Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Copyright2008,OptionAllinformationaboutOptionGlobeSurferIIImaychangewithout priornotice.Informationpublishedinthisreferencemanualisaccurateatthetimeof publication.Althoughallsecurityprecautionsweretakenduringthecreationofthis referencemanual,Optionisnotliabletowardpersonsororganisationsforlossesordamages causedeitherdirectlyorindirectlyduetoinstructionscontainedinthisreferencemanual.All brandsandregisteredbrandsarepropertyoftheirrespectiveowners.Servicesmaybe changed,added,ordeleted.ForthenewestfirmwareversionofyourGlobeSurferIII,visit www.option.com QuestionsandanswersregardingtheGlobeSurferIIIcanbefoundonourSupportwebsite: http://support.option.com/support/faq.php TechnicalquestionscanbepostedafterregisteringthroughouronlineSupportWebForm: http://support.option.com/support/newticket.php Forregisteringpleasegoto: http://support.option.com/support/register.php
August2008
TableofContents
1. 2. IntroductiontoGlobeSurferIII .................................................................................................................6 Setup .........................................................................................................................................................7 2.1. SettingupWANandLANconnections.......................................................................................................7 2.2. PCNetworkConguration .........................................................................................................................7 GlobeSurferIIIManagementConsole .....................................................................................................10 3.1. AccessingtheGlobeSurferIIIManagementConsole.............................................................................10 3.2. MenuSystem ...........................................................................................................................................10 3.3. ManagingTables ......................................................................................................................................11 Home .......................................................................................................................................................12 4.1. Overview ..................................................................................................................................................12 4.2. MapView .................................................................................................................................................12 4.3. GlobeSurferIIIInstallationWizard.........................................................................................................13 4.3.1. InstallationWizard:Language .............................................................................................................14 4.3.2. InstallationWizard:Telephony............................................................................................................14 4.3.3. InstallationWizard:UMTS...................................................................................................................15 4.3.4. InstallationWizard:Wireless...............................................................................................................16 4.3.5. InstallationWizard:WirelessEncryption ............................................................................................17 4.3.6. InstallationWizard:FirewallPolicy......................................................................................................18 4.3.7. InstallationWizard:Finish ...................................................................................................................20 QuickSetup..............................................................................................................................................21 InternetConnection .................................................................................................................................23 6.1. General.....................................................................................................................................................23 6.2. Settings ....................................................................................................................................................24 6.3. Routing.....................................................................................................................................................25 6.4. Advanced .................................................................................................................................................26 LocalNetwork..........................................................................................................................................27 7.1. Overview ..................................................................................................................................................27 7.2. Device.......................................................................................................................................................28 7.3. Wireless ...................................................................................................................................................28 7.3.1. Overview..............................................................................................................................................29 7.3.2. Settings ................................................................................................................................................30 7.3.3. Advanced .............................................................................................................................................31 7.4. SharedStorage/DiskManagement..........................................................................................................33 7.4.1. RAIDProperties ...................................................................................................................................34 7.5. SharedPrinters/PrintServer....................................................................................................................35 Services....................................................................................................................................................36 8.1. Overview ..................................................................................................................................................36 8.2. Firewall.....................................................................................................................................................36 8.2.1. Overview..............................................................................................................................................38 8.2.2. AccessControl .....................................................................................................................................40 8.2.3. PortForwarding...................................................................................................................................49 8.2.4. DMZHost.............................................................................................................................................52 8.2.5. PortTriggering .....................................................................................................................................54 8.2.6. WebsiteRestrictions............................................................................................................................57
3.
4.
5. 6.
7.
8.
GlobeSurferIIIPage3of180
TECHNICALREFERENCEMANUAL
8.2.7. NAT ......................................................................................................................................................60 8.2.8. Connections .........................................................................................................................................64 8.2.9. AdvancedFiltering...............................................................................................................................65 8.2.10. Log .......................................................................................................................................................71 8.3. VPN/InternetProtocolSecurity(IPSec) ...................................................................................................76 8.3.1. InternetProtocolSecurity(IPSec)Settings..........................................................................................77 8.3.2. IPSecLogSettings ................................................................................................................................77 9. System .....................................................................................................................................................79 9.1. Overview ..................................................................................................................................................79 9.2. SystemSettings........................................................................................................................................80 9.2.1. Overview/SystemSettings...................................................................................................................80 9.2.2. DateandTime .....................................................................................................................................83 9.3. Users ........................................................................................................................................................85 9.3.1. UserSettings........................................................................................................................................86 9.3.2. GroupSettings .....................................................................................................................................88 9.4. NetworkConnections ..............................................................................................................................88 9.4.1. ConnectionWizard ..............................................................................................................................90 9.4.2. LANBridge ...........................................................................................................................................93 9.4.3. LANEthernet .....................................................................................................................................101 9.4.4. LANWireless......................................................................................................................................103 9.4.5. WANCellular .....................................................................................................................................110 9.4.6. ConfiguringyourWirelessWindows XPclients ...............................................................................114 9.5. Monitor ..................................................................................................................................................117 9.5.1. NetworkConnection..........................................................................................................................117 9.5.2. CPU ....................................................................................................................................................118 9.5.3. SystemLog.........................................................................................................................................119 9.6. Routing...................................................................................................................................................120 9.6.1. General/Routing ................................................................................................................................120 9.6.2. BGPandOSPF ....................................................................................................................................123 9.6.3. PPPoERelay .......................................................................................................................................124 9.7. Management..........................................................................................................................................124 9.7.1. UniversalPlugandPlay .....................................................................................................................124 9.7.2. SimpleNetworkManagementProtocol(SNMP)...............................................................................125 9.7.3. RemoteAdministration .....................................................................................................................127 9.8. Maintenance ..........................................................................................................................................129 9.8.1. AboutGlobeSurferIII.......................................................................................................................129 9.8.2. ConfigurationFile ..............................................................................................................................130 9.8.3. Reboot ...............................................................................................................................................131 9.8.4. RestoreFactorySettings....................................................................................................................131 9.8.5. Firmwareupgrade .............................................................................................................................132 9.8.6. Diagnostics.........................................................................................................................................133 9.9. ObjectsandRules ..................................................................................................................................134 9.9.1. Protocols............................................................................................................................................134 9.9.2. NetworkObjects................................................................................................................................139 9.9.3. SchedulerRules .................................................................................................................................142 9.9.4. Certificates.........................................................................................................................................144 10. Shortcuts ...............................................................................................................................................154 11. Telephone..............................................................................................................................................156
GlobeSurferIIIPage4of180
TECHNICALREFERENCEMANUAL
11.1. Missedcalls ............................................................................................................................................156 11.2. Incomingcalls ........................................................................................................................................156 11.3. Outgoingcalls.........................................................................................................................................157 11.4. Telephonesettings.................................................................................................................................157 11.5. CallForwarding ......................................................................................................................................158 11.6. CallWaiting ............................................................................................................................................159 11.7. CallerID..................................................................................................................................................160 11.8. SIMsetup ...............................................................................................................................................160 11.8.1. SIMPINchange..................................................................................................................................161 11.8.2. SIMPINenable ..................................................................................................................................162 11.8.3. SIMPIN2change................................................................................................................................162 11.8.4. Unlockdevice ....................................................................................................................................163 12. SMS .......................................................................................................................................................163 12.1. SMSCreate.............................................................................................................................................164 12.2. Inbox ......................................................................................................................................................165 12.3. Outbox ...................................................................................................................................................166 12.4. Sent ........................................................................................................................................................166 12.5. Drafts .....................................................................................................................................................166 12.6. Templates ..............................................................................................................................................167 12.7. Archive ...................................................................................................................................................167 12.8. SIMcard .................................................................................................................................................167 12.9. Settings ..................................................................................................................................................168 ListofAcronyms ............................................................................................................................................169 Glossary ........................................................................................................................................................171
GlobeSurferIIIPage5of180
TECHNICALREFERENCEMANUAL
1. IntroductiontoGlobeSurferIII
Withinminutes,youcanconnecttoyourmobilenetworkanduseawirelessconnectiontotheInternet throughthemobilenetwork. GlobeSurferIIIiscompatiblewithGSMand3GmobilenetworksandsupportsGPRS,EDGE,UMTSand HSDPAtechnologies. Tip:Toachievethebestpossiblereception,checkthesignalstrengthonthedisplayoftheunit(the morebarsthebetterthereception).Youmayfindthatplacingtheunitnearawindowprovidesthe bestreception. Simplesetup GlobeSurferIIIprovidesyouwithaquickinstallationandsetupthatgetsyoueasilyandquickly connectedtotheInternet.YoucanuseanInternetbrowser(e.g.MicrosoftInternetExplorer6.0or Firefox1.5)andmostpersonalcomputers,includingWindows,MacintoshandLinux.TheQuick SetupWizardintroducesyoutothebasicsettingsthatneedtobeconfiguredforusewiththemobile network.Onceyouhaveconfigured,youcanreviewandenablecustomisedwirelesssecuritysettings. Instantprotection YourGlobeSurferIIIsupportsNetworkAddressTranslation(NAT).Thisnetworkservicehidesthe computersinyournetworksotheycannotbefoundordirectlyaccessedfromoutsideyournetwork.A firewallisalsoincludedwhich,bydefault,blocksincomingtrafficandallowsoutgoingtraffic. Additionalsecurity GlobeSurferIIIsupportsbothWiredEquivalentPrivacy(WEP)andWiFiProtectedAccess(WPAand WPA2)toprotectyournetworkdata.Securitylogskeepyouawareofpotentialsecurityrisksand intrusionattempts.Youcanviewlogsonlineorviaemail. Stayintouch YoucanuseGlobeSurferIIItosendandreceiveSMStextmessages.Thedisplayonthe frontoftheunitletsyouknowwhenanewSMSarrives. YoucanuseGlobeSurferIIItomakemobilephonecalls.Whenyougetaphonecallthe displayshowsthecallersnumberandindicatesmissedcalls. Importantnote Toprotectyournetworkfromunauthorisedaccess,andtomakeitmoredifficultforhackerstoanalyse yourdata,pleaseconfiguretheWLANsecuritysettingsandenableWEP,WPAorWPA2encryptionon yourGlobeSurferIII. AboutThisManual ThismanualdescribesconfigurationandoperationofGlobeSurferIII.Itisintendedasacomplement totheGlobeSurferIIIUserGuidetoprovidereferenceinformationfortheadvanceduserofthe GlobeSurferIII.ItisassumedthatthehardwareinstallationofGlobeSurferIIIhasbeendonewhen theReferenceManualisread.ThisversionofthemanualisvalidforGlobeSurferIII.
GlobeSurferIIIPage6of180
TECHNICALREFERENCEMANUAL
2. Setup
Connectingyourcomputerorhomenetworktothegatewayisasimpleprocedure,varyingslightly dependingonyouroperatingsystem.ThischapterwillhelpyoutoseamlesslyintegrateGlobeSurferIII withyourcomputerorhomenetwork.TheWindowsdefaultnetworksettingsdictatethatinmost casesthesetupproceduredescribedbelowwillbeunnecessary.Forexample,thedefaultDHCPsetting inWindows2000isclient,requiringnofurthermodication.However,itisadvisedtofollowthesetup proceduredescribedbelowtoverifythatallcommunicationparametersarevalidandthatthephysical cableconnectionsarecorrect.Thesetupprocedureconsistsofthreeconsecutivecongurationstages: SettingupWANandLANconnections(seesection2.1) PCNetworkConguration(seesection2.2) GlobeSurferIIIQuickSetup(seesection4.3)
2.1.
SettingupWANandLANconnections
WANConnection:settinguptheWANconnectionrequiresthataSIMcardisinsertedcorrectlyinto theSIMslotoftheGlobeSurferIII.SeetheUserGuideforinstructionsonhowtoinserttheSIM card.WiththeSIMcardinplaceyouconfiguretheWANconnectionthroughtheQuickSetupof GlobeSurferIII(seesection4.3).ThefirsttimeyoulogintoGlobeSurferIIIyouwillhavetoentera PINcode.ThePINcodeisreceivedfromyourISP,butnormallyprovidedseparatelyfromtheSIM cardforsecurityreasons. LANConnection:yourcomputercanconnecttothegatewayintwoways,eitherthroughEthernet orthroughtheuseofWireless.ThemostcommontypeofconnectionisEthernet,withmost platformsfeaturingfoursuchports.UseanEthernetcabletoconnectbetweenanEthernetporton yourgatewayandyourcomputersnetworkcard.PleaserefertotheaccompanyingInstallation Guidesforadditionalinformation.
2.2.
PCNetworkConguration
GlobeSurferIIIPage7of180
TECHNICALREFERENCEMANUAL
WindowsXP AccessNetworkConnectionsfromtheControlPanel. RightclicktheEthernetconnectionicon,andselectProperties. UndertheGeneraltab,selecttheInternetProtocol(TCP/IP)component,andpresstheProperties button. TheInternetProtocol(TCP/IP)propertieswindowwillbedisplayed. SelecttheObtainanIPaddressautomaticallyradiobutton. SelecttheObtainDNSserveraddressautomaticallyradiobutton. ClickOKtosavethesettings. Windows2000/98/Me AccessNetworkandDialingConnectionsfromtheControlPanel. RightclicktheEthernetconnectionicon,andselectPropertiestodisplaytheconnections properties. SelecttheInternetProtocol(TCP/IP)component,andpressthePropertiesbutton. TheInternetProtocol(TCP/IP)propertieswillbedisplayed. SelecttheObtainanIPaddressautomaticallyradiobutton. SelecttheObtainDNSserveraddressautomaticallyradiobutton. ClickOKtosavethesettings. WindowsNT AccessNetworkfromtheControlPanel. FromtheProtocoltab,selecttheInternetProtocol(TCP/IP)component,andpresstheProperties button. FromtheIPAddresstabselecttheObtainanIPaddressautomaticallyradiobutton. FromtheDNStab,verifythatnoDNSserverisdenedintheDNSServiceSearchOrderboxandno sufxisdenedintheDomainSufxSearchOrderbox.
GlobeSurferIIIPage8of180
TECHNICALREFERENCEMANUAL
GlobeSurferIIIPage9of180
TECHNICALREFERENCEMANUAL
3. GlobeSurferIIIManagementConsole
TheGlobeSurferIIImanagementconsoledescribedhereallowsyoutocontrolvariousGlobeSurferIII systemparameters,usingauserfriendlygraphicalinterface.Themanagementconsoleincludesa connectionstatusscreen,aquicksetupscreen,networkconfiguration,securityconfiguration, authenticationwithmultipleusersupport,connectionmonitoringandmore.
3.1.
AccessingtheGlobeSurferIIIManagementConsole
Toaccessthemanagementconsole: LaunchaWebbrowseronaPCintheLANorWLAN. TypetheIPaddressoftheGlobeSurferIIIoranameasprovidedbythesupplierintheaddressbar (InternetExplorer)orlocationbar(NetscapeNavigator).ThedefaultIPaddressis192.168.1.1,and defaultnameishttp://umtsgateway.mydomain. Enteryourusernameandpasswordtologontothewebbasedmanagementconsole. Yoursessionwillautomaticallytimeoutafterafewminutesofinactivity.Ifyoutrytooperatethe managementconsoleafterthesessionhasexpiredtheLoginscreenwillappearandyouwillhavetore enteryourusernameandpasswordbeforeproceeding.Thisfeaturehelpstopreventunauthorised usersfromaccessingthemanagementconsoleandchangingtheGlobeSurferIIIsettings.
3.2.
MenuSystem
TheGlobeSurferIIImanagementconsolescreenshavebeengroupedintoseveralsubjectareasand maybeaccessedbyclickingontheappropriateiconinthetopmenu.
