SpeedStream Router User's Guide
Contents
1. 1 Select Setup gt User Profiles from the left navigation pane of the Web interface This displays the Current Profiles page User profiles are added using a Wizard accessed from this page SpeedStream o PTUSnet gt GADRAND O Help A Logie Profile Wizard Setup FTE Current Profiles Mode Remote Access 4 User Profiles WAN Interface Ne cists Time Client Static Rowtes Firewall UPaP RiP Server Parts Dynamic DNS 2 Optionally select the Force all users to be identified before surfing option 3 Click New Profile This displays the Profile User Information page SpeedStream OPTUS ner gt Setup a PPP Mode Remote Access User Profiles Profile User Information WAN Interface Most fit DHCP Enter Profile Admin User mam Timo Client Profile Wizard Static Routes Firewall UPaP RAP Server Ports MA Neto _Firust SIEMENS 13 OPTUSnet 4200 Router Chapter 3 Configuring User Profiles User s Guide Add User Profiles 4 Enter a Username for the user you are adding Optionally enter a Password for the user and Confirm it Click Next This displays the Profile Content Filtering page Content filtering restricts access to undesirable Web sites and Web content SpeedStream OPTUSner gt BAOADEANO Her Profile Wizard Setup PPP er Mode Profile Content Filtering Remote Access User Profiles Configure Profile WAN interface y P Host DHCP A2. User s Guide Tools Tools This section describes how to use the tools listed below Interface Map View a graphical representation of the current LAN and WAN configurations Reboot Reboot the Router Interface Map Some Router configurations provide a graphical representation of the current LAN and WAN configurations This is particularly useful for Technical Support in verifying that correct protocol encapsulations are assigned and Virtual Circuits VCs are mapped to the correct network interfaces Note This option may not be available on your Router configuration To display the interface map select Tools gt Interface Map from the left navigation pane of the Web interface This displays the Interface Map page SpoodStroam OPTUSner gt Server Ports Dynamic ONS Status and Statistics System Summary System Leg ATMVAAL DSL Ethernet use Routes Legend Diagnostics u u Tools E intertaco Map Reboot SIEMENS 57 OPTUSnet 4200 Router Chapter 7 Monitoring Router Health User s Guide Tools Reboot You can reboot the Router using the Reboot option or you can reset the Router to factory defaults using the Reset option Reboot should be used when the Router needs to be restarted without losing your current configuration settings Note This option may not be available on your Router configuration To reboot the Router select Tools gt Reboot from the left navigation pane of the Web interface This
3. Make any desired changes Click Next to get to the next page you want to change Make any desired changes 4 Click Finish at any time when you are done making changes SIEMENS 17 OPTUSnet 4200 Router Chapter 3 Configuring User Profiles User s Guide Deleting User Profiles Deleting User Profiles This section describes how to delete a user To delete a user 1 Select Setup gt User Profiles from the left navigation pane of the Web interface This displays the Current Profiles page SpeedStream OPTUSner gt BROADBAND Help A A Logie Profile Wizard Setup EE Current Profiles Mode Remote Access User Profiles Prof dre WAN Interface Ne P eiste Host EH DHCP Admin User x Time Cilent Static Routes 4 Firewall UPaP RAP us Server Parts Dynamic DNS v a obe lt gt 2 Click the Delete button next to the name of the user you want to delete SIEMENS 18 Chapter 4 Configuring ISP Connection Settings This chapter describes how to set advanced ISP connection settings The options in this section should only be configured with the help and guidance of your ISP Incorrect changes to any of these options could result in the failure of your internet connection The ISP connection options are listed below WAN Interface Wizard for configuring the WAN Interface The information requested by the Wizard should be supplied by the service provider Host Configure the basic networking attr
4. The TCP UDP Options page is displayed if you select TCP or UDP protocol from the Protocol Definition page If you selected either of these protocol types you must identify the source and destination ports SpeedStream OPTUS net gt MEDADRANE PPP A Mode irewall IP Filter Configuration Wizard Remote Access User Profiles ce Host DHCP Admin User Time Client Static Routes Firewall Filter Rules Log ADS UPnP RIP Server Ports Dynamic ONS 1 Select one of the following options from the Source Port Operator drop down menu and the Destination Port Operator drop down menu e any Any port is acceptable as the source destination port e less than or equal to A port less than or equal to the numeric value in the Port 1 field is acceptable as the source destination port Be sure to provide a value in the Port 1 field e equal to A port equal to the numeric value in the Port 1 field is acceptable as the source destination port Be sure to provide a value in the Port 1 field e greater than or equal to a port greater than or equal to the numeric value in the Port 1 field is acceptable as the source destination port Be sure to provide a value in the Port 1 field e range Any port between the value of the entry in the Port 1 field and the value in the Port 2 field is acceptable as the source destination port Be sure to provide a value in the Port 1 and Port 2 fields 2 Optionally select the Check TCP syn packets chec
5. To edit a static route click the Edit column for the static route you want to edit Note To delete a static route click the Delete column for the static route you want to delete SIEMENS 23 Chapter 5 Configuring Network Settings This section contains details for configuring network related information The network settings options are listed below Mode Configure the operation mode for the router UPnP Universal Plug Configure and control UPnP inter operability and security and Play RIP Routing Activate and control RIP functionality Using RIP the Router is able to determine the Information Protocol shortest distance between two points on the network based on the addresses of the originating devices Server Ports Specify server ports used by common applications such as HTTP Web site traffic FTP and Telnet Dynamic DNS Set up Dynamic DNS Dynamic DNS translates IP addresses into alphanumeric names For example an IP address of 333 136 249 80 could be translated into siemens com SIEMENS 24 OPTUSnet 4200 Router Chapter 5 Configuring Network Settings User s Guide Mode Mode To select the operation mode for the router 1 Select Mode from the left navigation pane of the Web interface This displays the Mode selection page SpeedStream Login Setup PPP Mado Remote Access 2 Select one of the following operation modes Upon selection all associated parameters are set automatica
6. 98SE Windows 2000 Windows ME or XP Mac OS versions 8 6 through 10 2 4 General Safety Guidelines When using the SpeedStream Router observe the following safety guidelines e Never install telephone wiring during a storm e Avoid using a telephone during an electrical storm Lightning increases the risk of electrical shock Do not install telephone jacks in wet locations and never use the product near water e Do not exceed the maximum power load ratings for the product SIEMENS 3 Chapter 2 Installation This chapter describes the steps you must take to install and configure the various components in your network to utilize the Siemens Broadband Internet Router This includes setting up the hardware connections to the Internet router configuring the PC to use the Internet router for Internet access and setting up the router configuration Hardware Installation You may position the Siemens broadband router at any convenient location where it will be well ventilated Do not stack it with other devices or place it on the carpet You can connect the router to an existing Ethernet port or USB port on your computer Determine which connection method you want to use and follow the instructions below for the selected installation method Ethernet or USB Ethernet Installation Method To connect the SpeedStream device via the Ethernet interface your computer must have an Ethernet adapter also called a network
7. Configuration Wizard Mode Remote Access User Profiles Clone Rule Definitions WAN Interface Hest To create a new set of custom IP filter rules from one of the DHCP existing preconfigured firewall levels complete the following Admin User step Time Ciest Static Routes WARNING This action will replace all Custom rules currently Firewall defined Level Filter Rules Log ADS UPaP a GO a 2 Select one of the following from the Select preconfigured firewall level for cloning drop down menu e Low Clones low level IP filter rules which provide minimal restrictions with respect to outbound traffic Outbound traffic is allowed for all supported IP based applications and Application Level Routers ALGs The only inbound traffic allowed is traffic received within the context of an outbound session initiated on the local host This is the default Medium Clones medium level IP filter rules which provides moderate restrictions with respect to outbound traffic Outbound traffic is allowed for most supported IP based applications and Application Level Routers ALGs The only inbound traffic allowed is traffic received within the context of an outbound session initiated on the local host e High Clones high level IP filter rules which provide high restrictions with respect to outbound traffic Outbound traffic is allowed only for a very restricted set of supported IP based applications and ALGs The only inbound traffic allowed is traf
8. SUMMA id tie ia e did at 52 Stemi didas 52 ATM Statisti S civil aia Anand ai Ada god delete bd iz 53 DSUSSTAtISTOS o ced scectis giadeachachacedectsheduadubasaneanaendaccdsdccushadnandedaquadederts aeduadcanaasaqedateqnedas bagednasedea a 53 Ethernet Stat Mitin A A urediti ida 54 USB Statistics oooooooonnnnnininnoononconcnonccnnnn aa eta unit otad Ma gt RRE RARA RAR oba sladak raK ENEE aaraa 54 FROULOS aai teeta SAVO A ija Akad sta good dju guta a A dode A But dG vas A dje E dade E A Zeeu aa ije ni dala alata oda 55 E epitete cies sv iterna EAEE LEANE AEAEE AE ETE vidascedccuvagedea caunihbeussvvegseesausintbassvyageled danka eaa 56 TOOLS igs si eis seta alata See Vida e Pika cued dana ek date Sd ad A id diia 57 Interface Map ccccccccceceeeeeeeeeeeceeeaeeeeeeeeee eee ranma 57 ROD diia cence a lace lati cava seeded acne dria A A A ida 58 Chapter 8 Troubleshooting Interpreting the LED DISPlay esse aaa a ee ee ake ker reke ee ee koe ee arc cnn naar rr cnn rr 60 Resolving Specific ISSUES icon dados iaa iodo dica 61 Contacting Technical Support iecccistavvendsccesssadicecsnsanaasesteensdscersandassias nad cagdaneaaadeetasuunadeaan satadddgavadsstuansaadddedanendde 62 SIEMENS ii Chapter 1 Introduction Congratulations on the purchase of the SpeedStream Router with SecureRoute The SpeedStream Router is a powerful yet simple communication device for connecting your computer or local area network LAN to the Internet T
