Broadband ADSL Cat Firewall Configuration Tutorial _ Routers, Switches

First, landing broadband cats
There are many ways to access a broadband cat, in order to facilitate the article description, we here in the WYSIWYG Web management method landing.

Open IE Browser, in the Address bar to enter a broadband cat's IP, press ENTER, appear in the Landing box, enter the username and password, click "OK" button. Then we can see the Broadband cat configuration interface.

Hint: Broadband Cat IP can refer to the specification input!

Second, configure the firewall

Click to expand the Services list and select the Firewall command entry, where we can see the detailed configuration of the firewall on the right side of the window. The following is a description of the firewall configuration to the reader.
Blacklist
The top is the "blacklist status" setting, that is, whether to enable the broadband cat blacklist filtering status, "Enable" to Enable, "Disable" for disabled, it is recommended to enable the item. In addition to the blacklist cycle (minutes), is the specified time (in minutes) within the designated computer's IP address will be in the blacklist state.
Attack protection

The purpose of our firewall is to guard against other people's attacks, so the "attack protection" option is set to "enable" to enable the firewall protection of the broadband cat, and for "DOS protection", it is also recommended to choose Enable. This allows you to start service protection for a variety of Dos attacks, recommended for selection.

Max connection


This includes a total of three options, "Max Half-open TCP join", "Max ICMP connection" and "Max Single host Connection". Where the "Max Half-open TCP join" is used to set the percentage of the current IP connection opening in an incomplete open state. A TCP connection may run out of all available IP connections in an incomplete open state, and if the percentage exceeds the value set here, then the incomplete open connection will be closed and a new connection will be replaced; Max ICMP connection is a percentage of the current number of connections set up to manage ICMP packet transfers. If the percentage exceeds the set value at this point, the new connection will begin to transfer data instead of the old one; the final "Max single host Connection" is used to set the percentage of the current IP connection for a single computer. When setting this percentage, consider the number of computers in the local area network.


Log target

In the log target, it is mainly used to set the record location of the firewall's attack events. The "Trace" option means that it is sent to the system, which is stored in the cat; Email "option means to send the record to the designated administrator mailbox. It is recommended that you select this item. The following admin 1 (/2/3) e-mail id is used to set the administrator's mailbox address. It is primarily used to receive reports of firewall attacks, including "Attack Time", "Source IP address of the attacking computer", "Destination IP Address", "protocol used", and so on.

According to the above instructions, choose to configure each item and click the "Submit" button to save the configuration information.

Third, the trouble-maker, the list on the list

Often on the internet, where there is no wet shoes, in the network, there will be attacks, to correct the troublemakers and put them on the list of the blacklist that is for granted. When a broadband cat's firewall system confirms that a packet has an aggressive behavior or is compatible with the IP filtering rules, the firewall will automatically block the source IP address of this packet for a period of time set by the previous "blacklist period".

Click the Blacklist button at the bottom of the firewall Settings page to eject the page where we can see the details of the troublemakers.


Where the "host IP Address" is the IP address of the computer that logs the packet of the attack; Reason "is a short description of the type of attack;" IPF rule ID "if the packet violates the IP filtering rule, then the ID number of the rule is displayed in this box." If the user wants to remove an entry from the list before it is automatically unblocked, you can do so in the Action column.

How to through such a simple configuration, is not feel more relieved. In fact, many of our ADSL modem have such a function, as long as the simple configuration, then the Internet will be more secure.