ZyXEL Communications Corporation NBG5615 Benutzerhandbuch
Chapter 18 Firewall
NBG5615 User’s Guide
157
4
Don't enable any local service (such as NTP) that you don't use. Any enabled service could present
a potential security risk. A determined hacker might be able to find creative ways to misuse the
enabled services to access the firewall or the network.
a potential security risk. A determined hacker might be able to find creative ways to misuse the
enabled services to access the firewall or the network.
5
For local services that are enabled, protect against misuse. Protect by configuring the services to
communicate only with specific peers, and protect by configuring rules to block packets for the
services at specific interfaces.
communicate only with specific peers, and protect by configuring rules to block packets for the
services at specific interfaces.
6
Protect against IP spoofing by making sure the firewall is active.
7
Keep the firewall in a secured (locked) room.
18.2 General Screen
Use this screen to enable or disable the NBG5615’s firewall, and set up firewall logs. Click
Se cu r it y
>
Fir e w a ll
to open the
Ge n e r a l
screen.
Figure 94
Security > Firewall > General l
The following table describes the labels in this screen.
18.3 Services Screen
If an outside user attempts to probe an unsupported port on your NBG5615, an ICMP response
packet is automatically returned. This allows the outside user to know the NBG5615 exists. Use this
screen to prevent the ICMP response packet from being sent. This keeps outsiders from discovering
your NBG5615 when unsupported ports are probed.
packet is automatically returned. This allows the outside user to know the NBG5615 exists. Use this
screen to prevent the ICMP response packet from being sent. This keeps outsiders from discovering
your NBG5615 when unsupported ports are probed.
You can also use this screen to enable service blocking, enter/delete/modify the services you want
to block and the date/time you want to block them.
to block and the date/time you want to block them.
Click
Se cu r it y
>
Fir e w a ll
>
Se r vice s
. The screen appears as shown next.
Table 63
Security > Firewall > General
LABEL
DESCRIPTION
Enable Firewall
Select this check box to activate the firewall. The NBG5615 performs access control and
protects against Denial of Service (DoS) attacks when the firewall is activated.
protects against Denial of Service (DoS) attacks when the firewall is activated.
Apply
Click
Apply
to save the settings.
Cancel
Click
Ca n ce l
to start configuring this screen again.