9. This shows that a long term attack is taking place without completely filling up the firewall log with entries for every single packet 5 Click Apply Below is a description of each event that can be monitored e Same Source and Destination Address An outside device can send a SYN synchronize packet to a host with the same source and destination address including port causing the system to hang When the receiving host tries to respond to the source SIEMENS 46 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall address in the packet it ends up just sending it back to itself This packet could ping pong back and forth over 200 times consuming CPU resources before being discarded Broadcast Source Address An outside device can send a ping to your Router broadcast address using a forged source address When your system responds to these pings it is brought down by echo replies LAN Source Address on LAN An outside device can send a forged source address in an incoming IP packet to block trace back Invalid IP Packet Fragment An outside device can send fragmented data packets that can bring down your system IP packets can be fairly large in size If a link between two hosts transporting a packet can only handle smaller packets the large packet may be split or fragmented into smaller ones When the packet fragments get to the destination host they must be reassembled into the original large
10. displays System Reboot page SpeedStream Reboot Interface Map Rebost The System Reboot page displays a countdown while processing When the Router has finished rebooting the System Summary page is displayed Reset to system defaults Reset the Router to system defaults should be done when you find it necessary to recover the factory default settings This may be necessary when a custom configuration did not go as planned when a new configuration is desired or when the Router does not appear to be working properly Important This option resets all custom settings users and passwords on your Router To reset the Router 1 Using the tip of a ballpoint pen or unfolded paperclip press and hold the Reset button located on the bottom of the router The pwr LED will blink red once indicating that the reset has begun 2 Continue depressing the Reset button for four seconds or until the pwr LED begins to blink alternating red to green 3 Release the Reset button To cancel the reset Continue depressing the Reset button for longer than 10 seconds The pwr LED will return to green and the action will be cancelled SIEMENS 58 Chapter 8 Troubleshooting Connection problems usually occur when the Router s software configuration contains incomplete or incorrect information The Router s diagnostic tools can help yo identify and solve many of these problems Before contacting Technical Support you
11. from the left navigation pane of the Web interface This displays the Host Configuration page OPTUS pner gt BROADBAND Host Configuration Remote Access P Addre User Profiles WAN Interface P Netr Host fault Gat DHCP A Admin User Time Client Static Routes 2 Change settings as specified by your ISP 3 Click Save Settings This displays a confirmation screen displays notification that the new setting will not take affect until you reboot the router You may do so at this point or later SIEMENS 20 OPTUSnet 4200 Router Chapter 4 Configuring ISP Connection Settings User s Guide DHCP DHCP DHCP the Dynamic Host Configuration Protocol describes the means by which a system can connect to a network and obtain the necessary information for communication upon that network Do not change the default DHCP Configuration settings unless directed by your ISP Note All addresses must be entered as an Ipv4 subnet mask in dotted decimal notation for example 255 255 255 0 To configure the DHCP feature 1 Select Setup gt DHCP from the left navigation pane of the Web interface This displays the DHCP Configuration page SpeedStream OPTUSnet gt N User Profiles WAN Interface Host DHCP Admin User Time Client Static Routes Firewall UPaP RIP Server Ports 2 Select one of the following Enable The Router will operate as a DHCP server to handle DHCP request
12. information SpeedStream OPTUSner gt System Type Config Part Firmware Part s MAC Address Point to Point Connection Su I System Log The System Log page displays a record of all system activity including what actions were performed what packets were dropped and what packets were forwarded This information allows you to make informed decisions about the need to add new filter rules The System Log contains a maximum of 200 entries each entry may contain a maximum of 200 characters Select Status and Statistics gt System Log from the left navigation pane of the Web interface to view the System Log page SpeedStream OPTUSrer gt n onorano System Log System Summary System Log Log Display Options ATM AAL Display A Ent DSL Ethernet fa USB Net SHAGRAgsS DUNRRTAE Tesages e To update the display click Refresh To clear the log click Clear Log e To change the events displayed in the log modify the Log Display Options then click Apply SIEMENS 52 OPTUSnet 4200 Router Chapter 7 Monitoring Router Health User s Guide Status and Statistics ATM Statistics View status and statistical information for the WAN side Asynchronous Transfer Mode ATM network connection WAN side connection to the service provider is based on an Asynchronous ATM Stats Transfer Mode ATM network connection In i Mex Theoret addition statistical information is provided for each Virtual Circuit VC confi
13. on your PC 3 Connectthe DSL cable resembles a telephone cord to the DSL port on the router To reduce the risk of fire use the supplied telephone cable or an ACA approved cable to connect your DSL port on your router to a DSL telephone jack 4 Plug the other end of the DSL cable into the wall switch socket DSL connection Power supply Connect the power adapter to the rear of the router Plug the power adapter into the electrical wall outlet 5 6 7 Power on all connected PCs 8 Insert the USB driver CD ROM into the CD ROM drive of your PC 9 When prompted follow the on screen instructions to complete the driver installation 10 Flip the power switch to power on the router You can now configure the TCP IP settings as detailed in the PC Configuration section SIEMENS 5 OPTUSnet 4200 Router Chapter 2 Installation User s Guide PC Configuration PC Configuration This section explains how to configure your personal computer to work with the Router To access the Internet through the SpeedStream Router your PC must be configured to use the TCP IP protocol suite over the Internet and to accept Dynamic Host Configuration Protocol address assignments from the router The default network settings for the SpeedStream Router are IP Address 10 1 1 1 Subnet Mask 255 255 255 0 By default the Router will act as a DHCP server automatically providing a suitable IP address and related information to each compute
14. packet like pieces of a puzzle A specially crafted invalid fragment can cause the host to crash e TCP NULL An outside device can send an IP packet with the protocol field set to TCP but with an all null TCP header and data section If your Router responds to this attack it will bring down your system e TCP FIN An outside device can send an attack using TCP FIN This attack never allows a data packet to finish transmitting and brings down your system e TCP XMAS An outside device can send an attack using TCP packets with all the flags set This causes your system to slow to a halt Fragmented TCP Packet An outside device can send an attack using fragmented packets to allow an outside user Telnet access to a device on your network e Fragmented TCP Header An outside device can send an attack using TCP packets with only a header and no payload When numerous packets are sent through the Router in this manner your system slows and halts e Fragmented UDP Header An outside device can send an attack using fragmented UDP headers to bring down a device on your network Fragmented ICMP Header An outside device can send an attack using fragmented ICMP headers to bring down a device on your network e Inconsistent UDP IP header lengths An outside device can send an attack using inconsistent UDP IP headers to bring down a device on your network e Inconsistent IP header lengths An outside device can send an attack using changes in th
15. security feature Level Set the firewall security level Snooze Temporarily disable the firewall It is important to note that when the firewall is snoozing all protection provided by the firewall is disabled DMZ Configure firewall DMZ for controlling a virtual DMZ on the Local Area Network The purpose of the DMZ is to redirect suspicious network traffic received from a public WAN to a secured LAN side host dedicated to this purpose Filter Rules Add and delete custom inbound and outbound firewall rules Log View log listing of firewall activity including records of denial of access reason codes and descriptions ADS Configure what events the internal Attack Detection System ADS will protect against and log from a list of well known attacks initiated on the Wide Area Network SIEMENS 34 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall Level The firewall contained within the Router may be configured to operate in one of several modes referred to as levels For ease of use three generic levels are preconfigured Low Medium and High A separate level ICSA 3 0a Compliant is provided for those users who reguire compliance with the criteria set forth by ICSA Labs for firewall behavior Please refer to Firewall Security Levels for a detailed description of these preconfigured levels In addition to the preconfigured levels a Custom level is provided for advanced users who require t
16. server to be provided to DHCP clients A DNS server may be used by clients to resolve domain names to IP addresses e Click Use WAN to specify that the address of the DNS server provided by your ISP is provided to DHCP clients on the LAN 7 In Domain Name optionally enter the DNS domain name for the DHCP server resident on your SpeedStream device This value must be entered as an alpha numeric string 8 In Lease Time do one of the following Enter the period of time an IP addresses leased from the DHCP server is valid At the end of the lease period the DHCP client will transmit a request to the server to extend the lease at which time the server will extend the lease period of the IP address assigned to the client If the lease period expires without the server receiving a request from the client to extend the lease the server will assume the client s connection no longer exists The server will release the IP address assigned to the client and return the address back to the pool of available addresses If you select this option you must specify a DNS Server Click Infinite Time Leaves the lease time open ended preventing the server from releasing the IP address 9 Click Save Settings SIEMENS 22 OPTUSnet 4200 Router Chapter 4 Configuring ISP Connection Settings User s Guide Static Routes Static Routes The SpeedStream DSL Router directs data traffic by learning source and destination information then buildi