Thesubjectareasare: Home:displaysanoverviewofthestatusoftheInternetConnection,LocalNetwork,Storage, PrintersandServices(seesection4) QuickSetup:quickaccesstobasicconfigurationsettings(seesection5) InternetConnection:configureinternetconnections(seesection6) LocalNetwork:configurelocalnetwork,storageandprintersettings(seesection7) Services:configureFirewall,PrintServer,PersonalDomainName,FileServerandIPSecsettings(see section8) System:configuresystemsettings(seesection9) Shortcuts:displaysiconstoenablequickandeasyaccesstoallareas(seesection10) Telephone:manageyourtelephonyoptions(seesection11) SMS:manageyourSMSmessages(seesection12)
GlobeSurferIIIPage10of180
TECHNICALREFERENCEMANUAL
3.3.
ManagingTables
GlobeSurferIIIPage11of180
TECHNICALREFERENCEMANUAL
4. Home
Fromthisscreenyoucanclickonthetabsatthetoplefthandsidetoroutetothefollowingscreens: OverviewstatusofInternetConnection/LocalNetwork/Storage/Printers/Services(seesection4.1) MapViewpictorialoverviewofallcomponentsconnectedtoGlobeSurferIII(seesection4.2) InstallationWizardguidesyouthroughthemainsettingsforyourGlobeSurferIII(seesection4.3) QuickSetuproutesdirectlytotheQuickSetupareatochangethemainsettings(seesection5)
4.1.
Overview
4.2.
MapView
GlobeSurferIIIPage12of180
TECHNICALREFERENCEMANUAL
4.3.
GlobeSurferIIIInstallationWizard
GlobeSurferIIIPage13of180
TECHNICALREFERENCEMANUAL
4.3.1. InstallationWizard:Language
SelectthelanguageandtimezoneyouwouldliketouseontheGlobeSurferIIIManagementConsole andDisplay.
4.3.2. InstallationWizard:Telephony
Selectthecountryforyourtelephonehandset.Thiswilladaptthetelephoneconnectorof GlobeSurferIIItoworkwithyourhandset.
GlobeSurferIIIPage14of180
TECHNICALREFERENCEMANUAL
4.3.3. InstallationWizard:UMTS
CheckorchangethefollowingsettingsontheInstallationscreentoconfiguretheUMTSconnection:
Accesspointname:entertheaccesspointnameasprovidedbyyourInternetServiceProvider(ISP),or acceptthenamealreadyset. UMTSconnectmethod: ConnectManually:connecttotheInternetbyclickingConnectontheConnectionStatuspagein themanagementconsoleorpresstheConnectbuttonontheGlobeSurferIIIunit. Automaticallyconnectupontraffic:GlobeSurferIIIwillautomaticallyconnectwhenyou attempttosenddataviatheInternet. Alwaysconnected:GlobeSurferIIIwillconnecttotheinternetwhenpossibleandwillremain connected. Incaseofinactivity,disconnectafter(minutes):thedefaultiszero(0),meaningUMTSwillstay connecteduntilmanuallydisconnected.Themaximumis1440minutes(24hrs).Note:Incomingtrafficis treatedasinactivity.
GlobeSurferIIIPage15of180
TECHNICALREFERENCEMANUAL
4.3.4. InstallationWizard:Wireless
GlobeSurferIIIPage16of180
TECHNICALREFERENCEMANUAL
4.3.5. InstallationWizard:WirelessEncryption
InordertoprohibitunauthorizedaccesstoyourGlobeSurferIII,makesuretoapplysufficientsecurity andencryptiononyourwirelessnetwork. IfWPA2issupportedbyyourwirelessclientsitisrecommendedtoapplyWPA2encryptiontoyour wirelessnetworkasitoffersthehighestlevelofsecurity. Dependingonyourchoiceofsecuritymethod,theWirelessEncryptionpagewillrefreshwithrelevant configurationchoices.UnlessNoEncryptionisselectedyouwillbeaskedtoenteranencryptionkeyin eitherHEXorASCIIformat.HEXformatrequiresahexadecimalkey(09,af)ofvariouslength dependingonyourselection.AnASCIIkeyconsistsofapassphraseofvariouslengththatwillbe translatedbytheGlobeSurferIIIIIintoaHEXkey.UsinganASCIIkeycouldbeeasiertoremember thanaHEXkey,butinsomecasestherearecompatibilityissuesbetweendifferentvendorsofwireless equipment.Hence,ifyouareexperiencingproblemswhenusingASCIIkey,trytouseHEXkeysinstead. Availablechoicesare: None/Noencryption:thisoptionisnotrecommendedexceptduringinstallationofyour network. WPA:WiFiProtectedAccessisa256bitencryptionmethodwithkeysthatchangeautomatically overtime. WPA2:amoresecureversionofWPAwithimplementationofthe802.11istandard. WPAandWPA2:allowsbothoptions 802.1XWEP:WirelessEquivalentPrivacyisa40bitor104bitencryptionmethodwithuser configurablefixedkeys.802.1XindicatesRADIUSsupport. WEP/Non802.1XWEP:like802.1XWEPbutwithoutRADIUSsupport. AuthenticationOnly:authenticationbyphysicalMACaddress.
GlobeSurferIIIPage17of180
TECHNICALREFERENCEMANUAL
GlobeSurferIIIPage18of180
TECHNICALREFERENCEMANUAL
GlobeSurferIIIPage19of180
TECHNICALREFERENCEMANUAL
4.3.7. InstallationWizard:Finish
GlobeSurferIIIPage20of180
TECHNICALREFERENCEMANUAL
5. QuickSetup
YoucanusetheQuickSetupscreentochangethemainsettingsneededtouseGlobeSurferIII: Webinterfaceanddisplay Language:selectthelanguageforGlobeSurferIII.Thecurrentlanguagesettingwillberestored ifyoudonotapplythesettings. Telephony CallerID:selectthecountryforthetelephonehandsetinterface,optionsavailableare: ETSIDTMF ETSIFSKringpulse ETSIFSKdualtone ETSIFSKLinereversal+dualtone ETSIFSKduringring Bellcore Australia UMTS Accesspointname:asprovidedbyyourmobileoperator UMTSconnectmethod:radiobuttonwiththefollowingchoices: ConnectManually:connecttotheInternetbyclickingConnectontheConnectionStatuspagein themanagementconsoleorpresstheConnectbuttononGlobeSurferIII Automaticallyconnectupontraffic:GlobeSurferIIIwillautomaticallyconnectwhenyou attempttosenddataviatheInternet Alwaysconnected:GlobeSurferIIIwillstayconnected
GlobeSurferIIIPage21of180
TECHNICALREFERENCEMANUAL
GlobeSurferIIIPage22of180
TECHNICALREFERENCEMANUAL
6. InternetConnection
TheWANCellularconnectionconnectsGlobeSurferIIItotheInternetandothernetworksthrough GSMorUMTSmobiletelecommunicationsstandards.TheWANCellularPropertiesscreendisplaysa summaryoftheconnection. Fromthisscreenyoucanclickonthetabsatthetoplefthandsidetoroutetothefollowingdetailed screens: Generalsummaryofwirelessconnection(seesection6.1) Settingsgeneralcommunicationsparameters(seesection6.2) Routingsetsstaticordynamicroutingoptions(seesection6.3) Advancedactivatefirewallfornetworkconnection(seesection6.4)
6.1.
General
GlobeSurferIIIPage23of180
TECHNICALREFERENCEMANUAL
6.2.
Settings
GlobeSurferIIIPage24of180
TECHNICALREFERENCEMANUAL
6.3.
Routing
Youcanconfigurethefollowingroutingsettings: RoutingMode:selectoneofthefollowingroutingmodes: Route:useroutemodeifyouwantyourGlobeSurferIIItofunctionasarouterbetween twonetworks. NAPT:NetworkAddressandPortTranslation(NAPT)referstonetworkaddresstranslation involvingthemappingofportnumbers,allowingmultiplemachinestoshareasingleIP address.UseNAPTifyourLANencompassesmultipledevices,atopologythatnecessitates porttranslationinadditiontoaddresstranslation. Devicemetric:thisisavalueusedbythegatewaytodeterminewhetheronerouteissuperiorto another,consideringparameterssuchasbandwidth,delay,andmore. DefaultRoute:selectthischeckboxtodefinethisdeviceasthedefaultroute. MulticastIGMPProxyDefault:IGMPproxyenablesthesystemtoissueIGMPhostmessageson behalfofhoststhatthesystemdiscoveredthroughstandardIGMPinterfaces.IGMPproxy enablestheroutingofmulticastpacketsaccordingtotheIGMPrequestsofLANdevicesasking tojoinmulticastgroups.Selectthecheckboxtoenablethisfeature. RoutingInformationProtocol(RIP):selectthischeckboxtoenabletheRoutingInformation Protocol(RIP).RIPdeterminesaroutebasedonthesmallesthopcountbetweensourceand destination. RoutingTable:allowsyoutoaddormodifyrouteswhenthisdeviceisactive.UsetheNewRoute buttontoaddarouteoreditexistingroutes. PresstheOKbuttontoapplychangesandgobacktothepreviousscreen.
GlobeSurferIIIPage25of180
TECHNICALREFERENCEMANUAL
PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
6.4.
Advanced
GlobeSurferIIIPage26of180
TECHNICALREFERENCEMANUAL
7. LocalNetwork
Thisareaprovidesanoverviewofandtheabilitytoconfigurelocalnetwork,storageandprinter settings. Fromthisscreenyoucanclickonthetabsatthetoplefthandsidetoroutetothefollowingdetailed screens: Overviewoverviewoflocalnetwork,storageandprinters(seesection7.1) Devicelistofalldevicesinlocalnetworkwithabilitytodrilldowntoseedetail(seesection7.2) Wirelessoverviewofwirelessnetworkwithabilitytodrilldowntoseedetail(seesection7.3) SharedStoragemanageyoursystemstoragearea,disksandRAIDdevices(seesection7.4) SharedPrintersshowsprintersattachedtothedeviceviatheUSBconnection(seesection7.5)
7.1.
Overview
Thefollowingdataisdisplayed: LocalNetwork:thenumberofcomputersconnectedisshown.Foreachcomputerthefollowing dataappears: Type Name IPaddress Status Blockstatus Storage:thenumberofexternalharddiskdrivesconnectedisshown Printers:thenumberofprintersconnectedisshown PresstheRefreshbuttontorefreshthescreen.
GlobeSurferIIIPage27of180
TECHNICALREFERENCEMANUAL
7.2.
Device
Thisscreendisplaysalistofallthedevicesinthelocalnetworkalongwiththeirstatus,andprovidesthe abilitytomodifyanddeleteeachentry.
Foreachdevicethefollowingdataisdisplayed: Name Numberofcomputersconnected Status ClickingonaLANBridgeentryroutesyoutotheLANBridgePropertiesscreenintheSystem/Network Connections/Generalpartofthesystem(seesection9.4.1) ClickingonaLANEthernetentryroutesyoutotheLANEthernetPropertiesscreeninthe System/NetworkConnections/Generalpartofthesystem(seesection9.4.1) ClickingonaLANWireless802.11gAccessPointentryroutesyoutotheLANWireless802.11gAccess PointPropertiesscreenintheSystem/NetworkConnections/Generalpartofthesystem(seesection 9.4.1)
7.3.
Wireless
GlobeSurferIIIPage28of180
TECHNICALREFERENCEMANUAL
7.3.1. Overview
Thisscreenprovidesanoverviewofthewirelessnetwork.
Thefollowingdataisdisplayed: EnableWireless:clicktocheckboxtoenablewirelessfunctionality WirelessNetwork(SSID):theSSIDisthenetworknamesharedamongallpointsinawireless network.Itmustbeidenticalforallpointsinthewirelessnetwork.Itiscasesensitiveandmust notexceed32characters(useanyofthecharactersonthekeyboard). 802.11Mode:selectthewirelesscommunicationstandardthatiscompatiblewithyourPCs wirelesscard.Optionsare: 802.11b/gMixed 802.11gOnly 802.11bOnly Security:choosetherequiredsecurityoptionfromthedropdownbox,optionsare: None WebAuthentication PasswordProtected(WPA) PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
GlobeSurferIIIPage29of180
TECHNICALREFERENCEMANUAL
7.3.2. Settings
Thisscreenenablesyoutoentermorewirelesssettings.
Thefollowingdataisdisplayed: SSIDBroadcast:clickonthischeckboxtoenabletheSSID'sbroadcast.SSIDbroadcastisusedin ordertohidethenameoftheAP(SSID)fromclientsthatshouldnotbeawareofitsexistence. Channel:choosetheappropriatechannelfromthedropdownlistprovidedtocorrespondwith yournetworksettings.Alldevicesinyourwirelessnetworkmustbebroadcastondifferent channelsinordertofunctioncorrectly. Security:choosetheappropriatesecurityoptionfromthedropdownlist None WPA WPA2 WPAandWPA2 802.1XWEP Non802.1XWEP AuthenticationOnly CleanMacList:clickthisbuttontocleantheMaclist PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
GlobeSurferIIIPage30of180
TECHNICALREFERENCEMANUAL
7.3.3. Advanced
7.3.3.1.
General
7.3.3.2.
Settings
GlobeSurferIIIPage31of180
TECHNICALREFERENCEMANUAL
7.3.3.3.
Wireless
7.3.3.4.
Advanced
GlobeSurferIIIPage32of180
TECHNICALREFERENCEMANUAL
7.4.
SharedStorage/DiskManagement
Thisscreenenablesyoutomanageyoursystemstoragearea,disksandRAIDdevices.
Thefollowingdataisdisplayed: Enabled:clickthischeckboxtoenablediskmanagement Status:thisshowsthestatusofdiskmanagementandhowmanydisksareconnected SystemStorageArea Status:showsthestatusofthesystemstorageareaandwhetheritisconnected AutomaticallyCreateSystemStorageArea:clickthischeckboxtoautomaticallycreatea systemstoragearea Disks:foreachdiskthefollowingdataappears: Device Description Type Size Partitions RAIDDevices:foreachRAIDdevicethefollowingdataappears: Device Name Type Status TotalSpace FreeSpace RAID Action AddRAIDDevice:clicktoaddanewdeviceandgototheRAIDPropertiesscreen(seesection7.4.1)
GlobeSurferIIIPage33of180
TECHNICALREFERENCEMANUAL
ThisscreenenablesyoutoaddaRAIDdevice.
GlobeSurferIIIPage34of180
TECHNICALREFERENCEMANUAL
7.5.
SharedPrinters/PrintServer
GlobeSurferIIIincludesaprintserverthatallowsprintersattachedtothedeviceviatheUSB connectiontobesharedbyallcomputersontheLAN.
Onthisscreenyoucanseeinformationaboutyourprinter,aswellasviewalistofprintjobs(when printsareinthequeue). Thefollowingcheckboxescanbemodified: Enabled SpooltoDisk AllowGuestAccess LPDSupport IPPSupport MicrosoftSharedPrintingSupport Foreachprintjob,thefollowingdataisdisplayed: Printer Status JobsinQueue JobsPrinted Action Storage:thenumberofexternalharddiskdrivesconnectedisshown Printers:thenumberofprintersconnectedisshown PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen. PresstheRefreshbuttontorefreshthescreen.
GlobeSurferIIIPage35of180
TECHNICALREFERENCEMANUAL
8. Services
8.1. Overview
8.2.
