter Lis...

Страница 97: ...tination address combo box select My IP Address e Click the Description tab if you would like to enter a description for your filter f Click OK Click OK again in the IP Filter List window to save the...

Страница 98: ...r List b Click the Filter Action tab see figure 4 121 Figure 4 121 Filter Action c Select the Require Security radio button and click the Edit button The Require Security Properties window will appear...

Страница 99: ...red communication but always respond using IPsec check box Select the Session key Perfect Forward Secrecy PFS the PFS op tion must be enabled on GlobeSurfer 3G and click the OK button e Under the Auth...

Страница 100: ...string preshared key radio button and enter a string that will be used as the key for example 1234 Click the OK button g Under the Tunnel Setting tab select the The tunnel endpoint is speci fied by t...

Страница 101: ...s selected i Click Apply and then click OK to save this rule 5 Configuring Individual Rule of Tunnel 2 GlobeSurfer 3G to Windows XP a Under the IP Filter List tab of the New Rule Properties window sel...

Страница 102: ...dow will appear see fig ure 4 123 f Select the Use this string preshared key radio button and enter a string that will be used as the key for example 1234 Click the OK button g Under the Tunnel Settin...

Страница 103: ...3G s VPN feature is VPNC certified 4 7 2 1 Network Configuration Establishing an IPsec tunnel between gateways A and B creates a transpar ent and secure network for clients from subnets A and B commun...

Страница 104: ...pear Configure the following parameters see figure 4 132 Internet protocol Select Use the following IP address IP address Specify 10 5 6 1 Subnet mask Specify 255 255 255 0 DHCP Select DHCP server Sta...

Страница 105: ...ay B s WAN Internet interface has the address 22 23 24 25 The Internet Key Exchange IKE Phase 1 parameters used are Main mode 3DES Triple DES SHA 1 MODP group 2 1024 bits Pre shared secret of hr5x SA...

Страница 106: ...ear see figure 4 133 Figure 4 133 New Connection 3 Select the Internet Protocol Security IPsec radio button and click Next The Internet Protocol Security IPsec topology screen will appear see fig ure...

Страница 107: ...ubnet radio button to allow an IPsec connection from a specific remote subnet 7 Click Next the Internet Protocol Security IPsec screen will appear see figure 4 136 Figure 4 136 IPsec Connection Proper...

Страница 108: ...onnections screen will now list the newly cre ated IPsec connection see figure 4 138 Figure 4 138 Network Connections 11 Click the Edit action icon for VPN IPsec the VPN IPsec properties screen will a...

Страница 109: ...the DH Group 5 1536 bit check box 16 Under Encryption algorithm deselect the Allow AH Protocol no encryption check box 17 Click OK The VPN IPsec properties screen will appear 18 Click OK The Network c...

Страница 110: ...t The firewall the cornerstone of the GlobeSurfer 3G security services has been exclusively tailored to the needs of the residential office user and has been pre configured to provide optimum security...

Страница 111: ...by computers in the local network and special Internet applications see section 5 3 Local servers is sometimes referred to as Port forwarding The DMZ host tab allows you to configure a LAN host to rec...

Страница 112: ...nternet Each request for a service that the firewall receives whether originating in the Internet or from a com puter in the local network is checked against the set of firewall rules to de termine wh...

Страница 113: ...ernet except as con figured in the Local servers DMZ host and Remote administration screens Unrestricted All ser vices are permitted except as configured in the Access control screen Minimum security...

Страница 114: ...t could make use of fragmented data packets to sabotage your local network Note that VPN over IPsec and some UDP based services make legitimate use of IP fragments You will need to allow IP fragments...

Страница 115: ...rections In the e mail example given above you may prevent computers in the local network from receiving e mail by blocking their outgoing requests to POP3 servers on the Internet The Access Control f...

Страница 116: ...cts see Section 6 6 5 You might want to define the time period during which the access control rule will take effect You can either select from a predefined list of schedules by selecting one from the...

Страница 117: ...ove the service from the Access control table This may be useful if you wish to make the service available only temporarily and expect that you will want to reinstate the restriction in the future To...