17. snooze control time period Use this option if you need a time extension for an open snooze session Be sure to specify the additional amount of time minutes the firewall should be disabled 3 Click Apply SIEMENS 36 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall DMZ The firewall supports virtual DMZ Virtual DMZ redirects traffic to a specified IP address rather than a physical port Because this redirection is a logical application rather than physical it is called virtual DMZ Using virtual DMZ a single node on the LAN can be made visible to the WAN IP network Any incoming network traffic not handled by port forwarding rules is automatically forwarded to an enabled DMZ node Outbound traffic from the virtual DMZ node circumvents all firewall rules The DMZ feature allows a computer on your home network to circumvent the firewall and have direct access to the internet This feature is primarily used for gaming Under this mode of operation all network traffic received from the WAN that is not destined for a host specifically exposed through NAT or for a server exposed through Port Forwarding will be redirected to the designated DMZ host If the DMZ feature is enabled you must select the computer to be used as the DMZ computer host This function is recommended for use only when you require this special level of unrestricted access as it leaves your Router and network exposed to the Internet
18. statistics system and firewall log files Diagnostics Run a diagnostic program against a selected connection on your Router Tools Reset reboot or update firmware Status and Statistics You can display statistics for the Internet Home Networking Security and Logging System Summary Basic descriptive information that identifies the router System Log Displays a record of all system activity including what actions were performed what packets were dropped and what packets were forwarded ATM Statistics Displays status information about the ATM connection DSL Statistics Displays status information about the DSL connection Ethernet Statistics Displays status information about the Ethernet connection USB Statistics Displays status information about the USB connection Routes Displays status information about the current routing table SIEMENS 51 OPTUSnet 4200 Router Chapter 7 Monitoring Router Health User s Guide Status and Statistics System Summary The System Summary page provides basic descriptive information that identifies the router system type current software and firmware versions the MAC address unigue device identifier and the status of currently configured connections Connection information includes the identification and current status of configured point to point PPP and static connections Select Status and Statistics gt System Summary from the left navigation pane of the Web interface to view this
19. the Routers ia td dl dad kai radia 11 Chapter 3 Configuring User Profiles Add User ProfilES tii A A A A een eae 13 Editing User ProtileS a vicario atadas 17 Deleting User Profiles ici A s 18 Chapter 4 Configuring ISP Connection Settings WAN Interface ciosrisiniasrataa curada and cdadennaadacedesdaad snaanoantadcaansaadadadasaneadadiasandadcessnad sigan raddasceanvantdanteeenbacs 19 HOSE TN 20 DHCP uti A ai aa 21 Statie ROULOS ec A iii dices 23 Chapter 5 Configuring Network Settings MOG is ese facets iiaa na a a a aaa slates venuad Ja Lia ia 25 UPnP Universal Plug and Play iio iaa O 26 RIP Routing Information Protocol esserne nnana ta 27 SERV EN POMS aain pa a a aa ac dana deaceesata aa le Ole a a ea ZJ sat a oi sata i ZA NG etana MOJA tacts 28 Dynamic DNS siii ta aida 29 Chapter 6 Configuring Security Features Admin US aos dia 31 TU CWSI 2 cee aac ree cies dates leda elana tetra io earch dad dca bro cal cc gi Penna sce an Dada nts dean taeda a den eg cane ee ened aca ene do ed oj 33 FIC Wall lists cot autaeccatannnsaraedscanecostaauiasenennndesh teta a Nott epa Bare a aa aa a aaa aA a aaa a Aaa o ta rupa a onoj ma ia 34 OVO ie O 35 SMOOZE ies sia Feat as A A A a A ai raj SG osa ata a arate lemenes te 36 SIEMENS i OPTUSnet 4200 Router User s Guide A O ON 37 A NO 38 A O 45 ADS eds 46 Firewall Security Levels viii il ht pd dE cdta 48 Chapter 7 Monitoring Router Health Status and Statistics ida 51 SyS em
20. with no firewall protection To enable and configure the DMZ 1 Select Setup gt Firewall gt DMZ from the left navigation pane of the Web interface This displays the Firewall DMZ Configuration page SpeedStream OPTUS er gt Remote Access ES User Profiles Firewall DMZ Configuration WAN Interface Disabled 00 00 Time Client Static Routes Firewall Level Sneore DIAZ Fitter Rules Log ADS UPnP hip Server Ports Dynamic DNS 2 Select one of the following DMZ enable options e Disable DMZ The firewall is not bypassed Enable DMZ with this Host IP address The firewall is bypassed through an IP address typed in the box next to this field Enable DMZ with this Host IP address The firewall is bypassed through an IP address that is selected from the Select Host drop down menu next to this field Select the desired host from the drop down menu 3 Select one of the following time element options e Make Settings Permanent DMZ settings are permanent unless changed by the administrator e Make Settings Last for DMZ settings last for only the time in minutes entered in the box next to this option 4 Click Apply SIEMENS 37 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall Filter Rules If the firewall security level is set to Custom this features allows you to specify a unigue set of firewall rules for handling inbound and outbound traffic customized to the us
21. IEMENS 15 OPTUSnet 4200 Router Chapter 3 Configuring User Profiles User s Guide Add User Profiles 13 Click Next This displays the Constant Profile IP Address page SpeedStream OPTUSner gt BROADBAND Setup 4 a Remote Access Host Enter an optional to always be associated with PPP Profile Wizard Modo User Profiles Constant Profile IP Address WAM Interface DHCP this profile Admin User Time Client Static Routes Firewall UPnP Cancal lt Bock Head gt gt J o J 14 Optionally enter an IP Address to always be associated with this profile 15 Click Next 16 This completes the User Profile Wizard Click Finish to close the Wizard and return to the Current Profiles page SIEMENS 16 OPTUSnet 4200 Router Chapter 3 Configuring User Profiles User s Guide Editing User Profiles Editing User Profiles This section describes how to edit a user To edit a user 1 Select Setup gt User Profiles from the left navigation pane of the Web interface This displays the Current Profiles page listing all currently configured users SpeedStream OPTUSnet gt BAROADRANOD Help Profile Wizard Current Profiles Remote Access User Profiles Ed rol 3 WAN Interface Newser 5 eddie Hest m DHCP Admin User Time Client Static Routes Firewall UPaP RIP Server Parts Dynamic DNS 2 Click the name of the user you want to change This displays the Profile User Information page
22. Profiles WAN Interface Host DHCP u Admin User Ye Time Client Enable Time en Static Routes Firewall UPaP Secondary Server pool atp org Optior RIP Server Ports Dynamic DNS Select Enable from Enable Time Client In Primary Server IP Address enter the FQDN of the primary server to use as the time server a well known Network Time Protocol Server 4 In Secondary Server IP Address enter the IP address of the secondary server to use as the time server if the router does not receive a response from the primary server In Select Time Zone enter the time zone in minutes from UTC Click Apply SIEMENS 33 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall Firewall A firewall is a system designed to prevent unauthorized access to or from a private network The firewall is designed to protect hosts located on the Local Area Network LAN from attacks initiated on the Wide Area Network WAN Protection is not provided for attacks initiated from the LAN Due to the nature of firewall operations and the system resources reguired to service these operations firewall operations may degrade the performance of the Router especially under heavy network traffic loads The firewall menu item accessible from the left navigation pane of the Web interface expands to provide a list of options to be enabled or disabled as well as links to configure the more complex details of each
23. Remote Access User Profiles WAN Interface Host DHCP Admin User Time Client Static Routes Firewall Select the Enable option under Dynamic DNS Client Type the name provided to you by www dydns org in the Service Username box Type your www dydns org password in the Password box Type the domain or host name provided by www dydns org in the Host Name 1 box Optionally if you have more than one domain or host name type it in the Host Name 2 box NO a F WN Click Apply The system responds by registering your domain or host name to www dydns org SIEMENS 29 Chapter 6 Configuring Security Features The Router provides broad security measures against unwanted users Security also allows for the configuration of the firewall administrator password NAT Network Address Translation and DMZ Demilitarized Zone configuration The security options are listed below Admin User Manage administrator login name and password Time Client Configure network based date and time functionality An accurate date and time is of use when logging system and firewall events and is a reguirement for some firewall functionality e g ICSA compliant firewall operation Firewall Configure and control the internal firewall Many of these features require a thorough understanding of networking principles and firewall operations The firewall options are listed below SIEMENS 30 OPTUSnet 4200 Router Chapter 6 Configuring Security Fe