Firewall
The GlobeSurfer III includes comprehensive and robust security services: Stateful Packet Inspection Firewall, user authentication protocols and password protection mechanisms. These featurestogetherallowuserstoconnecttheircomputerstotheInternetandsimultaneouslytobe protectedfromthesecuritythreatsoftheInternet. Thefirewall,thecornerstoneoftheGlobeSurferIIIssecurityservices,hasbeenexclusivelytailored to the needs of the residential/office user and has been preconfigured to provide optimum security. TheGlobeSurferIIIsfirewallprovidesboththesecurityandflexibilitythathomeandofficeusers seek.Itprovidesamanaged,professionallevelofnetworksecuritywhileenablingthesafeuseof interactiveapplications,suchasInternetgamingandvideoconferencing. TheGlobeSurferIIIsfirewallsupportsadvancedfiltering,designedtoallowcomprehensivecontrol overthefirewallsbehaviour.You candefinespecificinputandoutputrules,controltheorderof logically similar sets of rules and make a distinction between rules that apply to WAN and LAN
GlobeSurferIIIPage36of180
TECHNICALREFERENCEMANUAL
networkdevices. TheOverviewscreenallowsyoutochoosethesecuritylevelforthefirewall(seesection1.1.1). TheAccessControlscreencanbeusedtorestrictaccessfromthelocalnetworktotheInternet (seesection8.2.2). ThePortForwardingscreencanbeusedtoenableaccessfromtheInternettospecifiedservices providedbycomputersinthelocalnetworkandspecialInternetapplications(seesection8.2.3). The DMZ Host screenallows you to configure a LAN host to receive all traffic arriving at your GlobeSurferIII,whichdoesnotbelongtoaknownsession(seesection8.2.4). ThePortTriggeringscreenallowsyoutodefineporttriggeringentries,todynamicallyopenthe firewallforsomeprotocolsorports(seesection1.1.1). TheWebsiteRestrictionsscreenallowsyoutoblockLANaccesstoacertainhostorWebsiteon theInternet(seesection8.2.6). The NAT (Network Address Translation) screen allows you to hide the computers in your networksotheycannotbefoundordirectlyaccessedfromoutsideyournetwork(seesection 8.2.7). TheConnectionsscreenallowsyoutoviewalltheactiveconnectionsonthesystem(seesection 1.1.1). TheAdvancedFilteringscreenallowsyoutoimplicitlycontrolthefirewallsettingandrules(see section1.1.1). TheLogscreenallowsyoutoviewandconfigurethefirewallLog(seesection1.1.1)
GlobeSurferIIIPage37of180
TECHNICALREFERENCEMANUAL
8.2.1. Overview
UsetheOverviewscreentoconfigurethegatewaysbasicsecuritysettings. ThefirewallregulatestheflowofdatabetweenthehomenetworkandtheInternet.Both incomingandoutgoingdataareinspectedandtheneitheraccepted(allowedtopassthrough GlobeSurferIII)orrejected(barredfrompassingthroughGlobeSurferIII)accordingtoa flexibleandconfigurablesetofrules.Theserulesaredesignedtopreventunwantedintrusions fromtheoutside,whileallowinghomeusersaccesstotheInternetservicesthattheyrequire. ThefirewallrulesspecifywhattypesofservicesavailableontheInternetmaybeaccessedfrom thehomenetworkandwhattypesofservicesavailableinthehomenetworkmaybeaccessed fromtheInternet.Eachrequestforaservicethatthefirewallreceives,whetheroriginatingin theInternetorfromacomputerinthehomenetwork,ischeckedagainstthesetoffirewall rulestodeterminewhethertherequestshouldbeallowedtopassthroughthefirewall.Ifthe requestispermittedtopass,thenallsubsequentdataassociatedwiththisrequest(asession) willalsobeallowedtopass,regardlessofitsdirection. Forexample,whenyoupointyourWebbrowsertoaWebpageontheInternet,arequestis sentouttotheInternetforthispage.WhentherequestreachesGlobeSurferIIIthefirewall willidentifytherequesttypeandorigin,HTTPandaspecificPCinyourhomenetwork,inthis case.Unlessyouhaveconfiguredaccesscontroltoblockrequestsofthistypefromthis computer,thefirewallwillallowthisrequesttopassoutontotheInternet(seesection8.2.2for moreonsettingaccesscontrols).WhentheWebpageisreturnedfromtheWebserverthe firewallwillassociateitwiththissessionandallowittopass,regardlessofwhetherHTTPaccess fromtheInternettothehomenetworkisblockedorpermitted. Theimportantthingtonotehereisthatitistheoriginoftherequest,notsubsequentresponses
GlobeSurferIIIPage38of180
TECHNICALREFERENCEMANUAL
tothisrequest,thatdetermineswhetherasessioncanbeestablishedornot. YoumaychoosefromamongthreepredefinedsecuritylevelsforGlobeSurferIII:Minimum, TypicalandMaximum.ThetablebelowsummarizesthebehaviourofGlobeSurferIIIforeach ofthethreesecuritylevels. Securitylevel RequestsOriginatinginthe RequestsOriginatinginthe WAN(IncomingTraffic) LAN(OutgoingTraffic) MaximumSecurity Blocked:Noaccesstohome Limited:Bydefault,only networkfromInternet, commonlyusedservices, exceptasconfiguredinthe suchasWebbrowsingande PortForwarding,DMZhost mail,arepermitted* andRemoteAccessscreens TypicalSecurity Blocked:Noaccesstohome Blocked:Noaccesstohome networkfromInternet, networkfromInternet, exceptasconfiguredinthe exceptasconfiguredinthe PortForwarding,DMZhost PortForwarding,DMZhost andRemoteAccessscreens andRemoteAccessscreens MinimumSecurity Unrestricted:Permitsfull Blocked:Noaccesstohome accessfromInternetto networkfromInternet, homenetwork;all exceptasconfiguredinthe connectionattempts PortForwarding,DMZhost permitted. andRemoteAccessscreens *TheseservicesincludeTelnet,FTP,HTTP,HTTPS,DNS,IMAP,POP3andSMTP.Thelistof allowedservicesat'MaximumSecurity'modecanbeeditedintheAccessControlpage. Attention:Someapplications(suchassomeInternetmessengersandPeerToPeerclient applications)tendtousetheseports,iftheycannotconnectwiththeirowndefaultports.When applyingthisbehaviour,theseapplicationswillnotbeblockedoutbound,evenatMaximum SecurityLevel. Choosefromtheamongthethreepredefinedsecuritylevelsdescribedinthetableabove: MaximumSecurity:ifthisoptionischosen,remoteadministrationsettingswilloverride thesecurityinboundpolicyandoutboundaccessisallowedtothefollowingservices: DHCP,DNS,IMAP,POP3,HTTPS,FTPandTelnet. TypicalSecurity:thisisthedefaultoptionwhereremoteadministrationsettingswill overridethesecurityinboundpolicy. Minimumsecurity:thisoptionisnotrecommendedasitmayexposethehomenetwork tosignificantsecurityrisks,andthusshouldonlybeused,whennecessary,forshort periodsoftime. BlockIPFragments:clickthischeckboxinordertoprotectyourhomenetworkfroma commontypeofhackerattackthatcouldmakeuseoffragmenteddatapacketsto sabotageyourhomenetwork.(NotethatVPNoverIPSecandsomeUDPbasedservices
GlobeSurferIIIPage39of180
TECHNICALREFERENCEMANUAL
You may want to block specific computers within the home network (or even the whole network)fromaccessingcertainservicesontheInternet.Forexample,youmaywanttoprohibit one computer from surfing the Web, another computer from transferring files using FTP, and thewholenetworkfromreceivingincomingemail. Access Control defines restrictions on the types of requests that may pass from the home networkouttotheInternet,andthusmayblocktrafficflowinginbothdirections.Itcanalsobe usedforallowingspecificserviceswhenmaximumsecurityisconfigured.Intheemailexample given above, you may prevent computers in the home network from receiving email by blockingtheiroutgoingrequeststoPOP3serversontheInternet. There are numerous services you should consider blocking, such as popular game and file sharing servers. For example, if you want to make sure that your employees do not put your businessatriskfromillegallytradedcopyrightfiles,youmaywanttoblockseveralpopularP2P andfilesharingapplications. ThisscreenoffersthefacilitytoblockaccesstoInternetservicesfromwithintheLAN.Entries canbeadded,editedordeleted. Thefollowingfieldsaredisplayed: LocalHost:identifier LocalAddress:computertoapplytheaccesscontrolruleto Protocols:typeofprotocol
GlobeSurferIIIPage40of180
TECHNICALREFERENCEMANUAL
8.2.2.1.
AddAccessControlRule
Thisscreenallowstheentryofnewaccesscontrolrules.Thefollowingfieldsshouldbe entered: Address:specifythecomputerorgroupofcomputerstoapplytheaccesscontrolrule to:optionsavailableare: o Any o UserDefinedthisroutestotheEditNetworkObjectscreen(seesection 8.2.2.3) o SpecificcomputeraddressinyourLAN Protocol:typeofprotocolthatwillbeused:choosefromthedropdownlist: o Any o UserDefinedthisroutestotheEditServicescreen(seesection8.2.2.5) o ShowBasicServicesifthisoptionischosenareducedlistofoptionsis displayedincluding: FTPFileTransfer HTTPWebServer HTTPSSecuredWebServer
GlobeSurferIIIPage41of180
TECHNICALREFERENCEMANUAL
IMAPMessagingServer L2TPLayer2TunelingProtocol PingICMPEchoRequest POP3IncomingMail SMTPOutgoingMail SNMPSimpleNetworkManagementProtocol TelnetRemoteConnection TFTPTrivialFileTransferProtocol TracerouteRouteTrackingUtility o ShowAllServicesamorecomprehensivelistofservicesisdisplayed ReplyanHTMLPagetotheBlockedClient:clickthischeckboxtosendanHTMLpage totheclientwhenaccessisblockedthisischeckedbydefault Schedule:definethetimeperiodduringwhichthisrulewilltakeeffect: o Alwaysaccessisalwayscontrolled o UserdefinedthisroutestotheEditSchedulerRulescreen(seesection 8.2.2.7)
PresstheOKbuttontoapplychangesandgobacktotheAccessControlscreen. PresstheCancelbuttontorejectchangesandgobacktotheAccessControlscreen.
8.2.2.2.
EditAccessControlRule
GlobeSurferIIIPage42of180
TECHNICALREFERENCEMANUAL
o Any o UserDefinedthisroutestotheEditServicescreen(seesection8.2.2.5) o ShowBasicServicesifthisoptionischosenareducedlistofoptionsis displayedincluding: FTPFileTransfer HTTPWebServer HTTPSSecuredWebServer IMAPMessagingServer L2TPLayer2TunelingProtocol PingICMPEchoRequest POP3IncomingMail SMTPOutgoingMail SNMPSimpleNetworkManagementProtocol TelnetRemoteConnection TFTPTrivialFileTransferProtocol TracerouteRouteTrackingUtility o ShowAllServicesamorecomprehensivelistofservicesisdisplayed ReplyanHTMLPagetotheBlockedClient:clickthischeckboxtosendanHTMLpage totheclientwhenaccessisblockedthisischeckedbydefault Schedule:definethetimeperiodduringwhichthisrulewilltakeeffect: o Alwaysaccessisalwayscontrolled o UserdefinedthisroutestotheEditSchedulerRulescreen(seesection 8.2.2.7)
PresstheOKbuttontoapplychangesandgobacktotheAccessControlscreen. PresstheCancelbuttontorejectchangesandgobacktotheAccessControlscreen.
8.2.2.3.
EditNetworkObject
Thisscreenallowstheeditingofnetworkobjects.Thefollowingfieldsshouldbeentered: Description:typethedescriptionoftheobject
GlobeSurferIIIPage43of180
TECHNICALREFERENCEMANUAL
8.2.2.4.
EditItem
Thisscreenallowstheeditingofnetworkobjecttypes.Thefollowingfieldsshouldbe entered: NetworkObjectType:choosefromthedropdownlist: o IPAddress,thenenter IPaddress o IPSubnet,thenenter SubnetIPAddress SubnetMask o IPRange,thenenter FromIPAddress ToIPAddress o MACAddress,thenenter MACAddress MACMask o HostName,thenenter HostName o DHCPOption,thenchoosefromthedropdownlist: 60:VendorClassID 61:ClientID 77:UserClassID thenentertheappropriateID PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
GlobeSurferIIIPage44of180
TECHNICALREFERENCEMANUAL
8.2.2.5.
EditService
8.2.2.6.
EditServiceServerPorts
GlobeSurferIIIPage45of180
TECHNICALREFERENCEMANUAL
o o o o
Single,thenenterportnumber Range,thenenterrangevalues DestinationPorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues UDP,thenenter SourcePorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues DestinationPorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues ICMP,thenenter ICMPMessagebychoosingfromthedropdownlist: EchoReply NetworkUnreachable HostUnreachable ProtocolUnreachable PortUnreachable DestinationNetworkUnknown DestinationHostUnknown RedirectforNetwork RedirectforHost EchoRequest Other GRE ESP AH Other,thenenter ProtocolNumber
PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
GlobeSurferIIIPage46of180
TECHNICALREFERENCEMANUAL
8.2.2.7.
EditSchedulerRule
GlobeSurferIIIPage47of180
TECHNICALREFERENCEMANUAL
8.2.2.8.
EditTimeSegment
8.2.2.9.
EditHourRange
GlobeSurferIIIPage48of180
TECHNICALREFERENCEMANUAL
ThePortForwardingscreenletsyoudefinetheapplicationsthatrequirespecialhandlingby GlobeSurferIII.Allyouhavetodoisselecttheapplication'sprotocolandthelocalIPaddressof thecomputerthatwillbeusingorprovidingtheservice.Ifrequired,youmayaddnewprotocols inadditiontothemostcommononesprovidedbyGlobeSurferIII. Forexample,ifyouwantedtouseaFileTransferProtocol(FTP)applicationononeofyourPCs, youwouldsimplyselectFTPfromthelistandenterthelocalIPaddressorhostnameofthe designatedcomputer.AllFTPrelateddataarrivingatGlobeSurferIIIfromtheInternetwill henceforthbeforwardedtothespecifiedcomputer. Similarly,ifyouwanttograntInternetusersaccesstoserversinsideyourhomenetwork,you mustidentifyeachservicethatyouwanttoprovideandthePCthatwillprovideit.Forexample, ifyouwanttohostaWebserverinsidethehomenetworkyoumustselectHTTPfromthelistof protocolsandenterthelocalIPaddressorhostnameofthecomputerthatwillhosttheWeb server.WhenanInternetuserpointsherbrowsertotheexternalIPaddressofGlobeSurferIII, thegatewaywillforwardtheincomingHTTPrequesttothecomputerthatishostingtheWeb server.
GlobeSurferIIIPage49of180
TECHNICALREFERENCEMANUAL
AllincomingHTTPtrafficwillnowbeforwardedtothePCrunningtheWebserveronport8080. Whensettingaportforwardingservice,youmustensurethattheportisnotalreadyinuseby anotherapplication,whichmaystopfunctioning.AcommonexampleiswhenusingSIPsignaling inVoiceoverIPtheportusedbythegateway'sVoIPapplication(5060)isthesameporton whichportforwardingissetforLANSIPagents. Note:Someapplications,suchasFTP,TFTP,PPTPandH323,requirethesupportofspecial specificApplicationLevelGateway(ALG)modulesinordertoworkinsidethehomenetwork. Datapacketsassociatedwiththeseapplicationscontaininformationthatallowsthemtobe routedcorrectly.AnALGisneededtohandlethesepacketsandensurethattheyreachtheir intendeddestinations.GlobeSurferIIIisequippedwitharobustlistofALGmodulesinorderto enablemaximumfunctionalityinthehomenetwork. Note:TheALGisautomaticallyassignedbasedonthedestinationport. ThisscreenoffersthefacilitytoexposeservicesontheLANtoexternalInternetusers.Entries canbeadded,editedordeleted. Thefollowingfieldsaredisplayed: LocalHost:identifier LocalAddress:IPaddressorhostnameofcomputerprovidingtheservice Protocols:typeofprotocol Status:showsthestatusoftheportforwardingrule Action:optionsforaddingnewentriesoreditingordeletingexistingones ClickonNewEntrythisroutestotheAddPortForwardingRulescreen(seesection8.2.3.1) PresstheOKbuttontoapplychangesandgobacktotheHomescreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheHomescreen. PresstheResolveNowbuttontocheckthescreen. PresstheRefreshbuttontorefreshthescreen.
