3Com Router WL-602 User Manual
Have a look at the manual 3Com Router WL-602 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 19 3Com manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Internet Settings79 DNSDomain Name Service (or Server) is an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, theyre easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.example.com might translate to 198.105.232.4. Figure 61 DNS Screen If the DNS information is automatically provided by your ISP every time you connect to it, check the Automatic from ISP checkbox. If your ISP provided you with specific DNS addresses to use, enter them into the appropriate fields on this screen and click Apply. Many ISPs do not require you to enter this information into the Router. If you are using a Static IP connection type, you may need to enter a specific DNS address and secondary DNS address for your connection to work properly. If your connection type is Dynamic or PPPoE, it is likely that you do not have to enter a DNS address.
80CHAPTER 5: CONFIGURING THE ROUTER Clone MAC addressTo configure the Hostname and Clone MAC Address information for your Router, select Internet Settings, then go to the Clone MAC address tab. Figure 62 Hostname and Clone MAC Address Screen 1Some ISPs require a host name. If your ISP has this requirement, enter the host name in the Host Name field. 2Three different ways to configure the WAN MAC Address: ■If your ISP requires an assigned MAC address, enter the values in the WAN MAC address field. or ■If the computer that you are using is the one that was previously connected directly to the cable modem, click Clone. or ■To reset the MAC Address to the default, click Reset MAC. 3Click Apply to save the settings.
Firewall81 FirewallThis section is for configuration settings of the Router’s firewall function. Your Router is equipped with a firewall that will protect your network from a wide array of common hacker attacks including Ping of Death (PoD) and Denial of Service (DoS) attacks. You can turn the firewall function off if needed. Turning off the firewall protection will not leave your network completely vulnerable to hacker attacks, but 3Com recommends that you leave the firewall enabled whenever possible. SPIStateful Packet Inspection (SPI) - The Intrusion Detection Feature of the Router limits access for incoming traffic at the WAN port. This feature is called a stateful packet inspection, because it examines the contents of the packet to determine the state of the communications; i.e., it ensures that the stated destination computer has previously requested the current communication. This is a way of ensuring that all communications are initiated by the recipient computer and are taking place only with sources that are known and trusted from previous interactions. In addition to being more rigorous in their inspection of packets, stateful inspection firewalls also close off ports until connection to the specific port is requested. Figure 63 Firewall Screen
82CHAPTER 5: CONFIGURING THE ROUTER To enable the firewall function: 1Select the level of protection (High, Medium, or Low) that you desire from the Firewall level drop-down menu. 2Click Apply. ■For low and medium levels of firewall protection, refer to Figure 64. For low level of firewall protection, the DoS and SPI functions are both off. For medium level of firewall protection, DoS in on, but SPI is off. ■For high level of firewall protection, refer to Figure 65. Both DoS and SPI are on for this level of firewall protection. The higher the firewall level is, the safer that your network is. Figure 64 Low and Medium Level Firewall Protection Screen When abnormal network activity occurs, an alerting email will be sent out to you. Enter the following information to receive the email: ■Your E-mail Address ■SMTP Server Address ■User name ■Password
Firewall83 Figure 65 High Level Firewall Protection Screen If you select high level of protection, you would have an option to configure additional parameters for the firewall. ■Fragmentation half-open wait - Configures the number of seconds that a packet state structure remains active. When the timeout value expires, the Router drops the un-assembled packet, freeing that structure for use by another packet. ■TCP SYN wait - Defines how long the software will wait for a TCP session to synchronize before dropping the session. ■TCP FIN wait - Specifies how long a TCP session will be maintained after the firewall detects a FIN packet. ■TCP connection idle timeout - The length of time for which a TCP session will be managed if there is no activity. ■UDP session idle timeout - The length of time for which a UDP session will be managed if there is no activity. ■H.323 data channel idle timeout - The length of time for which an H.323 session will be managed if there is no activity.
84CHAPTER 5: CONFIGURING THE ROUTER ■Total incomplete TCP/UDP sessions HIGH - Defines the rate of new unestablished sessions that will cause the software to start deleting half-open sessions. ■Total incomplete TCP/UDP sessions LOW - Defines the rate of new unestablished sessions that will cause the software to stop deleting half-open sessions. ■Incomplete TCP/UDP sessions (per min) HIGH - Maximum number of allowed incomplete TCP/UDP sessions per minute. ■Incomplete TCP/UDP sessions (per min) LOW - Minimum number of allowed incomplete TCP/UDP sessions per minute. ■Maximum incomplete TCP/UDP sessions number from same host - Maximum number of incomplete TCP/UDP sessions from the same host. ■Incomplete TCP/UDP sessions detect sensitive time period - Length of time before an incomplete TCP/UDP session is detected as incomplete. ■Maximum half-open fragmentation packet number from same host - Maximum number of half-open fragmentation packets from the same host. ■Half-open fragmentation detect sensitive time period - Length of time before a half-open fragmentation session is detected as half-open. ■Flooding cracker block time - Length of time from detecting a flood attack to blocking the attack.
Firewall85 Special ApplicationsSpecial Applications (port triggering) let you choose specific ports to be open for specific applications to work properly with the Network Address Translation (NAT) feature of the Router. Figure 66 Special Applications Screen A list of popular applications has been included to choose from. Select the application from the Popular Applications drop-down menu. Then select the row that you want to copy the settings to from the Copy To drop-down menu, and click Copy To. The settings will be transferred to the row that you specified. Click Apply to save the setting for that application. If your application is not listed, you will need to check with the application vendor to determine which ports need to be configured. You can manually enter the port information into the Router. To manually enter the port information: 1Specify the trigger port (the one used by the application when it is initialized) in the Trigger Port column, and specify whether the trigger is TCP or UDP. 2Specify the Public Ports used by the application, that will need to be opened up in the firewall for the application to work properly. Also specify whether these ports are TCP or UDP. Note that the range of the trigger port is from 1 to 65535. You can enter the port number as one single port, or in range, use comma to separate different entries. 3Check the Enabled checkbox, then click Apply.
86CHAPTER 5: CONFIGURING THE ROUTER Virtual ServersThe Virtual servers feature allows you to route external (Internet) calls for services such as a web server (port 80), FTP server (Port 21), or other applications through your Router to your internal network. Since your internal computers are protected by a firewall, machines from the Internet cannot get to them because they cannot be seen. If you need to configure the Virtual Server function for a specific application, you will need to contact the application vendor to find out which port settings you need. The maximum number of virtual servers that can be configured is 20. Figure 67 Virtual Servers Screen A list of popular servers has been included to choose from. Select the server from the Popular servers drop-down menu. Then click Add, your selection will be added to the table. If the server that you want to use is not listed in the drop-down menu, you can manually add the virtual server to the table. To manually configure your virtual servers: 1Enter the IP address, and the description in the spaces provided for the internal machine. 2Select the protocol type (TCP, UDP, or both TCP and UDP) from the drop-down menu.
Firewall87 3Specify the public port that will be seen by clients on the Internet, and the LAN port which the traffic will be routed to. 4You can enable or disable each Virtual Server entry by checking or unchecking the appropriate Enabled checkbox. 5Click Apply to save the changes for each Virtual Server entry. DMZIf you have a client PC that cannot run an Internet application properly from behind the firewall, you can open the client up to unrestricted two-way Internet access. This may be necessary if the NAT feature is causing problems with an application such as a game or video conferencing application. Figure 68 DMZ Screen Use this feature on a temporary basis. The computer in the DMZ is not protected from hacker attacks. Check the Enable DMZ box, the IP Address of Virtual DMZ Host will appear. 1Enter the last digits of the LAN IP address in the Client PC IP Address field. Enter the IP address (if known) that will be accessing the DMZ PC into the Public IP Address field, so that only the computer on the Internet at this address can access the DMZ PC without firewall protection. If the IP
88CHAPTER 5: CONFIGURING THE ROUTER address is not known, or if more than one PC on the Internet will need to access the DMZ PC, then set the Public IP Address to 0.0.0.0. In the default setting (line 1), Public IP address is set to 0.0.0.0 and it is automatically transformed by default WAN IP. We only allow one DMZ server to be accessed by public IPs (Many to 1 NAT). If you have more than one DMZ server, you have to set a second WAN IP in line 2 and define which IP address of DMZ server you would like to set in the Client PC IP address. For this Router, only 1 to 1 NAT function is allowed. 2Click Apply. PC PrivilegesThe Router can be configured to restrict access to the Internet, email or other network services at specific days and times. Restriction can be set for a single computer, a range of computers, or multiple computers. You can define the traffic type permitted or not-permitted to the Internet. Note that this function requires timescheduling to be applied to access control, you will need to create schedule rules first and then use PC Privileges. Figure 69 PC Privileges Screen 1Select one option from filtering function: ■All PCs have access to the Internet: selecting this mode means that all clients have full access to Internet. ■PCs access authorised services only: 2Click Add PC (refer to Figure 70).