24. SpeedStream Router User s Guide Model 4200 OPTUSzer gt BROADBAN Part No 007 4049 001 OPTUSnet 4200 Router User s Guide Table of Contents Chapter 1 Introduction Features of the SpeedStream Router coooococcoccccccccccccccccnonnnnnnononnncnnnnnnnn rra nana nen nn nn nn nn ee ee nn nn nana nnnnnnnnnnnnnnrnnerinnnanes 1 Network LAN Features iii 1 Security Features eect ee eee eee ee eee eee eee eee eee eee eee eae 2 Configuration amp Management ccoo a needed dad Matta ees detec aed need 2 Advanced Router FUNCIONS crisis coh RI Borko sande kom devs EE jin kk kor eel cal aaah td 2 Minimum System REQUIFGMONIS js dira a ii JANE ARE MAA 3 General Safety Guldelin S comicios cit e de aia 3 Chapter 2 Installation Hardware Installation o tacita iaa ida ica 4 Ethernet Installation Method css e ataca 4 USB Installation Metod essnee A iii 5 PG Configura ION rito al A a A a A A RA A ai 6 Checking TCP IP Settings Windows 9x ME 00oooocccconnoccccccnnccccccconnoncno conan ee ee ee ee nn nnrrnnnn rca r ran nr rra 7 Checking TCP IP Settings Windows 2000 occcccconcoccccccononcconocanoncnnnonanonncnccnnnnn nn c rra nr rr cnn 8 Checking TCP IP Settings Windows XP oooonooccccnnnnoccccccnononcccccnnnnnnccnnnnnnnnnnnnnn o ee ee ran ee ee rre 9 Internet ACCESS Configura Om ccoo ideas c cdad s 10 For Windows 9X 2000 eeann na tried mm EEE EE nn 10 FOr Windows AP iii c Pe KU ra Pat Ra dA 10 Connecting fo
25. and Play function Before configuring this option you must ensure that the UPnP component is installed on your computer and enabled To enable UPnP functionality 1 Select Setup gt UPnP from the left navigation pane of the Web interface This displays the UPnP Configuration page OPTUSner gt BROADBAND SpeedStream Mode A Ramai pc User Profilos WAN Interface Host DHCP Admin User Time Client Static Routes Firewall UPnP RIP Server Ports Dynamic DNS 2 Select one of the following control options Disable UPnP Prevents the Router from using the UPnP feature to communicate with other devices or your operating system Also may be disabled if your operating system does not support UPnP Enable Discovery and Advertisement only SSDP Sends information about new devices hardware detected only No information concerning software applications or services is transmitted Enable full Internet Gateway Device IGD support Allows the Router to communicate freely with computers on the network about new devices software applications and services as needed to ensure they are working with minimal manual configuration required 3 Select one of the following options Enable access logging Generates a system log message whenever an UPnP client accesses the router e Read only mode Restricts the kind of access an UPnP client can have into the router Only requests in the UPnP protocol that query the statu
26. atures User s Guide Admin User Admin User The Administrator profile controls the reguirements for logging into the Web interface and accessing configuration pages as well as defining the administrator login name and password To configure administrator settings 1 Select Setup gt Admin User from the left navigation pane of the Web interface This displays the Login page Connect to 10 1 1 1 A User name G Password Remember my password 2 Do one of the following e lf this is the initial setup enter admin in User name and click OK By default the admin account does not have a Password defined e If you have already defined a password for the admin account enter admin in User Name and the assigned password in Password Then click OK This displays the Gateway Administrator Setup page SpeedStream O Help Login a a Gateway Administrator Setup Setup PPP Mode Remote Access User Profiles WAN Interface Hest DHCP Admin User Time Client Static Routes v Seve Settings 3 Specify a user name for the administrator You may accept the default user name admin or enter a new user name in User Name The user name is case sensitive 4 Enter a password in New Password then enter the same password in Confirm New Password The password field is case sensitive 5 Select a login security level from one of the following e Require admin login to access entire Web site Before you ca
27. dge Mode RIP Server Ports Dynamic DNS Status and Optionally type a port number in the HTTP box The default port for this field is 80 Optionally type a port number in the FTP box The default port for this field is 21 Optionally type a port number in the Telnet box The default port for this field is 23 Click Apply This displays the Your settings have been saved page 27 OY e 90 DO Optionally click Reboot if you wish for the settings to immediately be implemented The system responds by restarting your Router SIEMENS 28 OPTUSnet 4200 Router Chapter 5 Configuring Network Settings User s Guide Dynamic DNS Dynamic DNS Use the dynamic DNS advanced option to set up Dynamic DNS Dynamic DNS translates IP addresses into alphanumeric names For example an IP address of 211 29 132 105 could be translated into www optusnet com au To use the DDNS service you must register for the service You can register from the following web page www dydns org services dydns Once registered you must set up your DNS data on the Router Once this is done users can connect to your servers or DMZ computer from the Internet using your Domain name Refer to the section in this document titled DMZ for more information on DMZs To set up Dynamic DNS on the Router 1 Select Setup gt Dynamic DNS from the left navigation pane of the Web interface This displays the Set Up Dynamic DNS page SpeedStream OPTUS ner gt
28. dmin User only Time Cilest all t Static Routes Firewall UPaP RIP I Add Entry Server Ports Dynamic DNS 7 Select one of the following content filtering options Disable all Content Filtering User has access to all Internet content without restrictions Allow access only to website addresses containing the following words User has access only to the specified Web addresses or to addresses containing specified word entries defined in the Website word name table Deny all access to website addresses containing the following words User is denied access to all Web addresses specified as well as addresses that contain any words specified in the Website word name table 8 If either the Allow access only or Deny all access option is selected type a word or Web address in the box under the Website word name table and click Add Entry The system responds by adding the word or Web address to the Website word name table This can be done multiple times to add different entries to the table Note The entries in the Website word name table may be either modified or deleted at any time by clicking either Edit or Delete next to the corresponding word or Web address SIEMENS 14 OPTUSnet 4200 Router Chapter 3 Configuring User Profiles User s Guide Add User Profiles 9 Click Next This displays the Profile Configuration Access page Profile configuration access defines the access permission for a user controll
29. e SpeedStream OPTUSHer gt Modo a Remote Access Firewall IP Filter Configuration Wizard User Profiles Protocol Definition WAM Imerface Time Cliom Static Routes Firewall Level Smoore UPnP mue Server Ports Dynamic DNS Do one of the following e Select one of the following protocol options from the Select by Name drop down menu This defines the types of packets filtered Any Protocol TCP Transmission Control Protocol Provides reliable sequenced and unduplicated delivery of bytes to remote or local users Click Next to display the TCP UDP Options Page UDP User Datagram Protocol Provides for the exchange of datagrams without acknowledgement or guaranteed delivery Click Next to display the TCP UDP Options Page SIEMENS 40 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall ICMP Internet Control Message Protocol A mechanism that provides for peer communication The most commonly used application for this protocol is the PING command Click Next to display the TCMP Options Page GRE Generic Routing Encapsulation A tunneling protocol that is used primarily for VPN Virtual Private Networks e Type a protocol number in the Select by Number field 15 Click Next This displays the Finish page 16 Click Finish SIEMENS 41 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall TCP UDP Options Page
30. e IP header to zero the fragment offset field This will be treated as a complete packet when received and cause your system to halt SIEMENS 47 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall Firewall Security Levels The following table shows the security of each mode of the firewall for specific applications and protocols Note All applications and protocols are conditionally allowed IN if the outbound session was initiated locally and allowed OUT Security Application High Medium Low NAPT Off ESA Protocol Compliant In Out In Out in Out In Out In Out Abuse Net Age of Empires AOL y AOL IM Asherons Call Baldur s Gate II BattleNet 2lezlie Buddy Telephone Bungie Net Calista IP Telephone Lee el e e e Counterstrike CUSeeMe Delta Force Descent II II Diablo Diablo 2 Dialpad DirectPlay DNS y Doom Dune 2000 EverQuest FTP GNUtella H 323 Half Life y Heretic II y 2L e e e e e e e e e e L e e e e je je jeje j2 2 e je je jejejejeje e je je jejejeje 2 E E E Ea SIEMENS 48 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall Hexen II HTTP y HTTPS y ICMP y ICQ 2000 ICU II IGMP y IPSec multi session NI L e je 2 a IPSec single session IRC Kali L2TP MechWarrio
31. ed you can modify the existing rules SIEMENS 38 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall Create Custom IP Filter Rules SpeedStream OPTUSmer gt Remote Access E User Profiles Firewall IP Filter Configuration Wizard WAN imurtace Basic Rule Definition UPoP Wie slates davon e Ram rtd Pree Soong 9 avon a by RIP eto o Mas pro Asda Server Porta Dynamic DNS Status and 3 Statistics Nas gt 2 Lanca To add a new rule 1 Type up to a five digit numeric value in the Rule No box to uniguely identify the rule 2 Select either Permit or Deny from the Access drop down menu Select Permit to allow the rule and Deny to prohibit the rule Select either Inbound or Outbound from the Direction drop down menu Inbound refers to data coming into the Router while Outbound refers to data transmitted from the Router Optionally select the Disable stateful inspection for packets matching this rule to prevent the firewall from creating a stateful inspection session for packets matched on this rule Optionally select the Create a log entry for packets matching this rule When selected an entry is placed in the log file when packets match this rule Click Next This displays the Source Destination Definition page SpeedStream OPTUSner gt Mode a Remota Access Firewall IP Fitter Configuration Wizard User Profiles Source amp Destination Definit