GlobeSurferIIIPage50of180
TECHNICALREFERENCEMANUAL
8.2.3.1.
AddPortForwardingRule
Thisscreenallowstheentryofnewportforwardingrules.Thefollowingfieldsshouldbe entered: LocalHost:IPaddressorthehostnameofthecomputerthatwillprovidetheservice theserver.(NotethatonlyoneLANcomputercanbeassignedtoprovidea specificserviceorapplication):optionsavailableare: o UserDefinedthisroutestotheEditItemscreen(seesection8.2.3.2) o Aspecificaddress Protocol:typeofprotocol:choosefromthedropdownlist: o Any o UserDefinedthisroutestotheEditServicescreen(seesection8.2.2.5) o ShowBasicServicesifthisoptionischosenareducedlistofoptionsis displayedincluding: FTPFileTransfer HTTPWebServer HTTPSSecuredWebServer IMAPMessagingServer L2TPLayer2TunelingProtocol PingICMPEchoRequest POP3IncomingMail SMTPOutgoingMail SNMPSimpleNetworkManagementProtocol TelnetRemoteConnection TFTPTrivialFileTransferProtocol TracerouteRouteTrackingUtility o ShowAllServicesamorecomprehensivelistofservicesisdisplayed PresstheOKbuttontoapplychangesandgobacktothePortForwardingscreen. PresstheCancelbuttontorejectchangesandgobacktothePortForwardingscreen. PresstheAdvancedbuttontogototheHomescreen.
GlobeSurferIIIPage51of180
TECHNICALREFERENCEMANUAL
8.2.3.2.
EditItem
GlobeSurferIIIPage52of180
TECHNICALREFERENCEMANUAL
Youarenotconcernedwithsecurityandwishtoexposeonecomputertoallservices withoutrestriction.
Warning:ADMZhostisnotprotectedbythefirewallandmaybevulnerabletoattack. DesignatingaDMZhostmayalsoputothercomputersinthehomenetworkatrisk. WhendesignatingaDMZhost,youmustconsiderthesecurityimplicationsandprotectitif necessary. Anincomingrequestforaccesstoaserviceinthehomenetwork,suchasaWebserver,is fieldedbyGlobeSurferIII.GlobeSurferIIIwillforwardthisrequesttotheDMZhost(ifoneis designated)unlesstheserviceisbeingprovidedbyanotherPCinthehomenetwork(assignedin PortForwarding),inwhichcasethatPCwillreceivetherequestinstead. ThisscreenoffersthefacilitytoallowasingleLANcomputertobefullyexposedtotheInternet. Thefollowingfieldsshouldbeentered: DMZHostIPAddress:clickonthecheckboxandenterthelocalIPaddressofthe computerthatyouwouldliketodesignateasaDMZhost.NotethatonlyoneLAN computermaybeaDMZhostatanytime. YoucandisabletheDMZhostsothatitwillnotbefullyexposedtotheInternet,butkeepitsIP addressrecordedontheDMZHostscreen.ThismaybeusefulifyouwishtodisabletheDMZ hostbutexpectthatyouwillwanttoenableitagaininthefuture. TodisabletheDMZhostsothatitwillnotbefullyexposedtotheInternet,clearthe checkboxnexttotheDMZIPdesignation,andclickOK. Toreinstateitatalatertime,simplyreselectthecheckbox. PresstheOKbuttontoapplychangesandgobacktotheHomescreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheHomescreen.
GlobeSurferIIIPage53of180
TECHNICALREFERENCEMANUAL
8.2.5. PortTriggering
Porttriggeringcanbeusedfordynamicportforwardingconfiguration.Bysettingporttriggering rules,youcanallowinboundtraffictoarriveataspecificLANhost,usingportsdifferentthan thoseusedfortheoutboundtraffic.Thisiscalledporttriggeringsincetheoutboundtraffic triggerstowhichportsinboundtrafficisdirected. Forexample,consideragamingserverthatisaccessedusingUDPprotocolonport2222.The gamingserverrespondsbyconnectingtheuserusingUDPonport3333whenstartinggaming sessions.Insuchacaseyoumustuseporttriggering,sincethisscenarioconflictswiththe followingdefaultfirewallsettings: Thefirewallblocksinboundtrafficbydefault. TheserverrepliestoGlobeSurferIII'sIP,andtheconnectionisnotsentbacktoyour host,sinceitisnotpartofasession. InordertosolvethisyouneedtodefineaPortTriggeringentry,whichallowsinboundtrafficon UDPport3333,onlyafteraLANhostgeneratedtraffictoUDPport2222.Thiswillresultin acceptingtheinboundtrafficfromthegamingserver,andsendingitbacktotheLANHostwhich originatedtheoutgoingtraffictoUDPport2222. Thisscreenoffersthefacilitytotriggertheopeningofportsforincomingdata.Entriescanbe added,editedordeleted. Thefollowingfieldsaredisplayed: Protocol:theprotocolforthisentry OutgoingTriggerPorts:showstherangeoftriggerportsforthisprotocol IncomingPortstoOpen:showstheportstobeopenedwhentriggered Action:optionsforaddingnewentriesoreditingordeletingexistingones Toaddatrigger,choosefromthedropdownlist: o UserDefinedthisroutestotheEditPortTriggeringRulescreen(seesection 8.2.5.1)
GlobeSurferIIIPage54of180
TECHNICALREFERENCEMANUAL
o ShowBasicServicesifthisoptionischosenareducedlistofoptionsis displayed o ShowAllServicesamorecomprehensivelistservicesisdisplayedincluding L2TPLayer2TunelingProtocol TFTPTrivialFileTransferProtocol AIMTalk DialPad.com ICQ RealAudioonPort7070 PresstheOKbuttontoapplychangesandgobacktotheHomescreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheHomescreen. YoucandisableaporttriggeringrulewithouthavingtoremoveitfromthePortTriggering screen. Totemporarilydisablearule,clearthecheckboxnexttotheservicename. Toreinstateitatalatertime,simplyreselectthecheckbox.T Toremovearule,clicktheRemoveactioniconfortheservice.Theservicewillbe permanentlyremoved. Theremaybeafewdefaultporttriggeringruleslistedwhenyoufirstaccesstheport triggeringscreen.Pleasenotethatdisablingtheserulesmayresultinimpairedgateway functionality.
8.2.5.1.
EditPortTriggeringRule
GlobeSurferIIIPage55of180
TECHNICALREFERENCEMANUAL
8.2.5.2.
EditServiceOpenedPorts
Thisscreenallowstheeditingofserviceopenedports.Thefollowingfieldsshouldbe entered: Protocol:choosefromthedropdownlist: o TCP,thenenter SourcePorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues DestinationPorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues SameasInitiatingPorts o UDP,thenenter SourcePorts,thenchoosefromthedropdownlist: Any
GlobeSurferIIIPage56of180
TECHNICALREFERENCEMANUAL
o o o o
Single,thenenterportnumber Range,thenenterrangevalues DestinationPorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues SameasInitiatingPorts ICMP,thenenter ICMPMessagebychoosingfromthedropdownlist: EchoReply NetworkUnreachable HostUnreachable ProtocolUnreachable PortUnreachable DestinationNetworkUnknown DestinationHostUnknown RedirectforNetwork RedirectforHost EchoRequest Other GRE ESP AH Other,thenenter ProtocolNumber
PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
8.2.6. WebsiteRestrictions
GlobeSurferIIIPage57of180
TECHNICALREFERENCEMANUAL
YoumayconfigureGlobeSurferIIItoblockspecificInternetwebsitessothattheycannotbe accessedfromcomputersinthehomenetwork.Moreover,restrictionscanbeappliedtoa comprehensiveandautomaticallyupdatedtableofsitestowhichaccessisnotrecommended. ThisscreenoffersthefacilitytorestrictaccessfromtheLANtowebsites.Entriescanbeadded, editedordeleted. Thefollowingfieldsaredisplayed: LocalHost:thehostforwhichrestrictionsareshown LocalAddress:showstheaddressforthisentry RestrictedWebsite:thewebsitenametoberestricted RestrictedIPAddress:theIPaddresstoberestricted Status:showsthestatusofthewebsiterestriction Action:optionsforaddingnewentriesoreditingordeletingexistingones ClickonNewEntrythisroutestotheRestrictedWebsitescreen(seesection8.2.6.1) PresstheOKbuttontoapplychangesandgobacktotheHomescreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheHomescreen. PresstheResolveNowbuttontotrytolocatethesiteandresolvetheURLintooneormoreIP addresses. PresstheRefreshbuttontorefreshthescreen. YoumayeditthewebsiterestrictionbymodifyingitsentryundertheLocalHostcolumn.To modifyanentryclicktheEditactioniconfortherestriction.Modifythewebsiteaddress,group orscheduleasnecessary. ToensurethatallcurrentIPaddressescorrespondingtotherestrictedwebsitesareblocked, clicktheResolveNowbutton.GlobeSurferIIIwillcheckeachoftherestrictedwebsite addressesandensurethatallIPaddressesatwhichthiswebsitecanbefoundareincludedin theIPaddressescolumn. Youcandisablearestrictioninordertomakeawebsiteavailableagainwithouthavingto removeitfromtheWebsiteRestrictionsscreen.Thismaybeusefulifyouwishtomakethe websiteavailableonlytemporarilyandexpectthatyouwillwanttoblockitagaininthefuture. Totemporarilydisablearule,clearthecheckboxnexttotheservicename. Toreinstateitatalatertime,simplyreselectthecheckbox. Toremovearule,clicktheRemoveactioniconfortheservice.Theservicewillbe permanentlyremoved.
GlobeSurferIIIPage58of180
TECHNICALREFERENCEMANUAL
8.2.6.1.
RestrictedWebsite
Thisscreenallowstheentryofwebsitestoberestricted.Thefollowingfieldsshouldbe entered: RestrictedWebsite:enterthewebsiteaddress(IPaddressorURL)thatyouwould liketomakeinaccessiblefromyourhomenetwork(allwebpageswithinthesitewill alsobeblockedandifthewebsiteaddresshasmultipleIPaddresses,GlobeSurfer IIIwillresolvealladditionaladdressesandautomaticallyaddthemtotherestrictions table) LocalHost:specifythecomputerorgroupofcomputersforwhichyouwouldliketo applythewebsiterestriction:optionsavailableare: o Any o UserDefinedthisroutestotheEditNetworkObjectscreen(seesection 8.2.2.3) o AspecificcomputeraddressinyourLAN Schedule:choosewhenthewebsiteistoberestricted,bydefaulttherulewillalways beactive: o Alwaysaccessisalwayscontrolled o UserdefinedthisroutestotheEditSchedulerRulescreen(seesection 8.2.2.7) PresstheOKbuttontoapplychangesandgobacktotheRestrictedWebsitescreen. PresstheCancelbuttontorejectchangesandgobacktotheRestrictedWebsitescreen. ResolvingwillappearintheStatuscolumnwhilethesiteisbeinglocated(theURLis resolvedintooneormoreIPaddresses).IfthesiteissuccessfullylocatedthenResolved willappearinthestatusbar,otherwiseHostnameResolutionFailedwillappear.Incase GlobeSurferIIIfailstolocatethewebsite,dothefollowing: o Useawebbrowsertoverifythatthewebsiteisavailable.Ifitis,thenyou probablyenteredthewebsiteaddressincorrectly. o Ifthewebsiteisnotavailable,returntotheWebsiteRestrictionsscreenat alatertimeandclicktheResolveNowbuttontoverifythatthewebsitecan
GlobeSurferIIIPage59of180
TECHNICALREFERENCEMANUAL
befoundandblockedbyGlobeSurferIII.
8.2.7. NAT
TheNAT(NetworkAddressTranslation)screenallowsyoutohidethecomputersinyour networksotheycannotbefoundordirectlyaccessedfromoutsideyournetwork. Thisscreenoffersthefacilitytotranslatenetworkaddresses.Entriescanbeadded,editedor deleted. Thefollowingfieldsaredisplayed: NAT(NetworkAddressTranslation)IPAddressesPool o IPaddress:theIPaddresstobetranslated o Action:optionsforaddingnewentriesoreditingordeletingexistingones ClickonNewIPAddressthisroutestotheEditItemscreen(seesection8.2.7.1) NAT/NAPTRuleSets o RuleID:theruleidentifier o SourceAddress:IPaddressofsource o DestinationAddress:IPaddressofsource o Match:theconditionthatmustexistfortheruletoapply o Operation:protocolinuse o Status:showsthestatusoftheruleset o Action:optionsforaddingnewentriesoreditingordeletingexistingones
ClickonNewEntrythisroutestotheAddNAT/NAPTRulescreen(seesection8.2.7.2) PresstheOKbuttontoapplychangesandgobacktotheHomescreen.
GlobeSurferIIIPage60of180
TECHNICALREFERENCEMANUAL
8.2.7.1.
EditItem
Thisscreenallowstheeditingofnetworkobjecttypes.Thefollowingfieldsshouldbe entered: NetworkObjectType:choosefromthedropdownlist: o IPAddress,thenenter IPaddress o IPSubnet,thenenter SubnetIPAddress SubnetMask o IPRange,thenenter FromIPAddress ToIPAddress o DHCPOption,thenchoosefromthedropdownlist: 60:VendorClassID 61:ClientID 77:UserClassID thenentertheappropriateID PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
GlobeSurferIIIPage61of180
TECHNICALREFERENCEMANUAL
8.2.7.2.
AddNAT/NAPTRule
ThisscreenallowstheentryofnewNAT(NetworkAddressTranslation)/NAPTrules.The followingfieldsshouldbeentered: Matching o SourceAddress:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditNetworkObjectscreen(see section8.2.2.3) Aspecificaddress o DestinationAddress:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditNetworkObjectscreen(see section8.2.2.3) Aspecificaddress o Protocol:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditServicescreen(seesection 8.2.2.5) ShowBasicServicesifthisoptionischosenareducedlistofoptions isdisplayedincluding: FTPFileTransfer HTTPWebServer HTTPSSecuredWebServer IMAPMessagingServer L2TPLayer2TunelingProtocol
GlobeSurferIIIPage62of180
TECHNICALREFERENCEMANUAL
PingICMPEchoRequest POP3IncomingMail SMTPOutgoingMail SNMPSimpleNetworkManagementProtocol TelnetRemoteConnection TFTPTrivialFileTransferProtocol TracerouteRouteTrackingUtility ShowAllServicesamorecomprehensivelistofservicesisdisplayed Operation:choosefromthedropdownlist: o NATSourceIPtranslationrule NATAddresses:choosefromthedropdownlist: UserDefinedthisroutestotheEditNetworkObjectscreen (seesection8.2.2.3) o NAPTSourceIPandporttranslationrule NAPTAddress:choosefromthedropdownlist: UserDefinedthisroutestotheEditItemscreen(seesection 8.2.7.1) NAPTPorts:Choosefromthedropdownlist: Single,thenenterportnumber Range,thenenterrangevalues Logging o LogPacketsMatchedbyThisRule:clickthischeckboxtologpacketsmatched bythisrule Schedule:choosewhentheruleistobefollowed: o Alwaysaccessisalwayscontrolled o UserdefinedthisroutestotheEditSchedulerRulescreen(seesection 8.2.2.7)
PresstheOKbuttontoapplychangesandgobacktotheNATscreen. PresstheCancelbuttontorejectchangesandgobacktotheNATscreen.
GlobeSurferIIIPage63of180
TECHNICALREFERENCEMANUAL
8.2.8. Connections
Thisscreenshowsallconnectionscurrentlyactive. Thefollowingfieldsaredisplayed: ActiveConnections:numberofactiveconnections ApproximateMax.Connections:maximumnumberofpossibleconnections (approximate) Foreachactiveconnectionthefollowingfieldsaredisplayed: Number:numberofconnectioninsequentialorder Protocol:protocolused LANIPPort:IPaddressofLAN GlobeSurferIIIIPPort:IPaddressofGlobeSurferIII WANIPPort:IPaddressofWAN Direction:Outgoing/incoming Action:optionsfordeletingconnections PresstheClosebuttontogobacktothepreviousscreen. PresstheRefreshbuttontorefreshthescreen. PresstheAdvancedbuttontogototheHomescreen.
