73
E-DOC-CTC-20051017-0151 v1.0
Chapter 4
Basic Configuration
Low:
All outgoing connections are allowed. All incoming connections are blocked,
except for ICMP (Internet Control Management Protocol) and inbound
connections assigned to a local host via Game and Application Sharing.
Disabled:
All in- and outgoing traffic is allowed to pass through your SpeedTouch™,
including Game and Application Sharing.
This is the default firewall level.
BlockAll:
All traffic from and to the Internet is blocked. Game and Application Sharing is
not allowed by the firewall.
Details of a security
level
To view the details of the currently active security level:
1 In the Toolbox menu, click Firewall.
2 Click the Details link.
Following information is provided per rule that is part of the security level
The name of the rule
The Action that is applied on the traffic when the rule is valid
The Source and Destination interface or IP address (range) to which the rule
applies
The protocol or SpeedTouch™ Service for which the rule applies.
The number of Hits (number of times that the rule was applied to traffic).
Creating a new security
level
Proceed as follows:
1 In the Toolbox menu, click Firewall.
2 In the upper right corner, click Configure.
3 In the Pick a task list, click Create a new Security Level.
4 In the Name box, type a name for the new security level.
5 Choose an existing security level to clone from.
6 Click Apply.
Editing a security level Proceed as follows:
1 In the Toolbox menu, click Firewall.
2 In the upper right corner, click Configure.
3 Select a security level, and then click the Edit link.
The firewall settings of the selected security level appear.
4 You can:
Although BlockAll should block all connections, some mandatory types
of traffic such as DNS will still be relayed between LAN and WAN via
the SpeedTouch™.
The firewall levels only have impact on the forward hook. This means that
the handling of traffic from and to the Web pages of the SpeedTouch™ is
independent of the selected firewall level.
Protocol checks will be performed on all accepted connections, irrespective
of the chosen level. You can only disable protocol checks via the CLI.