32. er s specific requirements In this mode of operation the firewall provides an extensive amount of configurability As such only advanced users should employ this feature Rules can be filter based on any of the following e Source and destination router interfaces e IP protocols e Direction of traffic flow e Source and destination network host IP address e Protocol specific attributes such as ICMP message types e Source and destination port ranges for protocols that support them and support for port comparison operators such as less than greater than and equal to Rules can specifically allow or deny packets to flow through the router Default actions taken when no specific rule applies can also be configured To define inbound and outbound IP filter rules 1 Select Setup gt Firewall gt Filter Rules from the left navigation pane of the Web interface This displays the Firewall IP Filter Configuration Wizard page SpeedStream OPTUSner gt Remote Access ES User Profiles WAN Interface Host DHCP Admin User Time Client Static Routes Firewall Level Snoore DMZ Filter Rules 3 e ar AN Iiletace a _Ditabie Dente 2 Do one of the following To add new IP filter rules as you define them click Add New IP Filter Rule This displays the Basic Rule Definition page e To clone IP filter rules already defined click Clone IP Filter Level This displays the Clone Rule Definition page Once clon
33. ere is no password set for the admin login Click OK This displays the Home page once again 6 Click OK This displays the screen for the menu option you selected SIEMENS 11 OPTUSnet 4200 Router Chapter 2 Installation User s Guide Connecting to the Router 7 Refer to the following chapters for information on how to use each of these options Refer to the Chapter titled Installation for details on adding modifying or deleting user profiles Refer to Chapter titled Configuring ISP Connection Settings for details on setting ISP configuration parameters This should only be done when instructed by your ISP Refer to Chapter titled Configuring Network Settings for details on configuring network related information Refer to Chapter titled Configuring Security Features for details on adding security to your network Refer to Chapter titled Monitoring Router Health for details on viewing network statistics and connection status SIEMENS 12 Chapter 3 Configuring User Profiles This chapter contains details for configuring users on the SpeedStream Router User profiles are used as a means for controlling Router and network access by individual users Access to the configuration and management of the Router should be restricted to authorized users only This chapter describes how to Add User Profiles e Editing User Profiles e Deleting User Profiles Add User Profiles To add a new user profile
34. et statistics Unicast i ace Total Dropped Errors 12536 1 J R 9163 4 2 4 U Clear Stats USB Statistics View status and statistical information for LAN side USB connectivity Pay special attention to the status up or down KA E reported for each USB port to verify that each tatus hhmm s Byte cable is connected properly and detected by the UP 10 57 1 Router Select Status and Statistics gt USB from the left PDU Counter navigation pane of the Web interface to view ctets Frames Non n USP statistics Unicast SIEMENS 54 OPTUSnet 4200 Router Chapter 7 Monitoring Router Health User s Guide Status and Statistics Routes View all IP routes currently known by the Router Both static and dynamic routes are shown along with their respective netmask Router and the corresponding interface Select Status and Statistics gt Routes from the left navigation pane of the Web interface to view the current routing table which contains the data pertaining to all currently known static and dynamic IP routes SpeedStream OPTUSner gt BROADBAND Flag SIEMENS 55 OPTUSnet 4200 Router Chapter 7 Monitoring Router Health User s Guide Diagnostics Diagnostics The Router provides a considerable amount of diagnostic functionality for testing connectivity on both the Local Area Network LAN and the Wide Area Network WAN This includes LAN side connections within the home and WAN side connecti
35. fic received within the context of an outbound session initiated on the local host and permitted by this firewall mode e ICSA 3 0a compliant Clones ICSA 3 0a compliant filter rules which supports the ICSA Labs criteria for firewall behavior For more information visit the ICSA site at http www icsalabs com 3 Click Apply This displays the Firewall IP Filter Configuration Wizard page with the selected rule set showing in the Rule Definition table 4 Disable or delete any rule as desired SIEMENS 44 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall Log Firewall Logging displays attempts both failures and successes to access data through he firewall Firewall log entries are defined on the Firewall Settings Configuration screen found under the Security menu To view the firewall log select Setup gt Firewall gt Log from the left navigation pane of the Web interface This displays the Firewall Log page SpeedStream OPTUSnef gt BROADBAND Firewall Level Snooze DMZ Filter Rules Firewall Log No Events SIEMENS 45 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall ADS The firewall provides an advanced Attack Detection System ADS that may be used to detect and identify various types of attacks initiated on the Wide Area Network WAN The system has the capability to detect such attacks the moment they start and
36. gured under the ATM Adaptation Layer AAL Select Status and Statistics gt ATM AAL from the left navigation pane of the Web interface to view ATM AAL statistics This page displays ATM connection status uptime and transmit receive data VPI VCls and related data for each Seti UP UP DSL Statistics View status and statistical information for the Digital Subscriber Line DSL when the physical WAN side connection to the service provider is achieved through a DSL line Statistical 7 rere i mont Tx Reet information is accumulated over periodic intervals and may be displayed for up to a 24 _UP hour period DSL Statistics accumulated at 15 minute intervals Select Status and Statistics gt DSL from the left navigation pane of the Web interface to view DSL statistics This displays information about the DSL connection SIEMENS 53 OPTUSnet 4200 Router Chapter 7 Monitoring Router Health User s Guide Status and Statistics Ethernet Statistics View status and statistical information for LAN side Ethernet connectivity Ethernet Status Pay special attention to the status up or down s sec aG reported for each Ethernet port to verify that 4 UP 00015 10 EN EnF each cable is connected properly and detected by the Router Ethernet Statistics Select Status and Statistics gt Ethernet from the PDU Counters left navigation pane of the Web interface to view gt ter 7 Ethern
37. he capability to define a unique custom set of firewall rules To specify the firewall security level 1 Select Setup gt Firewall gt Level from the left navigation pane of the Web interface This displays the Firewall Level Configuration page SpeedStream OPTUSnef gt BROADBAND a A Time Client Static Routes Firewall Level Configuration Firewall Level Current Firewall level Custom Snooze DMZ Filter Rules Log ADS Agr Reset 2 Select one of the following from the Select Firewall Level drop down menu Off No restrictions are applied to either inbound or outbound traffic In addition Network Address Port Translation NAPT functionality is disabled Because there is no address port translation when the firewall is placed in this mode all LAN side connected hosts must be assigned a valid public IP address e Low Minimal restrictions with respect to outbound traffic Outbound traffic is allowed for all supported IP based applications and Application Level Gateways ALGs The only inbound traffic allowed is traffic received within the context of an outbound session initiated on the local host e High High restrictions with respect to outbound traffic Outbound traffic is allowed only for a very restricted set of supported IP based applications and ALGs The only inbound traffic allowed is traffic received within the context of an outbound session initiated on the local host and permitted by this fi
38. his manual covers SpeedStream model 4200 SpeedStream 4200 Ethernet and USB The SpeedStream 4200 can communicate through either an Ethernet or a USB connection Features of the SpeedStream Router The SpeedStream Router provides high speed Internet and corporate network access to homes networked home offices and small offices In addition if you are working from a branch office the Router provides a fast and effective means of communicating over a remote LAN with the main office The Router can also be used to connect the corporate LAN to the Internet over the WAN Network LAN Features Ethernet Switch Ethernet connectivity to the Internet or network through a network interface card NIC providing full 10 100 megabits per second Mbps bandwidth to the port USB Connection Universal Serial Bus USB connection providing added flexibility for connecting your computer via the Ethernet or USB port e Support of Glite and Full Rate DSL Ensures compatibility with most DSL networks SIEMENS 1 OPTUSnet 4200 Router Chapter 1 Introduction User s Guide Features of the SpeedStream Router Security Features Password protected Configuration Password protection prevents unauthorized users from modifying the Router s configuration settings Firewall Security Firewall security with four conveniently pre set standard levels of security Off Low Medium High an ICSA compliant mode and a custom setting for advanced use
39. ibutes of the Router the host DHCP Configure and control Dynamic Host Configuration Protocol DHCP and DNS functionality Static Routes Add and monitor static IP routes assigned by your ISP The routing functionality of the Router supports both Dynamic Routing and Static Routing Static routing pertains to those routes between network connected hosts that do not change over time WAN Interface Connectivity to the Wide Area Network WAN is achieved by means of one or more Virtual Circuits VC Virtual Circuits are configured using the WAN Interface Configuration Wizard The information requested by the Wizard should be supplied by the service provider SpeedStream OPTUSner gt MHROADMRARO AN Interface Configuration Wizard User Profiles WAN Interface Host DHCP Admin User Time Client Static Routes HATMAPT SIEMENS 19 OPTUSnet 4200 Router User s Guide Chapter 4 Configuring ISP Connection Settings Host Host Host configuration attributes identify the Router on the network and optionally specify a default gateway to the Wide Area Network WAN Default values for many host IP address netmask default router and host name are automatically generated for the SpeedStream Router and should not be changed unless directed by your ISP The ISP may ask you to change this information if for example you are assigned a static IP address To specify host configuration settings 1 Select Setup gt Host
40. ilure if N A N A N A N A red for more than 30 sec Blinking Flash write in N A N A N A N A Red progress Green SIEMENS 60 OPTUSnet 4200 Router Chapter 8 Troubleshooting User s Guide Resolving Specific Issues Resolving Specific Issues Power LED Not Lit If the power LED is not lit it is not connecting to the power source Verify that the power cord is firmly plugged into the back panel of the router and that the other end is plugged into an active AC wall or power strip outlet DSL LED Not Lit If the DSL LED is not lit it is not detecting a valid signal from the Central Office CO Verify that the DSL cable is plugged into the correct router port and the router power cord is plugged into the electrical outlet If the cables are secure you should contact your Service Provider Ethernet LED Not Lit This indicates that there is no Ethernet link detected If you are using the Ethernet connection method check the Ethernet cable connection from the computer to the router If you have used the wrong cable the LED on the Ethernet NIC card in your computer will not be lit either USB LED Not Lit This indicates that there is no USB link detected If you are using the USB installation method check the USB cable connection from the computer to the router Login Password Error If after being prompted for the login password you receive the error message Login Password is invalid e Retype the password and then click Save Setting
41. ing what functions and features are available to that user SpeedStream OPTUSner gt BROADRANMO O Her Profile Wizard Profile Configuration Access Remote Access User Profiles Configure Profile WAN Interface nar N Host VAN int aCe po DHCP f I rt Admin User Time Client Static Routes Firewall UPnP ur rewa RIP etup Server Ports OD agnost Dynamic DNS rofile terface Mat All Items Reset 10 Optionally do one of the following e Click one or more of the available features permitting the user to access that feature This places a checkmark in the corresponding box Click again if you want to remove the checkmark and deny access e Click All Items to select all features in the list e Click Reset to clear all selected items and deny the user access to those feature 11 Click Next This displays the Profile Security Access page SpeedStream OPTUSner gt BROADBAND O Hor Setup a i PPP Profile Wizard Mode Remote Access User Profites Profile Security Access WAN interface Host Configure Profile DHCP Giai carters incest Admin User Time Client Static Rowtes Firewall UPnP RIP Server Ports 12 Click one of the following e Require admin login to access configuration pages User must login as admin to change the Router configuration This is the recommended setting Do not require admin login User will be able to change the Router configuration without a password S
42. interface card or NIC installed If your computer does not have this adapter install it before proceeding further Refer to your Ethernet adapter documentation for complete installation instructions Once you verify installation of an Ethernet adapter perform the following procedure to connect the router to your computer 1 With the PC powered off connect the Ethernet cable to the Ethernet port on the router 2 Connect the other end of the Ethernet cable to the Ethernet port on the PC 3 Connect the DSL cable resembles a telephone cord to the DSL port on the rear of the router To reduce the risk of fire use the supplied telephone cable or an ACA approved cable to connect your DSL port on your router to a DSL telephone jack 4 Plug the other end of the DSL cable into the wall socket Ethernet 12VDC iT Ethernet port Power switch DSL connection Power supply Connect the power adapter to the rear of the router 5 6 Plug the power adapter into the electrical wall outlet 7 Flip the power switch on the router 8 Power on all connected computers You can now configure the TCP IP settings as detailed in the PC Configuration section SIEMENS 4 OPTUSnet 4200 Router Chapter 2 Installation User s Guide Hardware Installation USB Installation Method 1 With your PC powered off connect the USB cable to the USB port on the router 2 Connect the other end of the USB cable to an open USB port
43. ion WAN imertece Time Client Static Routes Firewall Hitter Rules Leg ADS UPnP REP Server Ports Dynamic DNS Status and Statistics Diagnostics Under the Source heading select a network connection from the Network Interface drop down menu SIEMENS 39 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall 10 11 12 13 14 Select one of the following options Any IP Address Select this option if this rule applies to any IP address from the source e This IP Address Select this option if a rule applies to a specific IP address from the source If you selected This IP Address enter an IP address in the IP Address field And do one of the following e Enter a netmask in the Netmask field e Or select or Host to use your Router netmask as the source netmask Under the Destination heading select a network connection from the Network Interface drop down menu Select one of the following options Any IP Address Select this option if this rule applies to any IP address of the destination e This IP Address Select this option if a rule applies to a specific IP address of the destination If you selected This IP Address enter an IP address in the IP Address field And do one of the following e Enter a netmask in the Netmask field e Or select or Host to use your Router netmask as the destination netmask Click Next This displays the Protocol Definition pag
44. ion User s Guide Internet Access Configuration Internet Access Configuration Windows users must configure their computers to use the Router for Internet access Ensure that the Router is installed correctly and the DSL line is functional Then follow the appropriate procedure below to configure your Web browser to access the Internet via the LAN rather than by a dial up connection For Windows 9x 2000 8 9 Poo NA Select Start gt Settings gt Control Panel to display the Control Panel Double click the Internet Options icon This displays the Internet Properties page Click the Connections tab Click Setup Click I want to set up my Internet connection manually or want to connect through a local area network LAN then click Next This displays the Internet Connection Wizard page Click connect through a local area network LAN then click Next This displays the Local Area Network Internet Configuration page Ensure all the boxes are deselected then click Next This displays the Set Up your Internet Mail Account page Click No then click Next This displays the Completing the Internet Connection Wizard page Click Finish to close the Internet Connection Wizard Setup is now complete 10 Configure the Router using the procedure described in Connecting to the Router For Windows XP 1 2 3 4 5 6 7 8 9 1 Select Start gt Control Panel Double click the Internet Options icon This displays the Inte
45. kbox if you wish this rule to prevent the blocking of synchronization packets for pre existing sessions Click Next Click Finish SIEMENS 42 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall ICMP Options Page The ICMP Options page is displayed if you select ICMP protocol from the Protocol Definition page SpoedStream OPTUSner gt ps ps irewall IP Filter Configuration Wizard Remote Access User Profiles ICMP Options WAN interface Mask Re Mask Re Time Client Static Routes Firewall Ali Types 1 Do one of the following e Select any of the ICMP options you wish to filter Select the All Types checkbox to filter all options 2 Click Next 3 Click Finish SIEMENS 43 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall Clone IP Filter Rules The Clone Rule Definitions page is displayed when you select Clone IP Filter Level from the Firewall IP Configuration Wizard page Using this option you can clone either high or low level rules and modify them according to your needs If you choose to clone IP filter rules the rules already defined in the Rule Definition table are discarded To clone IP filter rules 1 Click Clone IP Filter Level from the Firewall IP Filter Configuration Wizard page This displays the Clone Rule Definition page SpeedStream OPTUSner gt REDADHAMO Help Setup gt ag PPP Firewall IP Filter
46. lly for the router to operate according to the selected mode e Optus Bridge Select this option if you are connected to one device NAPT Hosts located on a Local Area Network LAN are often required to use private IP addresses as opposed to public IP addresses Private IP addresses however are not known on the public Wide Area Network WAN In order to expose LAN side hosts assigned private IP addresses to the public WAN the Router can be configured to use Network Address Port Translation NAPT NAPT can expose multiple LAN side hosts Full Bridge The router acts as a bridge Point to Point PPP connections are not available under the bridge mode of operation Important Switching to Full Bridge will lose access to the Web interface 3 Click Apply SIEMENS 25 OPTUSnet 4200 Router Chapter 5 Configuring Network Settings User s Guide UPnP Universal Plug and Play UPnP Universal Plug and Play Microsoft UPnP allows the Router to communicate directly with certain Windows operating systems to trade information about the special needs of certain applications such as messaging programs and interactive games as well as provide information about other devices on the network where applicable This communication between the operating system and Router greatly reduces the amount of manual configuration required to use new applications and devices Only certain versions of Windows XP and computer support the UPnP Universal Plug
47. n access any screen in the Web interface you must log in with your network user name and password Security level High SIEMENS 31 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Admin User e Require admin login to access configuration pages Before you can access any screen in the Web interface that allows you to make configuration changes you must log in with your network user name and password Security level Medium Do not require admin login After you log in for the first time you will not be reguired to log in again at any screen Security level Low 6 Click Save Settings SIEMENS 32 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Time Client Time Client An accurate log timestamp is one of the reguirements of the ICSA Labs firewall criteria ver 3 0a In order to maintain accurate timestamps in each log message the firewall implements a Simple Network Time Protocol SNTP client This allows the system to automatically synchronize its date and time with Coordinated Universal the international time standard The system date and time are set and corrected automatically via the designated server s To configure the time client 1 Select Setup gt Time Client from the left navigation pane of the Web interface This displays the Time Client Configuration page SpeedStream OPTUSner gt BROADBAND 1 Heip Mode A Remote Access User
48. ndows setting Close this page Restart your computer to ensure it obtains an IP address from the Router 8 Configure internet access using the procedure described in Internet Access Configuration SIEMENS 7 OPTUSnet 4200 Router Chapter 2 Installation User s Guide PC Configuration Checking TCP IP Settings Windows 2000 1 On the Windows taskbar click Start gt Settings gt Control Panel This displays the Control Panel page 2 Double click Network and Dial up Connections This displays the Network and Dial up Connections page 3 Right click Local Area Connection and select Properties This displays the Local Area Connections Properties page Local Area Connection Properties aura E Genera Connect using MD nel PRO 100 Alert on LAN Managecert Adapter Configure Componerts checked are used be thet connector Install Uninstall Properties De capbon Traremsnon Control Protocol rtemet Protocol The delat wide ana rete protocol thal provide communication across diverse intesconmected relvorks FF Show icon in taskbar when connected 4 Select the TCP IP protocol for your network card 5 Click Properties This displays the Internet Protocol TCP IP Properties page Internet Protocol TCP IP Properties Ur General pu can get IP soing arugned automeatcally d your netmoli supports tres capabi Otheowie you need to ark your nehod sdara ao for te appropiate IP settings btan an IP adder
49. ng a routing table In some cases network mappings cannot be learned because of incompatible addressing schemes Sometimes a different source and destination path may be desired over the learned paths for example when your ISP assigns you a static route In these situations Static Routes can be configured to map a desired pathway Use the static routes advanced option to configure static routes to remote eguipment Static routing allows a pre defined route to be set for the transmission of data Static routes take precedence over all dynamic routing options and also provide enhanced security over dynamic routing To configure a static route 1 Select Setup gt Static Routes from the left navigation pane of the Web interface This displays the Static Route Configuration page SpeedStream OPTUSnet gt BROADSBANO Time Client Static Rowtes Firewall 3 aS UPnP Selet Y RIP Server Ports Under Add Route type the IP address of the destination device in the Destination box Type the net mask of the destination device in the Net Mask box Optionally type the IP address where the data packets will be forwarded in the Next Hop box Ola E Oe MS Select a connection type from the Interface drop down menu This is the interface that will forward the packets 6 Click Apply The system responds by adding your new route to the routing table 7 You can repeat this procedure for each static route you wish to add Note
50. nnection of your choice e 1 Provides essential RIP packet formatting for routing information packets e 2 Provides enhanced packet formatting for routing information packets by providing the following IP address subnet mask next hop and metric shows how many routers the routing packet crossed to its destination e 1 amp 2 A combination of both types of RIP packets Select an Active Mode checkbox next to a corresponding connection to enable it Select a Multicast checkbox next to a corresponding connection to enable it Click Apply This displays the Your Settings Have Been Saved page Optionally click Reboot if you wish for the settings to immediately be implemented The system responds by restarting your Router SIEMENS 27 OPTUSnet 4200 Router Chapter 5 Configuring Network Settings User s Guide Server Ports Server Ports Common applications such as HTTP Web site traffic FTP and Telnet use pre defined incoming port numbers for compatibility with other services If you wish to change the ports used by these applications you may do so using this option This feature is recommended for use by advanced users only To configure the server port option 1 Select Setup gt Server Ports from the left navigation pane of the Web interface This displays the SpeedStream Gateway Server Ports page SpeedStream OPTUSner gt BROADIANO Snooze DMZ Fitter Rutes SpeedStream Gateway Server Ports Bri
51. ons to the carrier service provider and Internet WAN side testing may be performed for each of the WAN side connections currently configured This data is commonly reguested by technical support to assist in troubleshooting Note This option may not be available on your Router configuration To run diagnostics 1 Select Diagnostics from the left navigation pane of the Web interface This displays Diagnostics page SpeedStream OPTUSner gt HACADRAND O Het R r Nania Bie Diagnostics Timo Client Static Routes Firewall U f tesdng IT gt Level tests a tedt Hatestasy FAIL staty Fitter Rules Log ADS UPaP RIP Connections in the H Server Ports Dynamic DNS Connections at the Carrie internet Service Provide 2 Select the connection you want to test from the Connection to Test drop down menu Click Run Diagnostics The test results display under the Results column If one of the following failed contact OptusNet Connections at the Carrier Independent Service Provider e Internet Connectivity 4 If a test displays a FAIL status for any other reason then listed above click Run Diagnostics again to confirm the failure 5 Ifthe test still displays a FAIL status check all connections and passwords then click Run Diagnostics again 6 If the test still displays a FAIL status contact OptusNet for further assistance SIEMENS 56 OPTUSnet 4200 Router Chapter 7 Monitoring Router Health
52. r 4 lt lt ZLA Mplayer MS Netmeeting MSN Gaming Zone y MSN Messenger Myth y Napster Need for Speed y Net2telephone y Netshow Client NNTP NTP y PCAnywhere Ping y POP3 PPPoE PPTP multi session PPTP single session Quake Arena Quake II Quicktime 4 NI Rainbow Six Le je je e jeje jejeje je je je je je je jeje je je e je je jeje je je 2 je je je jeje je 2 ATATA ATEA AE AA AAA AA AA SAA E E E E a E E SIEMENS 49 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall Real Audio y Real Video y Red Alert II Rogue Spear RTSP y SIP SMTP Soldier of Fortune SSH Starcraft T 120 2 ieleileie L e j2 2 Telnet Tiberian Sun Traceroute NI Ultima Online L e e 2 2 Unreal Tournament VNC Warcraft Windows Media Player y y XDM a LL e e e e e e e e e e e e e e e e e e e e L e e e e e e e e e e e e e e e e ei e e e Yahoo Messenger SIEMENS 50 Chapter 7 Monitoring Router Health This chapter describes how to monitor the health of the Router The Router health options listed below are used to gauge the Router s health Status and Statistics View Internet home networking security
53. r when the computer boots up For all non server versions of Windows the TCP IP setting defaults to act as a DHCP client If using the default Router settings and the default Windows TCP IP settings you do not need to make any changes Although these are the default settings for the PC it is a good idea to verify that they have not been changed If TCP IP is not already installed on your computer refer to your system documentation or online help for instructions Once installed you should check the TCP IP protocol settings to make sure they are correct for use with the Router The instructions to check TCP IP protocol settings differ between operating system Check the settings using the instructions for your operating system e Checking TCP IP Settings Windows 9x ME e Checking TCP IP Settings Windows 2000 e Checking TCP IP Settings Windows XP SIEMENS 6 OPTUSnet 4200 Router Chapter 2 Installation User s Guide PC Configuration Checking TCP IP Settings Windows 9x ME 1 Select Start gt Control Panel gt Network This displays the Configuration tab on the Network page Irr ASB Fio ad pater thay for Merosot Networks Chert for Microsol Networks Saar 2 Select the TCP IP protocol for your network card 3 Click Properties This displays the TCP IP Properties page TCP IP Properties Click the IP Address tab Ensure that the Obtain an IP address automatically option is selected This is the default Wi
54. rewall mode Custom Allows advanced users to add modify and delete their own firewall rules If you select this option you must set customized rules for both inbound and outbound traffic using the IP Filtering option 3 Click Apply SIEMENS 35 OPTUSnet 4200 Router Chapter 6 Configuring Security Features User s Guide Firewall Snooze The snooze feature allows you to temporarily disable the firewall for a set amount of time so outside support personnel can access your Router or network or so you can run an application that conflicts with the firewall Note Important This function is recommended for use only when you require this special level of unrestricted access as it leaves your Router and network exposed to the Internet with no firewall protection To enable and configure snooze control 1 Select Setup gt Firewall gt Snooze from the left navigation pane of the Web interface This displays the Firewall Snooze Control page OPTUSrper gt SpeedStream BROADRAND Time Client Static Routes Firewall Level Filter Rules Log ADS UPnP UP Tar 2 Select one of the following Disable Snooze Disables all snooze control In this mode the firewall is not disabled Enable Snooze and set the Snooze time interval to Enables snooze for a specified time period Be sure to enter the number of minutes to define how long the firewall should be disabled e Reset the Snooze time interval to Reset the
55. rnet Options page Click the Connections tab Click Setup This starts the New Connection Wizard Click Next Select Connect to the Internet then click Next Select Setup my connection manually then click Next Select Connect using a broadband connection that is always on then click Next Click Finish 0 Configure the Router using the procedure described in Connecting to the Router SIEMENS 10 OPTUSnet 4200 Router Chapter 2 Installation User s Guide Connecting to the Router Connecting to the Router The SpeedStream Router contains an HTTP server that allows you to connect to the Router and configure it from your Web browser Microsoft Internet Explorer or Netscape Navigator versions 5 0 or later To establish a connection from your computer to the Router 1 After installing the Router start your computer If your computer is already running reboot it 2 Open your Internet Explorer or Netscape Navigator Web browser 3 Inthe Address bar enter the default router IP address http speedstream and press Enter This displays the Home page SpeedStream OPTUSner gt System Type Config Part Firmware Part s MAC Address Point to Point Connection Su I 4 Click Login on the left navigation pane to log into the router This displays the Login page SpeedStream PTUSzer gt SRO ASH ANE Welcome to the SpeedStream Gateway Username o dm Password 5 By default the username is admin Th