GlobeSurferIIIPage64of180
TECHNICALREFERENCEMANUAL
8.2.9. AdvancedFiltering
GlobeSurferIIIPage65of180
TECHNICALREFERENCEMANUAL
InputRuleSetsforconfiguringinboundtraffic o RuleID:theruleidentifier o SourceAddress:sourceaddressofthepacketssenttoorreceivedfromthe networkobject o DestinationAddress:destinationaddressofthepacketssenttoorreceivedfrom thenetworkobjectthisaddresscanbeconfiguredinthesamemannerasthe sourceaddress o Match:theconditionthatmustexistfortheruletoapply o Operation:actiontherulewilltake o Status:showsthestatusoftheruleset o Action:optionsforaddingnewentriesorediting,deleting,movingupormoving downexistingones
ClickonNewEntrythisroutestotheAddAdvancedFilterscreen(seesection8.2.9.1) OutputRuleSetsforconfiguringoutboundtraffic o RuleID:theruleidentifier o SourceAddress:sourceaddressofthepacketssenttoorreceivedfromthe networkobject o DestinationAddress:destinationaddressofthepacketssenttoorreceivedfrom thenetworkobjectthisaddresscanbeconfiguredinthesamemannerasthe sourceaddress o Match:theconditionthatmustexistfortheruletoapply o Operation:actiontherulewilltake o Status:showsthestatusoftheruleset o Action:optionsforaddingnewentriesorediting,deleting,movingupormoving downexistingones ClickonNewEntrythisroutestotheAddAdvancedFilterscreen(seesection8.2.9.1) ALGRuleSets o RuleID:theruleidentifier o SourceAddress:sourceaddressofthepacketssenttoorreceivedfromthe networkobject o DestinationAddress:destinationaddressofthepacketssenttoorreceivedfrom thenetworkobjectthisaddresscanbeconfiguredinthesamemannerasthe sourceaddress o Match:theconditionthatmustexistfortheruletoapply o Operation:protocolinuse o Status:showsthestatusoftheruleset o Action:optionsforaddingnewentriesorediting,deleting,movingupormoving downexistingones ClickonNewEntrythisroutestotheAddALGRulescreen(seesection8.2.9.2)
GlobeSurferIIIPage66of180
TECHNICALREFERENCEMANUAL
8.2.9.1.
AddAdvancedFilter
Thisscreenallowstheentryofadvancedfilteringrules.Thefollowingfieldsshouldbe entered: Matchingtoapplyarule,amatchingmustbemadebetweenIPaddressesanda trafficprotocolmustbedefined: o SourceAddress:sourceaddressofthepacketssenttoorreceivedfromthe networkobject:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditNetworkObjectscreen(see section8.2.2.3) Aspecificaddress o DestinationAddress:destinationaddressofthepacketssenttoorreceived fromthenetworkobjectthisaddresscanbeconfiguredinthesamemanner asthesourceaddress:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditNetworkObjectscreen(see
GlobeSurferIIIPage67of180
TECHNICALREFERENCEMANUAL
section8.2.2.3) Aspecificaddress o Protocol:trafficprotocol:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditServicescreen(seesection 8.2.2.5) ShowBasicServicesifthisoptionischosenareducedlistofoptions isdisplayedincluding: FTPFileTransfer HTTPWebServer HTTPSSecuredWebServer IMAPMessagingServer L2TPLayer2TunelingProtocol PingICMPEchoRequest POP3IncomingMail SMTPOutgoingMail SNMPSimpleNetworkManagementProtocol TelnetRemoteConnection TFTPTrivialFileTransferProtocol TracerouteRouteTrackingUtility ShowAllServicesamorecomprehensivelistofservicesisdisplayed o Length:clickthischeckboxtoenterpacketordatalength,thenchoosefrom thedropdownlist: PacketLength,thenenterrangeinbytes DataLength,thenenterrangeinbytes Operation:definewhatactiontherulewilltake,byselectingoneofthefollowing fromthedropdownlist: o DropDenyaccesstopacketsthatmatchthesourceanddestinationIP addressesandserviceportsdefinedinMatching. o RejectDenyaccesstopacketsthatmatchthesourceanddestinationIP addressesandserviceportsdefinedinMatchingandsendsanICMPerrorora TCPresettotheoriginationpeer. o AcceptConnectionAllowaccesstopacketsthatmatchthesourceand destinationIPaddressesandserviceportsdefinedinMatching.Thedata transfersessionwillbehandledusingStatefulPacketInspection(SPI). o AcceptPacketAllowaccesstopacketsthatmatchthesourceand destinationIPaddressesandserviceportsdefinedinMatching.Thedata transfersessionwillnotbehandledusingStatefulPacketInspection(SPI), meaningthatotherpacketsthatmatchthisrulewillnotbeautomatically allowedaccess.Forexample,thiscanbeusefulwhencreatingrulesthatallow broadcasting. Logging o LogPacketsMatchedbyThisRule:clickthischeckboxtologthefirstpacket fromaconnectionthatwasmatchedbythisrule Schedule:choosewhentheruleistobefollowed:
TECHNICALREFERENCEMANUAL
GlobeSurferIIIPage68of180
8.2.9.2.
AddALGRule
ThisscreenallowstheentryofALG(ApplicationLevelGateway)rules.Thefollowingfields shouldbeentered: Matchingtoapplyarule,amatchingmustbemadebetweenIPaddressesanda trafficprotocolmustbedefined: o SourceAddress:sourceaddressofthepacketssenttoorreceivedfromthe networkobject:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditNetworkObjectscreen(see section8.2.2.3) Aspecificaddress o DestinationAddress:destinationaddressofthepacketssenttoorreceived fromthenetworkobjectthisaddresscanbeconfiguredinthesamemanner asthesourceaddress:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditNetworkObjectscreen(see section8.2.2.3)
GlobeSurferIIIPage69of180
TECHNICALREFERENCEMANUAL
Aspecificaddress o Protocol:trafficprotocol:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditServicescreen(seesection 8.2.2.5) ShowBasicServicesifthisoptionischosenareducedlistofoptions isdisplayedincluding: FTPFileTransfer HTTPWebServer HTTPSSecuredWebServer IMAPMessagingServer L2TPLayer2TunelingProtocol PingICMPEchoRequest POP3IncomingMail SMTPOutgoingMail SNMPSimpleNetworkManagementProtocol TelnetRemoteConnection TFTPTrivialFileTransferProtocol TracerouteRouteTrackingUtility ShowAllServicesamorecomprehensivelistofservicesisdisplayed Operation:choosefromthedropdownlist: o FTP o H.323CSL o SIP o IPSec Logging o LogPacketsMatchedbyThisRule:clickthischeckboxtologthefirstpacket fromaconnectionthatwasmatchedbythisrule Schedule:choosewhentheruleistobefollowed: o Alwaysaccessisalwayscontrolled o UserdefinedthisroutestotheEditSchedulerRulescreen(seesection 8.2.2.7)
PresstheOKbuttontoapplychangesandgobacktotheAdvancedFilteringscreen. PresstheCancelbuttontorejectchangesandgobacktotheAdvancedFilteringscreen.
GlobeSurferIIIPage70of180
TECHNICALREFERENCEMANUAL
8.2.10. Log
TheSecurityLogdisplaysalistoffirewallrelatedevents,includingattemptstoestablish inboundandoutboundconnections,attemptstoauthenticatethroughanadministrative interface(WebbasedmanagementorTelnetterminal),firewallconfigurationandsystemstart up. Thefollowingfieldsaredisplayed: Time:thedateandtimetheeventoccurred Event:therearefivekindsofevents: o InboundTraffic:theeventisaresultofanincomingpacket. o OutboundTraffic:theeventisaresultofoutgoingpacket. o FirewallSetup:configurationmessage. o WBMLogin:indicatesthatauserhasloggedintoWBM. o CLILogin:indicatesthatauserhasloggedintoCLI(viaTelnet). EventType:atextualdescriptionoftheevent: o Blocked:thepacketwasblockedthemessageiscolouredred o Accepted:thepacketwasacceptedthemessageiscolouredgreen Details:moredetailsaboutthepacketortheevent,suchasprotocol,IPaddresses,ports, etc. PresstheClosebuttontogobacktotheHomescreen. PresstheClearLogbuttontodeleteallentriesinthelogandstayonthisscreen. PresstheDownloadLogbuttontodownloadthelogintoaMicrosoftExcelspreadsheet. PresstheSettingsbuttontogototheLogSettingsscreen(seesection8.2.10.1) PresstheRefreshbuttontorefreshthescreen.
GlobeSurferIIIPage71of180
TECHNICALREFERENCEMANUAL
Thefollowingaretheavailableeventtypesthatcanberecordedinthefirewalllog: 1 Firewallinternalanaccompanyingexplanationfromthefirewallinternalmechanism willbeaddedincasethiseventtypeisrecorded. 2 Firewallstatuschangedthefirewallchangedstatusfromuptodownortheotherway around,asspecifiedintheeventtypedescription. 3 STPpacketanSTPpackethasbeenaccepted/rejected. 4 Illegalpacketoptionstheoptionsfieldinthepacket'sheaderiseitherillegalor forbidden. 5 Fragmentedpacketafragmenthasbeenrejected. 6 WinNukeprotectionaWinNukeattackhasbeenblocked. 7 ICMPreplayanICMPreplaymessagehasbeenblocked. 8 ICMPredirectprotectionanICMPredirectedmessagehasbeenblocked. 9 Packetinvalidinconnectionapackethasbeenblocked,beingonaninvalidconnection. 10 ICMPprotectionabroadcastICMPmessagehasbeenblocked. 11 Broadcast/Multicastprotectionapacketwithabroadcast/multicastsourceIPhasbeen blocked. 12 SpoofingprotectionapacketfromtheWANwithasourceIPoftheLANhasbeen blocked. 13 DMZnetworkpacketapacketfromademilitarizedzonenetworkhasbeenblocked. 14 Trusteddeviceapacketfromatrusteddevicehasbeenaccepted. 15 Defaultpolicyapackethasbeenaccepted/blockedaccordingtothedefaultpolicy. 16 RemoteadministrationapacketdesignatedforGlobeSurferIIIIImanagementhas beenaccepted/blocked. 17 Accesscontrolapackethasbeenaccepted/blockedaccordingtoanaccesscontrolrule. 18 Parentalcontrolapackethasbeenblockedaccordingtoaparentalcontrolrule. 19 NAToutfailedNATfailedforthispacket. 20 DHCPrequest GlobeSurferIIIIIsentaDHCPrequest(dependsonthe distribution). 21 DHCPresponseGlobeSurferIIIIIreceivedaDHCPresponse(dependsonthe distribution). 22 DHCPrelayagentaDHCPrelaypackethasbeenreceived(dependsonthedistribution). 23 IGMPpacketanIGMPpackethasbeenaccepted. 24 MulticastIGMPconnectionamulticastpackethasbeenaccepted. 25 RIPpacketaRIPpackethasbeenaccepted. 26 PPTPconnectionapacketinquiringwhetherGlobeSurferIIIIIisreadytoreceivea PPTPconnectionhasbeenaccepted. 27 Kerberoskeymanagement1293securityrelated,forfutureuse. 28 Kerberos88forfutureuse. 29 AUTH:113requestanoutboundpacketforAUTHprotocolhasbeenaccepted(for maximumsecuritylevel). 30 PacketCableforfutureuse. 31 IPV6overIPV4anIPv6overIPv4packethasbeenaccepted. 32 ARPanARPpackethasbeenaccepted.
GlobeSurferIIIPage72of180
TECHNICALREFERENCEMANUAL
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61
PPPDiscoveraPPPdiscoverpackethasbeenaccepted. PPPSessionaPPPsessionpackethasbeenaccepted. 802.1Qa802.1Q(VLAN)packethasbeenaccepted. OutboundAuth1XanoutboundAuth1Xpackethasbeenaccepted. IPVersion6anIPv6packethasbeenaccepted. GlobeSurferIIIIIinitiatedtrafficall trafficthatGlobeSurferIIIIIinitiatesis recorded. Maximumsecurityenabledserviceapackethasbeenacceptedbecauseitbelongstoa permittedserviceinthemaximumsecuritylevel. SynCookiesProtectionaSynCookiespackethasbeenblocked. ICMPFloodProtectionapackethasbeenblocked,stoppinganICMPflood. UDPFloodProtectionapackethasbeenblocked,stoppingaUDPflood. Serviceapackethasbeenacceptedbecauseofacertainservice,asspecifiedinthe eventtype. AdvancedFilterRuleapackethasbeenaccepted/blockedbecauseofanadvancedfilter rule. Fragmentedpacket,headertoosmallapackethasbeenblockedbecauseafterthe defragmentation,theheaderwastoosmall. Fragmentedpacket,headertoobigapackethasbeenblockedbecauseafterthe defragmentation,theheaderwastoobig. Fragmentedpacket,dropallnotused. Fragmentedpacket,badalignapackethasbeenblockedbecauseafterthe defragmentation,thepacketwasbadlyaligned. Fragmentedpacket,packettoobigapackethasbeenblockedbecauseafterthe defragmentation,thepacketwastoobig. Fragmentedpacket,packetexceedsapackethasbeenblockedbecause defragmentationfoundmorefragmentsthanallowed. Fragmentedpacket,nomemoryafragmentedpackethasbeenblockedbecausethere wasnomemoryforfragments. Fragmentedpacket,overlappedapackethasbeenblockedbecauseafterthe defragmentation,therewereoverlappingfragments. Defragmentationfailedthefragmenthasbeenstoredinmemoryandblockeduntilall fragmentsarrivedanddefragmentationcouldbeperformed. Connectionopenedusuallyadebugmessageregardingaconnection. Wildcardconnectionopenedusuallyadebugmessageregardingaconnection. Wildcardconnectionhookedusuallydebugmessageregardingconnection. Connectionclosedusuallyadebugmessageregardingaconnection. Echo/Chargen/Quote/Snorkprotectionapackethasbeenblocked,protectingfrom Echo/Chargen/Quote/Snork. FirstpacketinconnectionisnotaSYNpacketapackethasbeenblockedbecauseofa TCPconnectionthathadstartedwithoutaSYNpacket. Error:Nomemoryamessagenotifyingthatanewconnectionhasnotbeenestablished becauseoflackofmemory. NATError:Connectionpoolisfullamessagenotifyingthataconnectionhasnotbeen createdbecausetheconnectionpoolisfull.
GlobeSurferIIIPage73of180
TECHNICALREFERENCEMANUAL
62 63 64 65 66 67 68 69
NATError:NofreeNATIPamessagenotifyingthatthereisnofreeNATIP,therefore NAThasfailed. NATError:ConflictMappingalreadyexistsamessagenotifyingthatthereisaconflict sincetheNATmappingalreadyexists,thereforeNAThasfailed. Malformedpacket:Failedparsingapackethasbeenblockedbecauseitismalformed. Passiveattackonftpserver:ClientattemptedtoopenServerportsapackethasbeen blockedbecauseofanunauthorizedattempttoopenaserverport. FTPportrequestto3rdpartyisforbidden(Possiblebounceattack)apackethasbeen blockedbecauseofanunauthorizedFTPportrequest. FirewallRuleswerechangedthefirewallrulesethasbeenmodified. Userauthenticationamessageduringlogintime,includingbothsuccessfulandfailed authentication. FirstpacketisInvalidFirstpacketinconnectionfailedtopassfirewallorNAT
8.2.10.1.
LogSettings
GlobeSurferIIIPage74of180
TECHNICALREFERENCEMANUAL
BlockedEvents o AllBlockedConnectionAttemptswritealogmessageforeachblocked attempttoestablishaninboundconnectiontothehomenetworkorvice versa.Youcanenableloggingofblockedpacketsofspecifictypesbydisabling thisoption,andenablingsomeofthemorespecificoptionsbelowit. o Specifytheblockedeventsthatshouldbemonitored.Usethistomonitor specificeventsuchasSynFlood.Alogmessagewillbegeneratedifeitherthe correspondingcheckboxischecked,ortheAllBlockedConnection Attemptscheckboxischecked. Winnuke DefragmentationError BlockedFragments SynFlood EchoChargen Multicast/Broadcast SpoofedConnection PacketIllegalOptions UDPFlood ICMPReplay ICMPRedirect ICMPMulticast ICMPFlood OtherEvents o RemoteAdministrationAttemptwritealogmessageforeachremote administrationconnectionattempt,whethersuccessfulornot. o ConnectionStatesprovideextrainformationabouteverychangeina connectionopenedbythefirewall.Usethisoptiontotrackconnection handlingbythefirewallandApplicationLevelGateways(ALGs). LogBuffer o PreventLogOverrunselectthischeckboxinordertostoploggingfirewall activitieswhenthememoryallocatedforthelogfillsup.
GlobeSurferIIIPage75of180
TECHNICALREFERENCEMANUAL
8.3.
VPN/InternetProtocolSecurity(IPSec)
ThisscreenallowstheentryofInternetProtocolSecurity(IPSec)data.Thefollowingfieldsshouldbe entered: BlockUnauthorisedIP o Enabled:clickthischeckboxtoblockunauthorizedattempts,andthenenter o MaximumNumberofAuthenticationFailures:numberallowedbeforeblocking o BlockPeriod:timeinseconds AntiReplayProtection o Enabled:clickthischeckboxtoprovideantireplayprotection Connections:foreachconnectionthefollowingfieldsaredisplayed: Name:descriptionofconnection Status:statusofconnection Action:optionsforaddingnewentriesoreditingordeletingexistingones
GlobeSurferIIIPage76of180
TECHNICALREFERENCEMANUAL
8.3.1. InternetProtocolSecurity(IPSec)Settings
GlobeSurferIIIPage77of180
TECHNICALREFERENCEMANUAL
ThisscreenallowsthecustomizationoftheIPSeclog,byallowingtheusertochoosewhatdata isrecorded.ItisimportanttonotetheenablingmanyoftheseoptionsmayreduceGlobeSurfer IIIsperformance. Thefollowingcheckboxescanbeclicked: IKELogSettings o MessagesRawBytes o MessagesEncryptionandDecryption o MessagesInputStructure o MessagesOutputStructure o VerboseAutomaticKeying o VerboseIKEIPSecInteraction o VerbosePrivateKeys o VerboseDeadPeerDetection o VerboseNATTraversalNegotiation o VerboseIKERejectPackets o PrintAllIKEMessagesIgnoringRateLimit IPSecLogSettings o TunnelingCode o TunnelingTransmitCode o UserSpaceCommunicationCode o TransformSelectionandManipulationCode o InternalRouteTableManipulationCode o SecureAssociationTableManipulationCode o RadijTreeManipulationCode o EncryptionTransformsCode o AuthenticationTransformsCode o ReceiveCode o IPCompressionTransformsCode o EvenMoreVerboseOutput o VerboseRejectedPackets o PrintAllIPSecMessagesIgnoringRateLimit PresstheOKbuttontoapplychangesandgobacktotheVPN/InternetProtocolSecurity (IPSec)screen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheVPN/InternetProtocolSecurity (IPSec)screen.
GlobeSurferIIIPage78of180
TECHNICALREFERENCEMANUAL
9. System
Thisareaenablestheusertoconfiguresystemsettingsandperformmaintenancefunctions. Fromthisscreenyoucanclickonthetabsatthetoplefthandsidetoroutetothefollowingdetailed screens: Overviewsystemoverviewincludingversion,releasedate,platform,loadaverage(seesection9.1) Settingsconfiguresystemssettings,dateandtimeparametersandsettheclock(seesection9.2) Userslistofremoteusers/groups,andabilitytoadd,editordeleteusers/groups(seesection9.3) NetworkConnectionsconfigureparametersofphysicalconnections,LAN/WAN(seesection9.4) Monitormonitorstrafficwithinlocalnetworkorbetweenlocalnetwork/Internet(seesection9.5) Routingroutingoverview+enableRIP,IGMP,DomainRouting,BGP,OSPF,PPPoE(seesection9.6) ManagementabilitytoconfigureUPnP,SNPandRemoteAdministration(seesection9.7) Maintenanceconfigfile,reboot,restoresettings,performupgrade,diagnostics(seesection9.8) ObjectsandRulesprotocols,networkobjects,schedulerrules+X.509certificates(seesection9.9)
9.1.
Overview
GlobeSurferIIIPage79of180
TECHNICALREFERENCEMANUAL
9.2.
SystemSettings
ToaccesstheSystemSettingsscreen,clicktheOverviewtabatthetoprighthandsideoftheSettings screenintheSystemarea.
GlobeSurferIIIPage80of180
TECHNICALREFERENCEMANUAL
SessionLifetime:controlsthesessionlifetime(seconds)forloginstothemanagementconsole. Whenthetimehasexpiredtheloginscreenwillappearagain.
ManagementApplicationPorts:thissectionallowsyoutoconfigurethefollowingmanagement applicationports: PrimaryHTTPManagementPort SecondaryHTTPManagementPort PrimaryHTTPSManagementPort SecondaryHTTPSManagementPort PrimaryTelnetPort SecondaryTelnetPort SecureTelnetoverSSLPort Jungo.netPort Jungo.netSSLPort ManagementApplicationSSLAuthenticationOptions: PrimaryHTTPSManagementSSLClientAuthentication:selectfromthedropdownlist: None Optional Required SecondaryHTTPSManagementSSLClientAuthenticationselectfromthedropdownlist: None Optional Required SecureTelnetoverSSLClientAuthentication:selectfromthedropdownlist: None Optional Required SystemLogging: SystemLogBufferSize:sizeinKB RemoteSystemNotifyLevel:selectfromthedropdownlist: None Error Warning Information PersistentSystemLog:selectthischeckboxtokeepthesystemlog. SecurityLogging: SecurityLogBufferSize:sizeinKB RemoteSecurityNotifyLevel:selectfromthedropdownlist: None Error Warning
GlobeSurferIIIPage81of180
TECHNICALREFERENCEMANUAL
Information PersistentSecurityLog:selectthischeckboxtokeepthesecuritylog.
OutgoingMailServer: Server:enterthehostnameofyouroutgoing(SMTP)server. FromEmailAddress:eachemailrequiresafromaddressandsomeoutgoingserversrefuseto forwardemailwithoutavalidfromaddressforantispamconsiderations. Port:usedtoaltertheserverport,ifyourmailserverdoesnotusethestandardport25. ServerRequiresAuthentication:selectthecheckboxifyouroutgoingemailserverrequires authentication,andthenenter: UserName:yourusername Password:yourpassword Swap: Enabled:selectthischeckboxtoenableswapping. Status:showstheswapstatus.Possibleoptionsare: Disabled Inactive Active SwapSize:entertheswapsizeinMB. HTTPInterception: InterceptHTTPTrafficforAssistingwithInternetConnectivityProblems:selectthischeckboxto interceptHTTPtraffic. PerformWebAuthenticationOverHTTPS:selectthischeckboxtoperformwebauthenticationover HTTPS. HostInformation: EnableAutoDetectionofHostServices:selectthischeckboxtoenableautomaticdetectionofhost services. InstallationWizard: Use Installation Wizard Preconfigured Values: select this checkbox if you wish to use the installationwizardspreconfiguredvalues. LCDSettings: ScreensaverTimeout:setsthetimeinsecondsbeforethescreensaverisdisplayed GoHomeTimeout:setsthetimeinsecondsfortheGoHometimeout Contrast:setsthecontrastlevelontheLCD
GlobeSurferIIIPage82of180
TECHNICALREFERENCEMANUAL
To access the Date and Time screen, click the Date and Time tab at the top right hand side of the SettingsscreenintheSystemarea.
Toconfiguredateandtimesettingsenterthefollowing: Localization: LocalTime:showsthecurrentdateandtime.Thisissetautomaticallyifautomaticupdatehasbeen chosen,ormanuallybypressingtheClockSetbuttonatthebottomofthescreen. TimeZone:selectthelocaltimezonefromthepulldownmenu. DaylightSavingTime: Enabled:selectthischeckboxifyouwouldliketheDaylightSaving/BritishSummertimeoffsettobe madetothetimeinthetimezone. StartTime:enterthedateandtimewhenthedaylightsavingoffsetshouldstartfrom. EndTime:enterthedateandtimewhenthedaylightsavingoffsetshouldend. Offset:enterthenumberofminutesthatshouldbeaddedduringthedaylightsavingperiod. AutomaticTimeUpdate: Enabled:selectthischeckboxIfyouwanttheGlobeSurferIIItoupdatethetimeautomatically. Protocol:selecttheprotocoltobeusedtoperformthetimeupdatebyselectingoneofthetwo followingradiobuttons: o TimeofDay(TOD) o NetworkTimeProtocol(NTP) UpdateEvery:specifyhowoftentoperformtheupdate(inhours).Youcanchangethedefault
GlobeSurferIIIPage83of180
TECHNICALREFERENCEMANUAL
timeserveraddressbyclickingtheNewEntrylinkatthebottomofthesection. PresstheSyncNowbuttontosynchronisethetime. Status:showsthedateandtimewhenthetimewaslastupdated. ClickontheediticonintheTimeServertabletomodifyanentry,orclickontheNewEntry hyperlinkortheaddicontoaddanentry.InbothcasesyouwillberoutedtotheTimeServer Settingsscreen(seesection9.2.2.1). PresstheOKbuttontoapplychangesandgobacktotheHomescreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheHomescreen. PresstheClockSetbuttontogototheClockSetscreen. PresstheRefreshbuttontoupdatethestatusandstayonthisscreen
9.2.2.1.
TimeServerSettings
ToaccesstheTimeServerSettingsscreen,clicktheNewEntryhyperlinkfromtheDateandTimescreen intheSystemarea.
GlobeSurferIIIPage84of180
TECHNICALREFERENCEMANUAL
9.2.2.2.
ClockSet
ToaccesstheClockSetscreen,clicktheClockSetbuttononDateandTimescreenintheSystemarea.
9.3.
Users
AccessthelistofdefinedremoteusersbyclickingtheUserstabintheSystemarea.
GlobeSurferIIIPage85of180
TECHNICALREFERENCEMANUAL
Foreachgroupthefollowingdataisdisplayed: Name Description Members Action:add,modifyordelete Click on the Microsoft File and Printer Sharing Access Permission hyperlink to be routed to the File ServerscreenofftheStoragetabintheServicesarea(seesection8.4.1). ClickonaspecificUserhyperlinkortheediticonintheUserstabletomodifyanentry,orclickonthe New User hyperlink or the add icon to add an entry. In both cases you will be routed to the User Settingsscreen(seesection9.3.1). ClickonaspecificGrouphyperlinkortheediticonintheGroupstabletomodifyanentry,orclickon theNewGrouphyperlinkortheaddicontoaddanentry.InbothcasesyouwillberoutedtotheGroup Settingsscreen(seesection9.3.2). PresstheClosebuttontogobacktothepreviousscreen.
9.3.1. UserSettings
ToaccesstheUserSettingsscreen,clickNewUserhyperlinkfromtheUsersscreenintheSystemarea.
Toconfigureusersettingsenterthefollowing:
GlobeSurferIIIPage86of180
TECHNICALREFERENCEMANUAL
General: FullName:theremoteusersfullname UserName:thenametheremoteuserwillusetoaccessyourlocalnetwork NewPassword:typeanewpasswordfortheremoteuser.Ifyoudonotwantto assignapasswordtotheremoteuserleavethisfieldempty.Thisfieldiscasesensitive. RetypeNewPassword:ifanewpasswordwasassigned,typeitagaintoverifycorrectness. Permissions:selectingtheremoteusersprivilegesonyourlocalnetwork: AdministratorPermissions:selectingthischeckboxgrantsremotesystemsetting modificationviathewebbasedmanagementconsoleortelnet WirelessPermissions:selectingthischeckboxgrantswirelesspermissions MicrosoftFileandPrinterSharingAccess:selectingthischeckboxgrantsaccessto Microsoftsfileandprintersharing. MicrosoftFileandPrinterSharingAccess:clickonthehyperlinkandyouwillberoutedto FileServerscreenofftheStoragetabintheServicesarea(seesection8.4.1). InternetPrinterAccess:selectingthischeckboxgrantsaccesstointernetprinters. InternetPrinterAccess:clickonthehyperlinkandyouwillbedirectedtothePrintServer screenofftheSharedPrinterstabintheLocalNetworkarea(seesection7.5). RemoteAccessbyVPN:selectingthischeckboxenablesremoteaccessbyVPN 802.1XAuthentication: AuthenticationMethod:chooseamethodfromthedropdownlistoptionsare: o None o MD5 o TLS o TTLS DiskManagement: EnableUserHomeDirectory:selectingthischeckboxenablestheusershomedirectory. EmailNotification: ClickheretoconfigurenotificationMailServer:clickonthehyperlinkandyouwillberoutedtothe SystemSettingsOverviewscreenofftheSettingstabintheSystemarea(seesection9.2.1). NotificationAddress:entertheappropriateaddress SystemsNotifyLevel:chooseamethodfromthedropdownlistoptionsare: o None o Error o Warning o Information SecurityNotifyLevel:chooseamethodfromthedropdownlistoptionsare: o None o Error o Warning o Information PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
GlobeSurferIIIPage87of180
TECHNICALREFERENCEMANUAL
9.3.2. GroupSettings
To access the Group Settings screen, click the New Group hyperlink from the Users screen in the Systemarea.
9.4.
NetworkConnections
GlobeSurferIIIPage88of180
TECHNICALREFERENCEMANUAL
ThissectiondescribesthedifferentnetworkconnectionsavailablewithGlobeSurferIIIintheirorderof appearanceintheNetworkConnectionsscreen,aswellastheconnectiontypesthatyoucancreate usingtheConnectionWizard. GlobeSurferIII'sdefaultnetworkconnectionsare: LANCreatingahome/SOHOnetwork LANBridge(seesection9.4.2) LANEthernet(seesection9.4.3) LANWireless(seesection9.4.4) WANInternetConnection WANCellular(seesection9.4.5) ThelogicalnetworkconnectionsavailablewithGlobeSurferIIIare: VirtualPrivateNetworkovertheInternet PointtoPointTunnelingProtocolVirtualPrivateNetwork Layer2TunnelingProtocoloverInternetProtocolSecurity InternetProtocolSecurity PointtoPointTunnelingProtocolServer Layer2TunnelingProtocolServer InternetProtocolSecurityServer AdvancedConnections PointtoPointProtocoloverEthernet NetworkBridging VLANInterface PointtoPointTunnelingProtocol PointtoPointTunnelingProtocolVirtualPrivateNetwork PointtoPointTunnelingProtocolServer Layer2TunnelingProtocol
GlobeSurferIIIPage89of180
TECHNICALREFERENCEMANUAL
9.4.1.
GlobeSurferIIIPage90of180
TECHNICALREFERENCEMANUAL
VPNClientorPointToPoint:selectingthisoptionwilltakeyoutotheVPNClientorPointToPoint screen. FromhereyoucanchooseoneofthefollowingprotocolstoconnecttoaremoteVPNserver: PointtoPointTunnelingProtocolVirtualPrivateNetwork(PPTPVPN):enablethesecure transferofdatatoanotherlocationovertheInternet,usingname/passwordauthentication Layer2TunnelingProtocoloverInternetProtocolSecurity(L2TPIPSecVPN):enablethesecure transferofdatatoanotherlocationovertheInternetusingprivateandpublickeysfor encryptionanddigitalcertificatesandusername/passwordforauthentication InternetProtocolSecurity(IPSec):enablethesecuretransferofdatatoanotherlocationover theInternetusingprivateandpublickeysforencryptionanddigitalcertificatesorsharedsecret forauthentication
VPNServer:selectingthisoptionwilltakeyoutotheVPNServerscreen.
