27
Firewall
Many users wish to activate a firewall for protection. A firewall is an effective way to
block certain port attacks into a site through an internet connection. Most of the new
releases of Microsoft Windows,as do all Macintosh OS X systems, have a built in
software firewall. These are only good if a single PC is connected to the DW6000. If the
DW6000 is servicing a network a hardware firewall is the recommended way to go and
not a software version of a firewall from Microsoft or any other vendor.
The DWx000 operates in two modes. A consumers edition mode of NAPT (Network
Address Port Translation) and a professional mode where a static IP address can be
assigned to a DWx000.
In the normal consumer edition the DWx000 does not get an exposed address on the
internet at large. They get an address on the Direcway Intranet and NAPT is used to
translate the DWx000’s single intranet address into the multiple TCP/IP sessions that
request an address from the DHCP host in the DWx000. The ability for an outside person
to be able to address a consumers session is extremely limited. Indeed, the NAPT ability
of the DWx000 would make one surprised if any outside connection attempt to a port
ever made it to the correct place. NAPT hides the port and/or protocol numbers used by
your computers connected to the DWx000.
NAPT can be considered as a one way valve for conversations, permitting only those
which are initiated by the computers behind it. The only inbound traffic which can
traverse NAPT is that which is part of an internally initiated conversation ('solicited
traffic'). This is similar to the effect of a stateful firewall. –DSL Reports, FAQs Security
NAT Routers.
The professional version, and the commercial versions, are provided with a static IP
address to the DWx000. This address is reachable by the internet at large. It also turns the
DWx000 into something akin to the cable and DSL modems (network termination
interface) that are widely available today. For a little more monthly money expenditure
the DWx000 NAT functions can be removed such that a true stateful packet inspection
firewall can be installed directly behind the DWx000 and before the local LAN.
At their simplest a firewall simply blocks specified TCP/IP ports from entering through
the firewall. For instance, if you do not want any FTP requests to enter your LAN you
simply block the FTP service by specifying to the firewall to block all TCP/IP FTP port
requests. More advanced firewalls not only block specific ports but they also block valid
port requests that come in the wrong state. These firewalls are called stateful firewalls
and they remember the state each session is in by examining the traffic from each TCP/IP
session and blocking unsolicited packets to valid ports when there are no sessions that are
in the proper state to receive them. The stateful firewall has the ability to block TCP/IP
storms from the internet.
(24 pages)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals