Firewall Special Applications 71 Special Applications let you choose specific ports to be open for specific applications to work properly with the Network Address Translation (NAT) feature of the Router. Figure 56 Special Applications Screen A list of popular applications has been included to choose from. Select your application from the Popular Applications drop-down menu. Then select the row that you want to copy the settings to from the Copy To drop-down menu, and click Copy To.
72 CHAPTER 5: CONFIGURING THE ROUTER Virtual Servers The Virtual servers feature allows you to route external (Internet) calls for services such as a web server (port 80), FTP server (Port 21), or other applications through your Router to your internal network. Since your internal computers are protected by a firewall, machines from the Internet cannot get to them because they cannot be 'seen'.
Firewall 73 4 You can enable or disable each Virtual Server entry by checking or unchecking the appropriate Enabled checkbox. 5 Click Apply to save the changes for each Virtual Server entry. DMZ If you have a client PC that cannot run an Internet application properly from behind the firewall, you can open the client up to unrestricted two-way Internet access. This may be necessary if the NAT feature is causing problems with an application such as a game or video conferencing application.
74 CHAPTER 5: CONFIGURING THE ROUTER Schedule Rule The Router can be configured to restrict access to the Internet, email or other network services at specific days and times. Define the time in this page, and define the rules in the PC Privileges page (see page 75). Figure 59 Schedule Rule Screen 1 Click Add Rule to add a schedule rule (a screen similar to Figure 60 will appear). Figure 60 Add Schedule Rule Screen 2 Enter a name and comment for the schedule rule in the Name and Comment fields.
Firewall PC Privileges 75 The Router can be configured to restrict access to the Internet, email or other network services at specific days and times. Restriction can be set for a single computer, a range of computers, or multiple computers. You can define the traffic type permitted or not-permitted to the Internet. Figure 61 PC Privileges Screen To edit or delete specific existing filtering rules, click on Edit or Delete for the appropriate filtering rule.
76 CHAPTER 5: CONFIGURING THE ROUTER 3 Enter a description in the Client PC Description field, and the IP address or IP address range into the Client PC IP Address fields. 4 To bypass the URL Filter and Content Filter, check the corresponding Bypass checkbox. 5 Select the services to be blocked. A list of popular services is given on this screen, to block a particular service, check the appropriate Blocking checkbox.
Firewall URL Filter 77 To configure the URL filter feature, use the table on the URL Filter screen to specify the Web sites (www.somesite.com) and/or keywords you want to filter on your network. For example, entering a keyword of xxx would block access to any URL that contains the string xxx. Figure 63 URL Filter Screen 1 Check the Enable URL Filtering Function checkbox. 2 Enter the URL address or keywords in the URL/Keyword field. 3 Select Denied or Allowed from the Mode drop-down menu.
78 CHAPTER 5: CONFIGURING THE ROUTER Content Filter You can use the list on the Content Filter page to specify the type of content that you want to filter out. The Router comes with a 14-day free trial of the 3Com Content Filter Service (3CSBCFS). To activate the 14-day free trial of the service, you must first register your Router at www.3com.com. To continue using the service after the trial period, you must purchase the 12-month subscription license.
Firewall 79 4 If you are not sure about your subscription status, click CHECK in Subscription Filtering Status to find out if you have a current, valid subscription. 5 Subjects are listed under Core Categories and Productivity Categories. You can define what content should be viewed/blocked using the Allow/Deny option. The Deny option is used to filter out the content that contains the specific subject matter. Content with a specific subject matter will not be filtered out if the Allow option is checked.
80 CHAPTER 5: CONFIGURING THE ROUTER Figure 66 Server Control Add Server Screen 1 Enter a description in the Server Description field, and the IP address or IP address range into the Server IP Address fields. 2 Select the services that will be allowed. A list of popular services is given on this screen, to unblock a particular service, check the appropriate Allowed checkbox.
Quality of Service Quality of Service QoS Settings 81 The QoS (Quality of Service) function allows you to differentiate your network traffic and provide it with high-priority forwarding service. The bandwidth gap between LAN and WAN may significantly degrade performance of critical network applications, such as VoIP, gaming, and VPN. This QoS function allows you to classify traffic of applications and provides them with differentiated services (Diffserv).
82 CHAPTER 5: CONFIGURING THE ROUTER Click Add to add a new traffic class rule (see Figure 69). Figure 69 Add New Traffic Class Rule Screen Traffic Statistics This page shows the WAN outbound traffic statistics of all the Diffserv forwarding groups in the last 12 hours. This page automatically updates every 5 minutes.
Advanced Advanced 83 From the Advanced screen, you can configure: Security ■ Security ■ Static Routes ■ RIP ■ DDNS ■ SNMP ■ Syslog ■ Proxy Arp Using this advanced security settings page to set the detail settings for the Router. Figure 71 Security Screen ■ NAT — Before you enable NAT (Network Address Translation), make sure you have changed the administrator password.
84 CHAPTER 5: CONFIGURING THE ROUTER you turn NAT off, the computers on your network will not be able to access the Internet. Other problems may also occur. ■ IPSEC NAT-T Pass-through — NAT-T (NAT Traversal) is an Internet Draft proposed to IETF in order to help the problems associated with passing IPsec traffic through NAT Routers. For NAT-T to work, both ends of the connection need to support this function. Ensure that you select NAT-T only if it is needed as it will reduce LAN-WAN throughput.
Advanced 85 Control Message Protocol (ICMP) error to the external server to request that the server negotiate the TCP Maximum Segment Size (MSS). However, this message may be blocked by some firewalls. When this occurs, the packet is dropped. To allow the message to go through the firewall, enable MSS Clamping. MSS clamping will make Internet Connection Sharing to set the MSS value low enough to match the external interface.
86 CHAPTER 5: CONFIGURING THE ROUTER Static Routes You can configure static routes in this page. To add a static route entry to the table, click Add. To change an existing entry, click Edit. To delete an entry, click Delete. Figure 72 Static Routes Screen This screen shows a list of current static route entries. For each entry, the following information is displayed: ■ Index — the index of the entry. ■ Network Address — the network address of the route. ■ Subnet Mask — the subnet mask of the route.
Advanced RIP 87 RIP (Routing Information Protocol) - RIP allows the network administrator to set up routing information on one RIP-enabled device and send that information to all RIP-enabled devices on the network. Figure 73 RIP Parameter Screen You can set up RIP independently on both LAN and WAN interfaces. 1 Check the Enable RIP checkbox. 2 Check the Enable Auto summary checkbox. Auto summarization sends simplified routing data to other RIP-enabled devices rather than full routing data.
88 CHAPTER 5: CONFIGURING THE ROUTER 5 Use the Poison Reverse drop-down menu to enable or disable Poison Reverse on the router. Enabling Poison Reverse on your Router allows it to indicate to other RIP-enabled devices that they have both routes that point to each other, preventing data loops. 6 Use the Authentication Required field to choose the mode of authentication: ■ None — Switches off authentication on the specified interface.