GlobeSurferIIIPage91of180
TECHNICALREFERENCEMANUAL
GoingbacktotheConnectionWizardpage: AdvancedConnection:selectingthisoptionwilltakeyoutotheAdvancedConnectionscreen.This sectionisacentralstartingpointforalltheadvancedlogicalnetworkconnections.Inaddition,it providesthesequenceforcreatingtheNetworkBridgeandVLANInterfaceconnections. Fromhereyoucanchooseyourconnectiontype: PointtoPointProtocoloverEthernetServer(PPTPServer):connecttotheInternetusingaPPP tunnelovertheEthernetprotocol NetworkBridging:connectseparatenetworkinterfacestoformoneseamlessLAN VLANInterface:connecttoanexternalvirtualnetwork PointtoPointTunnelingProtocol(PPTP):connecttotheInternetusingaPPTPconnection PointtoPointTunnelingProtocolVirtualPrivateNetwork(PPTPVPN):enablesecuretransferof datatoanotherlocationovertheInternet,usingusername/passwordauthentication PointtoPointTunnelingProtocolServer(PPTPServer):enableVirtualPrivateNetwork(VPN) connectionstoyourhomenetworkfromotherlocations Layer2TunnelingProtocol(L2TP):connecttotheInternetusinganL2TPconnection Layer2TunnelingProtocoloverInternetProtocolSecurity(L2TPIPSecVPN):enablesecure transferofdatatoanotherlocationovertheInternet,usingprivateandpublickeysfor
GlobeSurferIIIPage92of180
TECHNICALREFERENCEMANUAL
encryptionanddigitalcertificatesandusername/passwordauthentication Layer2TunnelingProtocolServer(L2TPServer):enableVirtualPrivateNetwork(VPN) connectionstoyourhomenetworkfromotherlocations InternetProtocolSecurity(IPSec):enablesecuretransferofdatatoanotherlocationoverthe Internet,usingprivateandpublickeysforencryptionanddigitalcertificatesorsharedsecretfor authentication InternetProtocolSecurityServer(IPSecServer):enablesecureconnectionstoGlobeSurferIII fromotherlocations,usingprivateandpublickeysforencryptionanddigitalcertificatesor sharedsecretforauthentication InternetProtocoloverInternetProtocol(IPIP):enabletransferofdatatoanotherlocationover theInternet,usinganonencryptedvirtualprivatenetwork GeneralRoutingEncapsulation(GRE):enabletransferofdatatoanotherlocationoverthe Internet,usinganonencryptedvirtualprivatenetwork
How to configure a LAN Bridge will be described in section 9.4.2. For more information on how to configuretheotheradvancedconnections,pleasecontacttheOptioncustomersupportcentre.
9.4.2. LANBridge
GlobeSurferIIIPage93of180
TECHNICALREFERENCEMANUAL
AddaNewBridge:selectthisoptionandclickNext.AdifferentNetworkBridgingscreenwillappear allowingyoutoaddabridgeovertheunbridgedconnections,bycheckingtheirrespectivecheckboxes.
GlobeSurferIIIPage94of180
TECHNICALREFERENCEMANUAL
GlobeSurferIIIPage95of180
TECHNICALREFERENCEMANUAL
9.4.2.1.
General
GlobeSurferIIIPage96of180
TECHNICALREFERENCEMANUAL
9.4.2.2.
Settings
Thetoppartoftheconfigurationwindowdisplaysgeneralcommunicationparameters.Itisnot recommendedtochangethedefaultvaluesinthisscreenunlessyouarefamiliarwiththenetworking conceptstheyrepresent.Sinceyourgatewayisconfiguredtooperatewiththedefaultvalues,no parametermodificationisnecessary. Youcanviewandconfigurethefollowinggeneralconnectionsettings: General DeviceName:nameofLANbridge Status:optionsare: Connected Disconnected Schedule:thisdropdownlistcontainsscheduleinformation,optionsare: Always Network:thisdropdownlistshowsthenetworktypes,optionsare: LAN WAN DMZ ConnectionType:thiswillbeBridge PhysicalAddress:thephysicaladdressofthenetworkcardusedforyournetwork.Somecardsallow youtochangethisaddress. MTU:MaximumTransmissionUnit.ItspecifiesthelargestpacketsizepermittedforInternet transmission.Optionsfromthedropdownlistare: Automatic:thegatewaywillselectthebestMTUforyourInternetconnectionthisisthe defaultsetting AutomaticbyDHCP:thegatewaywillselectthebestMTUbyDHCP Manual:thisallowsyoutoenterthelargestpacketsizethatwillbetransmitted.The
GlobeSurferIIIPage97of180
TECHNICALREFERENCEMANUAL
recommendedsizeis1492.Youshouldleavethisvalueinthe1200to1500range. InternetProtocolpleasenotethataccordingtotheselectionyoumakeintheInternetProtocoldrop downlist,thescreenwillrefreshanddisplayrelevantconfigurationsettings. InternetProtocoldropdownlist:selectoneofthefollowingoptions: NoIPAddress:selectifyourequirethisconnectiontohavenoIPaddress. ObtainanIPAddressAutomatically:selectifyourequirethisconnectiontotrytoobtainitsIP addressfromaDHCPserver. UsetheFollowingIPAddress:theLANconnectionisusuallyconfiguredusingapermanent (static)IPaddress.Yourserviceprovidershouldprovideyouwiththisaddressandsubnetmask. IPAddress:entertheIPaddressprovidedbyyourserviceprovider SubnetMask:enterthesubnetmask DNSServerpleasenotethataccordingtotheselectionyoumakeintheDNSServerdropdownlist,the screenwillrefreshanddisplayrelevantconfigurationsettings. DNSServerdropdownlist:selectoneofthefollowingoptions: NoDNSServer:selectifyourequirethisconnectiontohavenoDNSServer. UsetheFollowingDNSServerAddresses:itispossibletospecifyIPaddressesofprimaryand secondaryDNSserversif,forinstance,localdomainnamesshouldbehandledbylocalname servers.NotethatfortheCellularWANinterface,DNSserversareconfiguredseparately. PrimaryDNSServer:enterserveraddress SecondaryDNSServer:enterserveraddress IPAddressDistributionthissectionallowsyoutoconfigurethegateway'sDynamicHostConfiguration Protocol(DHCP)serverparameters.TheDHCPautomaticallyassignsIPaddressestonetworkPCs.Ifyou enablethisfeature,makesurethatyoualsoconfigureyournetworkPCsasDHCPclients. IPAddressDistributiondropdownlist:selectoneofthefollowingoptions: Disabled:selectifyouwouldliketoassignIPaddressestoyournetworkcomputersstatically. DHCPServer:selectifyouaregoingtoprovidetherangeofIPaddressestoassign. DHCPRelay:yourgatewaycanactasaDHCPrelayincaseyouwouldliketodynamicallyassign IP addresses from a DHCP server other than your gateway's DHCP server. Note that when selectingthisoptionyoumustalsochangeGlobeSurferIII'sWANtoworkinroutingmode. StartIPAddress:thefirstIPaddressthatmaybeassignedtoaLANhost.Sincethegateway'sdefault IPaddressis192.168.1.1,thisaddressmustbe192.168.1.2orgreater. EndIPAddress:thelastIPaddressintherangethatcanbeusedtoautomaticallyassignIP addressestoLANhosts. SubnetMask:amaskusedtodeterminetowhatsubnetanIPaddressbelongs.Anexampleofa subnetmaskvalueis255.255.0.0. LeaseTimeinMinutes:eachdevicewillbeassignedanIPaddressbytheDHCPserverforthis amountoftime,whenitconnectstothenetwork.Whentheleaseexpires,theserverwill determineifthecomputerhasdisconnectedfromthenetwork.Ifithas,theservermayreassign thisIPaddresstoanewlyconnectedcomputer.ThisfeatureensuresthatIPaddressesthatarenot inusewillbecomeavailableforothercomputersonthenetwork. ProvideHostNameIfNotSpecifiedbyClient:clickthischeckboxifyouwouldlikethegatewayto assignahostnameautomaticallyfortheDHCPclientifitdoesnthaveone
GlobeSurferIIIPage98of180
TECHNICALREFERENCEMANUAL
9.4.2.3.
Routing
Youcanchoosetosetupyourgatewaytousestaticordynamicrouting.Dynamicroutingautomatically adjusts how packets travel on the network, whereas static routing specifies a fixed routing path to
GlobeSurferIIIPage99of180
TECHNICALREFERENCEMANUAL
neighboringdestinations. Device Metric The device metric is a value used by the gateway to determine whether one route is superiortoanother,consideringparameterssuchasbandwidth,delay,andmore. DefaultRouteSelectthischeckboxtodefinethisdeviceasthedefaultroute. MulticastIGMPProxyInternalIGMPproxyenablesthesystemtoissueIGMPhostmessagesonbehalf ofhoststhatthesystemdiscoveredthroughstandardIGMPinterfaces.IGMPproxyenablestherouting of multicast packets according to the IGMP requests of LAN devices asking to join multicast groups. SelecttheMulticastIGMPProxyInternalcheckboxtoenablethisfeature. Routing Information Protocol (RIP) Select this check box to enable the Routing Information Protocol (RIP).RIPdeterminesaroutebasedonthesmallesthopcountbetweensourceanddestination.When RIPisenabled,selectthefollowing: ListentoRIPmessagesselectNone,RIPv1,RIPv2orRIPv1/2. SendRIPmessagesselectNone,RIPv1,RIPv2broadcastorRIPv2multicast. RoutingTableAllowsyoutoaddormodifyrouteswhenthisdeviceisactive.UsetheNewRoutebutton toaddarouteoreditexistingroutes.
9.4.2.4.
Bridging
ThebridgesectionallowsyoutospecifytheLANdevicesthatyouwouldliketojoinunderthenetwork bridge. SelecttheSTPcheckboxtoenabletheSpanningTreeProtocolonthedevice.Youshouldusethisto ensure that there are no loops in your network configuration, and apply these settings in case your networkconsistsofmultipleswitches,orotherbridgesapartfromthosecreatedbythegateway.
GlobeSurferIIIPage100of180
TECHNICALREFERENCEMANUAL
9.4.2.5.
Advanced
Your gateway's firewall helps protect your computer by preventing unauthorized users from gaining access to it through a network such as the Internet. The firewall can be activated per network connection. Toenablethefirewallonthisnetworkconnection,selecttheEnabledcheckbox. Youcanaddaliasnames(additionalIPaddresses)tothegatewaybyclickingtheNewIPAddresslink. Thisenablesyoutoaccessthegatewayusingthesealiasesinadditiontothe192.168.1.1.
9.4.3. LANEthernet
A LAN Ethernet connection connects computers to GlobeSurfer III using Ethernet cables, either directlyorvianetworkhubsandswitches. NotethatavailableconfigurationoptionsmayvarydependingoniftheLANEthernetinterfaceispartof abridgeornot.
GlobeSurferIIIPage101of180
TECHNICALREFERENCEMANUAL
9.4.3.1.
General
9.4.3.2.
Settings
The top part of the configuration window displays general communication parameters. It is recommended not to change the default values in this screen unless you are familiar with the networking concepts they represent. Since your gateway is configured to operate with the default values, no parameter modification is necessary. You can configure the following general connection settings: Physical Address The physical address of the network card used for your network. Some cards allow youtochangethisaddress. MTUMTUistheMaximumTransmissionUnit.ItspecifiesthelargestpacketsizepermittedforInternet transmission. Manual, allows you to enter the largest packet size that will be transmitted. The
GlobeSurferIIIPage102of180
TECHNICALREFERENCEMANUAL
recommendedsize,is1492.Youshouldleavethisvalueinthe1200to1500range.Tohavethegateway selectthebestMTUforyourInternetconnection,selectAutomatic(defaultsetting).
9.4.3.3.
Advanced
Your gateway's firewall helps protect your computer by preventing unauthorized users from gaining access to it through a network such as the Internet. The firewall can be activated per network connection. Toenablethefirewallonthisnetworkconnection,selectthecheckbox. Youcanaddaliasnames(additionalIPaddresses)tothegatewaybyclickingtheNewIPAddresslink. Thisenablesyoutoaccessthegatewayusingthesealiasesinadditiontothe192.168.1.1.
9.4.4. LANWireless
The LAN Wireless interface in the GlobeSurfer III provides wireless connectivity for IEEE 802.11b/g equippedWLANclients.GlobeSurferIIIintegratesmultiplelayersofsecurity.TheseincludetheIEEE 802.1xportbasedauthenticationprotocol,RADIUSclient,EAPMD5,EAPTLS,EAPTTLS,EAPPEAP,Wi Fi Protected Access (WPA) and industry leading GlobeSurfer III Firewall and VPN applications. In addition, GlobeSurfe's builtin authentication server enables home/SOHO users to define authorized wirelessuserswithouttheneedforanexternalRADIUSserver. ToconfiguretheLANWirelessconnection: ClicktheNetworkConnectionstab,theNetworkConnectionsscreenwillappear.Clickthewireless connectionlink(oritsEditactionbutton)toviewitsproperties.TheLANWirelessPropertiesscreen willappear.
GlobeSurferIIIPage103of180
TECHNICALREFERENCEMANUAL
9.4.4.1.
General
9.4.4.2.
Settings
The top part of the configuration window displays general communication parameters. It is recommended not to change the default values in this screen unless you are familiar with the networking concepts they represent. Since your gateway is configured to operate with the default values, no parameter modification is necessary. You can configure the following general connection settings: Physical Address The physical address of the network card used for your network. Some cards allow youtochangethisaddress. MTUMTUistheMaximumTransmissionUnit.ItspecifiesthelargestpacketsizepermittedforInternet transmission. Manual, allows you to enter the largest packet size that will be transmitted. The recommendedsize,is1492.Youshouldleavethisvalueinthe1200to1500range.Tohavethegateway
GlobeSurferIIIPage104of180
TECHNICALREFERENCEMANUAL
selectthebestMTUforyourInternetconnection,selectAutomatic(defaultsetting).
9.4.4.3.