Страница 118: ...st name of that computer in the right hand column All Net2Phone related data arriving at GlobeSurfer 3G from the Internet will henceforth be forwarded to the specified computer Similarly if you want t...

Страница 119: ...vide 3 Enter the local IP address or the host name of the computer that will provide the service the server Note that only one LAN computer can be assigned to provide a specific service or application...

Страница 120: ...seful if you wish to make the service unavailable only temporarily and expect that you will want to make it available again in the future How many computers can use a service or play a game simultaneo...

Страница 121: ...l forward this request to the DMZ host if one is designated unless the service is being provided by another PC in the local network assigned in Local servers in which case that PC will receive the req...

Страница 122: ...traffic by default The server replies to GlobeSurfer 3G s IP and the connection is not sent back to your host since it is not part of a session In order to solve this you need to define a port trigge...

Страница 123: ...2 Figure 5 12 Define Service Server Ports Server Ports UDP ANY 2222 Opened Ports UDP ANY 3333 4 Select the Add port triggering rule check box next to your service de scription in the general Port trig...

Страница 124: ...the port triggering screen Please note that disabling these rules may result in impaired gateway functionality 116...

Страница 125: ...s and you may use the Re mote administration screen to selectively enable these services if they are needed Figure 5 14 Remote Administration To allow remote access to GlobeSurfer 3G services 1 Click...

Страница 126: ...ther settings making it difficult or impossible to access the GlobeSurfer 3G from the local network Therefore remote access to Telnet or HTTP services should be blocked and should only be permitted wh...

Страница 127: ...will resolve all additional addresses and automatically add them to the restrictions table 3 You can select this is optional not compulsory the group of com puters to which you would like to apply th...

Страница 128: ...ify the web site address group and schedule as necessary If it is long and or complicated you may want to use your browser s copy and paste functions to copy the address from the address bar to the ma...

Страница 129: ...To remove a restriction click the Remove button The restriction will be removed from the restrictions list 121...

Страница 130: ...f rules is comprised of three subsets Initial rules Network devices rules and Final rules These subsets determine the sequence by which the rules will be applied Following is a description of the set...

Страница 131: ...erted by the firewall in order to provide improved security and block harmful attacks To configure advanced filtering rules click the Edit button next to the rule title or click on the title directly...

Страница 132: ...tion IP addresses and service ports defined in Matching Reject Deny access to packets that match the source and destination IP addresses and service ports defined in Matching and sends and sends an IC...

Страница 133: ...hedule sets the time period during which the rules are active inactive For information on how to configure Scheduler Rules refer to 6 11 5 Services Select the services to which you would like to apply...

Страница 134: ...a result of an incoming packet Outbound traffic The event is a result of outgoing packet Firewall setup Configuration message WBM Login Indicates that a user has logged in to WBM CLI Login Indicates t...

Страница 135: ...one network has been blocked 14 Trusted device a packet from a trusted device has been accepted 15 Default policy a packet has been accepted blocked according to the de fault policy 16 Remote administ...

Страница 136: ...ecause of a certain service as spec ified in the event type 44 Advanced Filter Rule a packet has been accepted blocked because of an advanced filter rule 45 Fragmented packet header too small a packet...

Страница 137: ...connection pool is full No connection created a message notifying that a connection has not been created because the connection pool is full 62 NAT Error No free NAT IP a message notifying that there...

Страница 138: ...uc cessful attempt to establish an outgoing connection to the public network Blocked connection attempts write a log message for each blocked attempt to establish an inbound connection to the local ne...

Страница 139: ...e this option to track con nection handling by the firewall and Application Level Gateways ALGs Select the Prevent log overrun checkbox in order to stop logging fire wall activities when the memory al...

Страница 140: ...r defined services never need to be entered twice To add a new service 1 Click the New user defined service link at the top of either the Add access control rule screen or the Add local server screen...

Страница 141: ...dify a user defined service 1 Click the Edit button for the service The Edit service screen will appear see figure 5 22 2 Modify the service name or description as necessary 3 To modify the port setti...