56. rs NAT Protection Network Address Port Translation NAPT and a secure firewall to protect your data while your computer is connected to the Internet Attack Protection System Attacks can flood your Internet connection with invalid data packets and connection requests using so much bandwidth and so many resources that Internet access becomes unavailable The Router incorporates protection against these types of attacks as well as other common hacker attacks Stateful Inspection Firewall All incoming data packets are monitored and all incoming server requests are filtered thus protecting your network from malicious attacks from external sources Virtual Private Network Virtual Private Network allows remote users to establish a secure connection to a corporate network by setting pass through of the three most commonly used VPN protocols PPTP L2TP and IPSec Configuration amp Management Easy Setup Use your Web browser for quick and easy configuration UPnP Support Universal Plug and Play UPnP allows automatic discovery and configuration of the SpeedStream Router UPnP is supported by Windows Me XP or later operating systems Advanced Router Functions DMZ One computer on your local network can be configured to allow unrestricted two way communication with servers or individual users on the Internet This provides the ability to run programs that are incompatible with firewalls Port Forwarding Port Forwarding provide
57. s e f you forget your password you must reset the router Note The password is case sensitive Be sure that you have not accidentally activated the Caps key POST Failure red Power LED POST is the router s power on self test When you power on or reboot the router the Power LED goes to a solid red until one of two things occurs it either fails its initial POST tests or it comes fully up and is ready to run e f POST passes the router continues through the rest of its initialization and the Power LED changes to solid green e If the initial POST diagnostic tests fail the Power LED will remain red indicating a POST failure and will lock the router You will need to contact Efficient Networks Technical Support to resolve this issue SIEMENS 61 OPTUSnet 4200 Router Chapter 8 Troubleshooting User s Guide Contacting Technical Support Contacting Technical Support If you still cannot resolve the issue after following the recommended troubleshooting procedures contact Siemens Australia Technical Support during the hours of 8 00 to 5 00 PM EST EDST Telephone 03 9721 2173 or 03 9721 2183 Email ic services asiemens com au Internet http www siemens com au modems To assist you with any technical queries for your Optusnet Internet connection please contact us on Optus Support on 1300 309 333 AEST between 8 00 am 9 00pm Monday to Friday 8 30am 7 00pm Saturday SIEMENS 62
58. s automates C Uze the tolowng adden Oban ONS server adders automaticaly Ung the lobo ONS server ecthesee 6 Select the Obtain an IP address automatically and Obtain DNS server address automatically options Exit back to the Control Panel 7 Restart your computer to ensure it obtains an IP address from the Router 8 Configure internet access using the procedure described in Internet Access Configuration SIEMENS 8 OPTUSnet 4200 Router Chapter 2 Installation User s Guide PC Configuration Checking TCP IP Settings Windows XP 1 On the Windows taskbar click Start gt Control Panel This displays the Control Panel page 2 3 4 5 Double click the Network Connection icon This displays the Network Connections page Right click Local Area Connection then click Properties This displays the Local Area Connection Properties page 4 Local Area Connection Properties Select the TCP IP protocol for your network card Click Properties This displays the Internet Protocol TCP IP Properties page Internet Protocol TCP IP Properties PX Ensure that Obtain an IP address automatically and Obtain DNS server address automatically are selected Exit back to the Control Panel Restart the computer to ensure it obtains an IP address from the Router Configure internet access using the procedure described in Internet Access Configuration SIEMENS 9 OPTUSnet 4200 Router Chapter 2 Installat
59. s flexibility by allowing you to change internal IP addresses without affecting outside access to your network Session Tracking Some protocols such as FTP require secondary network connections on ports other than the main control port These connections are usually made using port numbers in the dynamic range gt 1024 The firewall allows traffic on secondary sessions without manual configuration SIEMENS 2 OPTUSnet 4200 Router Chapter 1 Introduction User s Guide Minimum System Reguirements Minimum System Reguirements At a minimum your computer must be eguipped with the following to successfully install the Router Your Internet Service Provider ISP may have additional reguirements for use of their service DSL service and an Internet access account from an Internet Service Provider ISP Network cables for the device you intend to connect to the Router Use standard CAT5 Ethernet cables with RJ45 connectors TCP IP network protocol must be installed on all computers Ethernet connection method A network interface card NIC that supports Ethernet 10 100Base T full half duplex Operating system that supports TCP IP Microsoft Internet Explorer or Netscape Navigator versions 5 0 or later USB connection method if your router supports this method 32 MB RAM Pentium compatible 166 MHz processor or faster 12 MB available hard disk space One of the following operating systems Windows 98
60. s of the router are allowed Any requests that could potentially modify the router s behavior are blocked 4 Click Apply to accept the settings This displays the UPnP Finish page SIEMENS 26 OPTUSnet 4200 Router Chapter 5 Configuring Network Settings User s Guide RIP Routing Information Protocol RIP Routing Information Protocol By default the SpeedStream Router does not support routing protocols However support for the Routing Information Protocol RIP versions 1 2 or 1 and 2 can be activated This support may be configured for any WAN connection currently configured or for the LAN in general Using RIP the Router is able to determine the shortest distance between two points on the network based on the addresses of the originating devices RIP is based on distance algorithms to calculate the shortest path using information in the routing table The shortest path is based on the number of hops between two points To activate the RIP option 1 291 E ie Select Setup gt RIP from the left navigation pane of the Web interface This displays the RIP Configuration page SpeedStream WAN interface E Host DHCP Admin User Time Client RIP Version Active Static Routes Interface isabled 1 2 1 amp 2 Mod 5 Firewall Area Networt gt UPnP a gt RIP FEROE 33 s Server Ports Dynamic DNS ppt Select one of the following options from under the RIP Version heading next to the co
61. s received from connected LAN side hosts DHCP clients The DHCP server does not serve WAN side DHCP clients The DHCP operating mode defaults to Enable and the system auto generates the current IP address range IP netmask and default router Do not change these default settings unless directed by your ISP Disable Disables DHCP If you are using a static IP address you may need to disable DHCP and enter different addresses in the text boxes DHCP Relay Instead of getting an IP address from the Router the IP address is gotten from the computer as defined in Relay IP Used when DHCP information is received from a DHCP server on the WAN side DHCP requests are forwarded to the WAN side to Relay IP and DHCP responses are forwarded back to the LAN side 3 In Client IP Address enter the beginning IP address of the range of addresses from which the DHCP server will lease to requesting DHCP clients SIEMENS 21 OPTUSnet 4200 Router Chapter 4 Configuring ISP Connection Settings User s Guide DHCP 4 In IP Netmask enter the IP subnet mask that corresponds to the range of IP addresses defined above In Default Gateway do one of the following e Enter the IP address of a default gateway or router to be provided to DHCP clients e Click Self to specify that the SpeedStream Router is to be used as the default gateway 6 In DNS Server primary do one of the following e Enter IP address of the primary Domain Name System DNS
62. should attempt to resolve the issue by following these steps 1 Check the LEDs on the front panel to diagnose the possible problem 2 Check specific issues addressed in this chapter and follow the instructions for resolving the problem 3 Reboot the router Any settings you have configured will be saved 4 Reset the router only as a last resort You will lose any settings you have configured SIEMENS 59 OPTUSnet 4200 Router User s Guide Chapter 8 Troubleshooting Interpreting the LED Display Interpreting the LED Display The LED indicators on the front of the router give you a visual clue to the router activity When the router is configured and working correctly all LED indicator lights briefly turn a solid green The following table shows the possible states indicated by the LEDs If the LEDs indicate a problem refer to Resolving Specific Issues later in this chapter Off Power not Power not Power not Power not Power not applied applied applied applied applied Ethernet link DSL signal not No USB No PPP not connected detected connection connection Green Normal system Ethernet link DSL line is USB connected PPPOE session operation connected trained and ready established for traffic Blinking N A Ethernet traffic DSL is training USB user traffic Establishing Green flowing in either flowing in either PPPoE session direction direction Red Self test fa
63. to protect the Local Area Network LAN from such attacks If the Attack Detection System is enabled the SpeedStream Router provides protection against the most common hacker attacks that attempt to access your computer network from the Internet Intrusion attempts can also be logged to provide a record of attempts and their source when available To enable and configure the attack detection feature 1 Select Setup gt Firewall gt ADS from the left navigation pane of the Web interface This displays the Firewall Attack Detection System page SpeedStream OPTUSner gt Remote Access Enable Attack Detection System E User Profiles WAN Interface After enabling the Attack Detection System select events below to filter and or log Time Client Static Routes Firewall Level Snooze DMZ Filter Rules Log ADS UPnP KI RI a SI Y 1 XI Y a Y 3010 EaDa da E Apply 2 Select Enable Attack Detection 3 Select the Filter checkbox for each event in the list you want to filter or if you want to filter all events select the Filter All checkbox This provides maximum protection against malicious intrusion from outside your network 4 Select the Log checkbox for each event in the list you want to log or if you want to log all events select the Log All checkbox When logging is selected for a particular offending packet the ADS will write an entry to the firewall log once a minute for as long as the attack persists
Download Pdf Manuals
Related Search