Gateway User Interface
30
•
Strict UDP Session Control. Enabling this feature provides increased security by preventing the 2Wire
gateway from accepting packets sent from an unknown source over an existing connection.
The ability
to send traffic based on destination only is required by some applications. Enabling this feature may not
allow some on-line applications to work properly.
Allowing Inbound and Outbound Traffic
The Inbound and Outbound Control pane displays some common protocol types. When one of the Inbound
protocol boxes is checked, the firewall allows the corresponding protocol to pass through from the Internet
to the network. If one of the Outbound protocol boxes is checked, the firewall allows the traffic from the
network to pass through the firewall to the Internet.
Note:
If you configure the firewall to block an Inbound protocol, you may disable support for
hosted applications that require that type of protocol.
Disabling Attack Detection
By default, the 2Wire gateway firewall rules block the attack types listed in the Attack Detection pane. There
are some applications and devices that require the use of specific data ports through the firewall. The
gateway allows users to open the necessary ports through the firewall using the Firewall Settings page. If
the user requires that a computer have all incoming traffic available to it, this computer can be set to the
DMZplus mode. While in DMZplus mode, the computer is still protected against numerous broadband
attacks (for example, SYN Flood or Invalid TCP flag attacks).
I
n rare cases, the incoming traffic may be inadvertently blocked by the firewall (for example, when
integrating with external third-party firewalls or VPN servers). You may need to disable one or more of the
attack detection capabilities for any device placed in the DMZplus. In this case, the third-party server
provides the attack protection normally provided by the gateway.
Following are the attacks for which the gateway firewall filters continuously checks.
•
Excessive Session Detection. When enabled, the firewall will detect applications on the local network
that are creating excessive sessions out to the Internet. This activity is likely due to a virus or “worm”
infected computer (for example, Blaster Worm). When the event is detected, the gateway displays a
HURL warning page.
•
TCP/UDP Port Scan. A port scan is a series of messages sent by someone attempting to break into a
computer to learn which computer network services, each associated with a well-known port number
(such as UDP and TCP), the computer provides. When enabled, the firewall detects UDP and TCP port
scans, and drops the packet.
•
Invalid Source/Destination IP address. When enabled, the firewall will verify IP addresses by checking
for the following:
−
IP source address is broadcast or multicast — drop packet.
−
TCP destination IP address is not unicast — drop packet.
−
IP source and destination address are the same — drop packet.
−
Invalid IP source received from private/home network — drop packet.