Страница 142: ...en a Telnet session from a LAN host that is connected to GlobeSurfer 3G 2 Telnet to GlobeSurfer 3G at address 192 168 1 1 3 Logon to GlobeSurfer 3G as an administrator The default username and passwor...

Страница 143: ...he LAN Ethernet connection link 3 Click the Settings button 4 Enable the Internet Connection Firewall check box Figure 5 25 Apply Firewall Protection 5 Click OK to save your changes At this point you...

Страница 144: ...g their respective icons DNS Server View and modify the DNS Hosts table see Section 6 2 Network Map Display a map representation of your current local network see Section 6 4 DHCP Modify the behavior...

Страница 145: ...er 3G s SNMP agent see Sec tion 6 16 System settings Modify administrator settings including GlobeSurfer 3G s hostname see Sec tion 6 1 Diagnostics Perform networking diagnostics see Section 6 17 Remo...

Страница 146: ...Figure 6 1 Advanced Settings 138...

Страница 147: ...s local domain 6 1 2 GlobeSurfer 3G Management Console Settings Use this section to configure the following Automatic refresh of system monitoring web pages Select this checkbox to enable the automat...

Страница 148: ...he hostname of your outgoing SMTP server in the Server field 2 Each email requires a from address and some outgoing servers refuse to forward email without a valid from address for anti spam considera...

Страница 149: ...taneously Automatically appends a domain name to unqualified names Allows new domain names to be added to the database using the GlobeSurfer 3G management console Permits a computer to have multiple h...

Страница 150: ...ost name or IP address of an entry 1 Click the Edit icon in the Action column The DNS entry screen will appear see figure 6 4 2 If the host was manually added to the DNS Table then you may modify its...

Страница 151: ...ilable when customizing GlobeSurfer 3G s DDNS support For more information regarding Dynamic DNS please refer to http www dyndns org Figure 6 5 Dynamic DNS Settings 6 3 1 Using Dynamic DNS 1 Click Dyn...

Страница 152: ...e Ethernet or WLAN 5 Local network computers and peripherals Clicking a network element takes you to a configuration screen to configure the corresponding network element The following table explains...

Страница 153: ...etwork parameters for the Wireless LAN device see Section 4 Represents a bridge connected in the local net work Click this icon to view the bridge s under lying devices Represents a computer connected...

Страница 154: ...to the network If the host wishes to terminate a lease before its expiration it can send a release message to the DHCP server which will then make the IP address available for use by others The DHCP s...

Страница 155: ...d in this subnet and End IP address specifies the last IP address in the range Subnet Mask A mask used to determine what subnet an IP address belongs to An example of a subnet mask value is 255 255 0...

Страница 156: ...link under the DHCP Relay section The DHCP Server Relay Address screen will appear see figure 6 10 Use this screen to specify your DHCP server s IP address Figure 6 10 DHCP Server Relay 4 Click OK to...

Страница 157: ...operties 2 Continue with step 2 below To define a new connection with a fixed IP address 1 Click the New Static Connection button that appears on top of the DHCP Connections screen The DHCP Connection...

Страница 158: ...To remove a host from the table click the Delete icon in the Action column Figure 6 13 Editing a DHCP Connection 150...

Страница 159: ...instead of IP addresses This may be useful since IP addresses change from time to time Moreover it is possible to define network objects according to MAC addresses making rule application more persist...

Страница 160: ...object from the Network object type combo box IP address MAC address Hostname 7 Specify the appropriate description for the network object type 8 You may repeat the actions described above several ti...

Страница 161: ...twork device LAN Bridge or WAN UMTS Destination The destination is the destination host subnet address net work address or default route The destination for a default route is 0 0 0 0 Netmask The netw...

Страница 162: ...ges addressed to the group much like what happens when an e mail message is sent to a mailing list IGMP multicasting enables UPnP capabilities over wireless networks and may also be useful when connec...

Страница 163: ...ess your local net work New password Type a new password for the remote user If you do not want to assign a password to the remote user leave this field empty Retype new password If a new password was...

Страница 164: ...tion If the Information level is selected the user will receive notification of Information Warning and Error events If the Warning level is selected the user will receive notification of Warning and...

Страница 165: ...rrect person s public key Man in the middle attacks pose a potential threat where an ill intending 3rd party posts a phony key with the name and user ID of an intended recipient Data transfer that is...

Страница 166: ...will expire The unique name of the certificate issuer the unique name of the entity that signed the certificate This is normally a CA Using the certificate implies trusting the entity that signed this...

Страница 167: ...en will appear see figure 6 22 Figure 6 22 Create X 509 Request 4 Enter the following certification request parameters Certificate Name Subject Organization State Country 5 Click the Generate button A...

Страница 168: ...t to a file and send it to a CA for signing 8 Click the Close button The main certificate management screen will ap pear listing your certificate as Unsigned Figure 6 25 Unsigned Certification Request...

Страница 169: ...t should re semble what you see in figure 6 27 Figure 6 27 Loading a Signed Certificate 11 Click the Load button to register the signed certificate If the registration is successful the certificate ma...

Страница 170: ...cates on the Advanced screen of the management console The Certificates screen will appear see figure 6 21 2 Click the CA tab 3 Click the Load Certificate entry in the table the Load CA s Certificate...

Страница 171: ...fields will be displayed Enabled Select this check box to enable daylight saving time Start Date and time when daylight saving starts End Date and time when daylight saving ends Offset Daylight savin...

Страница 172: ...ink The Scheduler rule edit screen will ap pear see figure 6 32 Figure 6 32 Scheduler Rule Edit 3 Specify a name for the rule in the Name field 4 Specify if the rule will be active inactive during the...

Страница 173: ...Figure 6 33 Time Segment Edit 165...

Страница 174: ...reen The GlobeSurfer 3G Firmware upgrade screen will appear see figure 6 34 Figure 6 34 GlobeSurfer 3G Firmware Upgrade 2 Click the Firmware upgrade button The Firmware upgrade screen will ap pear see...

Страница 175: ...l begin and should take no longer than one minute to complete see figure 6 37 Figure 6 37 Upgrade in Progress When the upgrading is ready the GlobeSurfer 3G will automatically reboot The new software...

Страница 176: ...ng your local network Advanced PPTP client server connection settings Figure 6 38 PPTP Settings 6 13 1 Managing Remote Users Select the Users link to define and manage remote users see figure 6 39 Fig...

Страница 177: ...the con nection associated with the user to terminate For changes to take effect you should activate the connection manually after modifying user parameters You can use email notification to receive...

Страница 178: ...lapse before the GlobeSurfer 3G disconnects a PPTP connection Authentication Encryption required Select whether PPTP will use au thentication encryption or both Allowed authentication algorithms Selec...

Страница 179: ...er Select all the check boxes if no information is available about the server s authen tication methods PPP encryption Select the encryption algorithms your GlobeSurfer 3G may use when negotiating wit...

Страница 180: ...es a common language on which communications between two parties is based Developed by the In ternet Engineering Task Force IETF IPsec and IKE together standardize the way data protection is performed...

Страница 181: ...hentication failures The block period in seconds 6 14 2 1 Key Management 1 Click the IPsec icon from the Advanced screen to access the IPsec settings screen see figure 6 43 2 Click the Settings button...

Страница 182: ...screen see figure 6 43 To configure advanced IPsec settings perform the following steps 1 Click the connection s Edit icon in the Action column The Connection properties screen will appear see figure...

Страница 183: ...authenticate your IPsec peer Shared secret RSA signature Certificate Phase 1 encryption algorithm Select the encryption algorithms that GlobeSurfer 3G will attempt to use when negotiating with the IP...

Страница 184: ...d be entered in HEX format Routing Define the connection s routing rules Please refer to Section 6 7 for instructions about creating routing rules Internet connection firewall Select this check box to...

Страница 185: ...PnP services and rules every 5 minutes Any UPnP defined service which is found to be old and not in use is removed unless any user defined rule see Security screen depends on it This feature is disabl...

Страница 186: ...specify the SNMP parame ters as provided by your Internet service provider Read Only Read Write Community Names SNMP community strings are passwords used in SNMP messages between the management system...

Страница 187: ...Advanced Diagnostics 6 17 1 Diagnosing Network Connectivity To diagnose network connectivity perform the following steps 1 Click Diagnostics on the Advanced screen of the management console The Diagno...

Страница 188: ...rvices and you may use the Re mote administration screen to selectively enable these services if they are needed Figure 6 49 Remote Administration To allow remote access to GlobeSurfer 3G services 1 C...

Страница 189: ...ther settings making it difficult or impossible to access the GlobeSurfer 3G from the local network Therefore remote access to Telnet or HTTP services should be blocked and should only be permitted wh...

Страница 190: ...nges to the SIM setup Figure 6 50 SIM Setup To change the settings of your SIM card perform the following 1 Click SIM Setup on the Advanced screen of the management console The SIM Setup screen will a...

Страница 191: ...to get from your ISP Normally there are certain conditions that must be fulfilled to be able to unlock the device To unlock the GlobeSurfer 3G 1 Click Unlock Device on the Advanced screen of the manag...

Страница 192: ...tion Figure 6 51 Restore Defaults To restore default settings 1 Click Restore defaults on the Advanced screen of the management console The Restore defaults screen will be displayed see figure 6 51 2...

Страница 193: ...the Advanced screen of the management console The Restart screen will be displayed see figure 6 52 2 Click OK to restart the GlobeSurfer 3G This may take up to one minute To reenter the management co...

Страница 194: ...The Technical information screen will appear Figure 6 53 Technical Information 2 Click Configuration file to view the contents of GlobeSurfer 3G s configu ration file Figure 6 54 Configuration File 3...

Страница 195: ...nt of time that has passed since the system was last started To display the System monitoring screen 1 Click System monitoring in the left sidebar The screen consists of four tabs with the first summa...

Страница 196: ...7 1 Monitoring Connections The Connections tab shows a table summarizing data of the monitored connec tions Figure 7 1 Monitoring Connections 188...

Страница 197: ...d between the local network and the Internet Select the Traffic tab to display up to the second statistical information about data received from and transmitted to the Internet WAN and about data re c...

Страница 198: ...7 3 System Log Select the System log tab to display a list of the most recent activity that has taken place on GlobeSurfer 3G Figure 7 3 System Log 190...

Страница 199: ...7 4 System Up Time Select the System tab to display the amount of time that has passed since the system was last started Figure 7 4 System Up Time 191...

Страница 200: ...he process of giving individuals access to system objects based on their identity Authentication merely ensures that the individual is who he or she claims to be but says nothing about the access righ...

Страница 201: ...ion that describes the characteristics of Ethernet wired connections Access point A device that exchanges data between computers on a network An access point typically does not have any Firewall or NA...

Страница 202: ...additional system resources This dependence on a server differentiating a client server network from a peer to peer network Computer name A name that uniquely identifies a computer on the network so t...

Страница 203: ...vice that enables a broadband connection to access the In ternet DSL modems rely on telephone lines that operate at DSL speeds Duplex A mode of connection Full duplex transmission allows for the si mu...

Страница 204: ...registered jack computer users on a home network can share resources such as an Internet connection files and printers without in terfering with regular telephone service HomePNA currently offers data...

Страница 205: ...An architecture that standardizes levels of service and types of interaction for computers that exchange information through a communications net work The ISO OSI reference model separates computer to...

Страница 206: ...ngle name of a grouping of computers that are linked together to form a network Network printer A printer that is not connected directly to a computer but is instead connected directly to a network th...

Страница 207: ...settings of your device to restore factory settings You accomplish this by pressing the Reset button and holding it for five or more seconds Note that this is different from just resetting the device...

Страница 208: ...parties to exchange information Messages are routed switched through intermediary stations that together serve to connect the sender and the receiver TCP IP Acronym for Transmission Control Protocol I...

Страница 209: ...floors so you can connect computers that are in different rooms in the house without physically attaching them to one another Wireless access point A device that exchanges data between wireless com pu...

Отзывы:

Нет отзывов