Wireless
Thewirelessaccesspointsettingsare:SSIDTheSSIDisthenetworknamesharedamongallpointsina wirelessnetwork.TheSSIDmustbeidenticalforallpointsinthewirelessnetwork.Itiscasesensitive andmustnotexceed32characters(useanyofthecharactersonthekeyboard).Makesurethissetting isthesameforallpointsinyourwirelessnetwork.Foraddedsecurity,youshouldchangethedefault SSIDtoauniquename.SSIDBroadcastSelectthischeckboxtoenabletheSSID'sbroadcast.SSID broadcastisusedinordertohidethenameoftheAP(SSID)fromclientsthatshouldnotbeawaretoits existence.802.11ModeSelecttheWirelesscommunicationstandardthatiscompatiblewithyouPC's wirelesscard.Youcanworkineither802.11g,802.11borinmixedmode.ChannelSelectthe appropriatechannelfromthelistprovidedtocorrespondwithyournetworksettings.Alldevicesin yourwirelessnetworkmustbebroadcastondifferentchannelsinordertofunctioncorrectly.Frame BurstFrameBurstingisamethodtoincreasethespeedof802.11gbasedwirelessnetworksby unwrappingshort802.11gpacketsandrebundlingthemintoalargerpackettoreducetheimpactof mandatorygapsbetweenpackets.Ifyouareexperiencingproblemswithyourwirelessconnection,try todisableFrameBurst.NetworkAuthenticationTheWPAnetworkauthenticationmethodisOpen SystemAuthentication,meaningthatanetworkkeyisnotusedforauthentication.Whenusingthe 802.1XWEPorNon802.1XWEPsecurityprotocols,thisfieldchangestoacombobox,offeringthe SharedKeyAuthenticationmethod(whichusesanetworkkeyforauthentication),orbothmethods combined.TransmissionRateThetransmissionrateissetaccordingtothespeedofyourwireless connection.Selectthetransmissionratefromthedropdownlist,orselectAutotohaveGlobeSurfer
GlobeSurferIIIPage105of180
TECHNICALREFERENCEMANUAL
IIIautomaticallyusethefastestpossibledatatransmissionrate.CTSProtectionModeCTSProtection Modeboostsyourgateway'sabilitytointerceptWirelessGand802.11btransmissions.Conversely,CTS ProtectionModedecreasesperformance.Leavethisfeaturedisabledunlessyouencountersevere communicationdifficultiesbetweenthegatewayandWirelessGproducts.CTSProtectionTypeCTS ProtectionTypedefinesiftheCTSProtectionModedefinedaboveshoulduseCTSonlyorbothRTS/CTS. BeaconIntervalAbeaconisapacketbroadcastbyGlobeSurferIIItosynchronizethewireless network.TheBeaconIntervalvalueindicateshowoftenthebeaconissent.DTIMIntervalTheDelivery TrafficIndicationMessage(DTIM)isacountdownvaluethatinformswirelessclientsofthenext opportunitytoreceivemulticastandbroadcastmessages.Thisvaluerangesbetween1and16384. FragmentationThresholdPacketsthatarelargerthanthisthresholdarefragmentedintomultiple packets.Trytoincreasethefragmentationthresholdifyouencounterhighpacketerrorrates.Donot setthethresholdtoolow,sincethiscanresultinreducednetworkingperformance.RTSThreshold GlobeSurferIIIsendsRequesttoSend(RTS)packetstotheWirelessclientinordertonegotiatethe dispatchingofdata.TheWirelessclientrespondswithaCleartoSend(CTS)packet,signalingthat transmissioncancommence.Incasepacketsaresmallerthanthepresetthreshold,theRTC/CTS mechanismisnotactive.Ifyouencounterinconsistentdataflow,tryaminorreductionoftheRTS thresholdsize.MACFilteringModeYoucanfilterwirelessusersaccordingtotheirMACaddress,either allowingordenyingaccess.Choosetheactiontobeperformedbyselectingitfromthedropdown menu.ThenusetheMACFilteringSettingsoptiontoaddandremoveMACAddressestothelistof allowedordeniedclients. Toconfigureyourwirelesssecurity,enablethisfeaturebycheckingitsEnabledcheckboxonthe ConfigureLANWirelessAccessPointscreen.Thescreenwillrefresh,displayingthewirelesssecurity options.ClickApplytoifyouwishtosavethischange. StationsSecurityTypeSelectthetypeofsecurityprotocolforsecuringyourwirelessnetwork.Choose betweenWPA,WPA2,WPAandWPA2,802.1xWEP,andNon802.1xWEP.Thescreenwillrefresh, presentingeachprotocol'sconfigurationrespectively. WPAadataencryptionmethodfor802.11wirelessLANs. AuthenticationMethodSelecttheauthenticationmethodyouwouldliketo use.YoucanchoosebetweenPreSharedKeyand802.1x. PreSharedKeyThisentryappearsonlyifyouhadselectedthis authenticationmethod.EnteryourencryptionkeyinthePreSharedKeyfield. YoucanuseeitheranASCIIoraHexvaluebyselectingthevaluetypeinthecomboboxprovided. EncryptionAlgorithmSelectwhethertousetheTemporalKeyIntegrityProtocol(TKIP)ortheAdvanced EncryptionStandard(AES)fortheencryptionalgorithm.GroupKeyUpdateIntervalDefinesthetime intervalinsecondsforupdatingagroupkey. WPA2anenhancedversionofWPA,anddefinesthe802.11iprotocol. AuthenticationMethodSelecttheauthenticationmethodyouwouldliketo use.YoucanchoosebetweenPreSharedKeyand802.1x. PreSharedKeyThisentryappearsonlyifyouhadselectedthis authenticationmethod.EnteryourencryptionkeyinthePreSharedKeyfield.
GlobeSurferIIIPage106of180
TECHNICALREFERENCEMANUAL
YoucanuseeitheranASCIIoraHexvaluebyselectingthevaluetypeinthe comboboxprovided. EncryptionAlgorithmTheencryptionalgorithmusedforWPA2isthe AdvancedEncryptionStandard(AES). GroupKeyUpdateIntervalDefinesthetimeintervalinsecondsfor updatingagroupkey. WPAandWPA2MixedModeamixeddataencryptionmode. AuthenticationMethodSelecttheauthenticationmethodyouwouldliketo use.YoucanchoosebetweenPreSharedKeyand802.1x. PreSharedKeyThisentryappearsonlyifyouhadselectedthis authenticationmethod.EnteryourencryptionkeyinthePreSharedKeyfield. YoucanuseeitheranASCIIoraHexvaluebyselectingthevaluetypeinthe comboboxprovided. EncryptionAlgorithmTheencryptionalgorithmusedforWPAandWPA2isaeithertheTemporalKey IntegrityProtocol(TKIP)ortheAdvancedEncryptionStandard(AES).GroupKeyUpdateInterval Definesthetimeintervalinsecondsforupdatingagroupkey. 802.1xWEPadataencryptionmethodutilizingastaticallyorautomaticallydefinedkeyfor wirelessclientsthatuse802.1xforauthenticationandWEPforencryption.Youmaydefineupto fourkeysbutuseonlyoneatatime. GenerateKeysAutomaticallySelectthisoptiontogeneratetheencryption keysautomaticallyratherthanenteringthemmanually.Thescreenwillrefresh, hidingthetableofkeysdescribedbelow. GroupKeyUpdateIntervalDefinesthetimeintervalinsecondsfor updatingagroupkey. ActiveSelecttheencryptionkeytobeactivated. EncryptionKeyTypetheencryptionkeyuntiltheentirefieldisfilled.The keycannotbeshorterthanthefield'slength. FormatSelectthecharactertypeforthekey:HexorASCII. KeyLengthSelectthekeylengthinbits:40or104bits. The encryption key must be defined in the wireless Windows client as well. This is done in the Connection Properties Configuration window. If you have manually defined the encryption key, you mustalsospecifyitinthiswindow.Ifyouhavechosentheautomatickeygeneration,checktheThe keyisprovidedformeautomaticallycheckboxinstead.
GlobeSurferIIIPage107of180
TECHNICALREFERENCEMANUAL
1 IntheNetworkAuthenticationcombobox,selectShared. 2 IntheDataEncryptioncombobox,selectWEP. 3 EnteryourencryptionkeyinboththeNetworkkeyandtheConfirmnetworkkeyfields. Non802.1x WEP a data encryption method utilizing a staticallydefined key for wireless clients thatdonotuse802.1xforauthenticationbutWEPforencryption. This method's configuration is virtually identical to the 802.1x WEP method described above, excluding the automatic key generation and the group key update interval specification. Please refertothe802.1xWEPsectionabovewhenconfiguringthismethod.Rememberthatthestatickey mustbedefinedinthewirelessWindowsclientaswell. SelectoneofthefollowingInternetProtocoloptionsfromtheInternetProtocoldropdownmenu: NoIPAddress ObtainanIPAddressAutomatically UsetheFollowingIPAddress Pleasenotethataccordingtotheselectionyoumakeinthe'InternetProtocol'dropdownmenu,the screenwillrefreshanddisplayrelevantconfigurationsettings. NoIPAddressSelectNoIPAddressifyourequirethatthisconnectionwillhavenoIPaddress.
GlobeSurferIIIPage108of180
TECHNICALREFERENCEMANUAL
ObtainAddressAutomaticallySelectObtainAddressAutomaticallyifyourequirethatthisconnection willtrytoobtainitsIPaddressfromaDHCPserver. UsetheFollowingIPAddressTheLANconnectionisusuallyconfiguredusingapermanent(static)IP address.Yourserviceprovidershouldprovideyouwiththisaddress,andsubnetmask. ItispossibletospecifyIPaddressesofprimaryandsecondaryDNSserversifforinstancelocaldomain namesshouldbehandledbylocalnameservers.NotethatfortheCellularWANinterface,DNSservers areconfiguredseparately. TheIPAddressDistributionsectionallowsyoutoconfigurethegateway'sDynamicHostConfiguration Protocol(DHCP)serverparameters.TheDHCPautomaticallyassignsIPaddressestonetworkPCs.Ifyou enablethisfeature,makesurethatyoualsoconfigureyournetworkPCsasDHCPclients. SelectoneofthefollowingoptionsfromtheIPAddressDistributioncombobox: DHCPServerStartIPAddressThefirstIPaddressthatmaybeassignedtoaLANhost.Sincethe gateway'sdefaultIPaddressis192.168.1.1,thisaddressmustbe 192.168.1.2orgreater. End IP Address The last IP address in the range that can be used to automatically assign IP addressestoLANhosts. SubnetMaskAmaskusedtodeterminetowhatsubnetanIPaddressbelongs.Anexampleofa subnetmaskvalueis255.255.0.0. WINS server If you use a Windows Internet Naming Service (WINS), specify the WINS server addressinthisfield. LeaseTimeInMinutesEachdevicewillbeassignedanIPaddressbytheDHCPserverforathis amount of time, when it connects to the network. When the lease expires the server will determineifthecomputerhasdisconnectedfromthenetwork.Ifithas,theservermayreassign thisIPaddresstoanewlyconnectedcomputer.ThisfeatureensuresthatIPaddressesthatare notinusewillbecomeavailableforothercomputersonthenetwork. ProvideHostNameIfNotSpecifiedbyClientIftheDHCPclientdoesnothaveahostname,the gatewaywillautomaticallyassignoneforhim. DHCPRelayYourgatewaycanactasaDHCPrelayincaseyouwouldliketodynamicallyassignIP addressesfromaDHCPserverotherthanyourgateway'sDHCPserver.Notethatwhenselecting thisoptionyoumustalsochangeGlobeSurferIII'sWANtoworkinroutingmode. 7. AfterselectingDHCPRelayfromthedropdownmenu,aNewIPAddresslinkwillappear: ClicktheNewIPAddresslink.TheDHCPRelayServerAddressscreenwillappear:
GlobeSurferIIIPage109of180
TECHNICALREFERENCEMANUAL
1 SpecifytheIPaddressoftheDHCPserver. 2 ClickOKtosavethesettings. DisabledSelectDisabledfromthecomboboxifyouwouldliketostaticallyassignIPaddressesto yournetworkcomputers. Youcanchoosetosetupyourgatewaytousestaticordynamicrouting.Dynamicroutingautomatically adjusts how packets travel on the network, whereas static routing specifies a fixed routing path to neighboringdestinations. Device Metric The device metric is a value used by the gateway to determine whether one route is superiortoanother,consideringparameterssuchasbandwidth,delay,andmore. DefaultRouteSelectthischeckboxtodefinethisdeviceasthedefaultroute. MulticastIGMPProxyInternalIGMPproxyenablesthesystemtoissueIGMPhostmessagesonbehalf ofhoststhatthesystemdiscoveredthroughstandardIGMPinterfaces.IGMPproxyenablestherouting of multicast packets according to the IGMP requests of LAN devices asking to join multicast groups. SelecttheMulticastIGMPProxyInternalcheckboxtoenablethisfeature. Routing Information Protocol (RIP) Select this check box to enable the Routing Information Protocol (RIP).RIPdeterminesaroutebasedonthesmallesthopcountbetweensourceanddestination.When RIPisenabled,selectthefollowing: ListentoRIPmessagesselectNone,RIPv1,RIPv2orRIPv1/2. SendRIPmessagesselectNone,RIPv1,RIPv2broadcastorRIPv2multicast. RoutingTableAllowsyoutoaddormodifyrouteswhenthisdeviceisactive.UsetheNewRoutebutton toaddarouteoreditexistingroutes.
9.4.4.4.
Advanced
Your gateway's firewall helps protect your computer by preventing unauthorized users from gaining access to it through a network such as the Internet. The firewall can be activated per network connection. Toenablethefirewallonthisnetworkconnection,selecttheEnabledcheckbox. Youcanaddaliasnames(additionalIPaddresses)tothegatewaybyclickingtheNewIPAddresslink. Thisenablesyoutoaccessthegatewayusingthesealiasesinadditiontothe192.168.1.1.
9.4.5. WANCellular
TheWANCellularconnectionconnectstheGlobeSurferIIItotheInternetandothernetworksthrough
GlobeSurferIIIPage110of180
TECHNICALREFERENCEMANUAL
theGSMandUMTSmobiletelecommunicationsstandards.TheWANCellularPropertiesscreendisplays asummaryoftheconnectionproperties.
9.4.5.1.
General
9.4.5.2.
Settings
GlobeSurferIIIPage111of180
TECHNICALREFERENCEMANUAL
The top part of the configuration window displays general communication parameters. It is recommended not to change the default values in this screen unless you are familiar with the networking concepts they represent. Since your gateway is configured to operate with the default values, no parameter modification is necessary. You can configure the following general connection settings: MTUMTUistheMaximumTransmissionUnit.ItspecifiesthelargestpacketsizepermittedforInternet transmission. Manual, allows you to enter the largest packet size that will be transmitted. The recommendedsize,is1492.Youshouldleavethisvalueinthe1200to1500range.Tohavethegateway selectthebestMTUforyourInternetconnection,selectAutomatic(defaultsetting). SelectoneofthefollowingInternetProtocoloptionsfromtheInternetProtocoldropdownmenu: NoIPAddress ObtainanIPAddressAutomatically UsetheFollowingIPAddress Please note that according to the selection you make in the Internet Protocol drop down menu, the screenwillrefreshanddisplayrelevantconfigurationsettings. NoIPAddressSelectNoIPAddressifyourequirethatthisconnectionwillhavenoIPaddress. ObtainAddressAutomaticallySelectObtainAddressAutomaticallyifyourequirethatthisconnection willtrytoobtainitsIPaddressfromaDHCPserver. UsetheFollowingIPAddressTheLANconnectionisusuallyconfiguredusingapermanent(static)IP address.Yourserviceprovidershouldprovideyouwiththisaddress,andsubnetmask. ItispossibletospecifyIPaddressesofprimaryandsecondaryDNSserversifforinstancelocaldomain namesshouldbehandledbylocalnameservers.NotethatfortheCellularWANinterface,DNSservers areconfiguredseparately. If the Internet Protocol setting mentioned above is set to Obtain an IP address automatically, then thereisalsoanoptiontoconfiguretheDNSServersettingtoobtainDNSServersettingsautomatically.
GlobeSurferIIIPage112of180
TECHNICALREFERENCEMANUAL
9.4.5.3.
Routing
Youcanchoosetosetupyourgatewaytousestaticordynamicrouting.Dynamicroutingautomatically adjusts how packets travel on the network, whereas static routing specifies a fixed routing path to neighboringdestinations. RoutingModeWhenAdvancedroutingisselected,selectoneofthefollowing Routingmodes:RouteUseroutemodeifyouwantyourGlobeSurferIIItofunctionasarouter betweentwonetworks. NAPT Network Address and Port Translation (NAPT) refers to network address translation involvingthemappingofportnumbers,allowingmultiplemachinestoshareasingleIPaddress. Use NAPT if your LAN encompasses multiple devices, a topology that necessitates port translationinadditiontoaddresstranslation.DeviceMetricThedevicemetricisavalueusedby the gateway to determine whether one route is superior to another, considering parameters suchasbandwidth,delay,andmore. DefaultRouteSelectthischeckboxtodefinethisdeviceasthedefaultroute. MulticastIGMPProxyInternalIGMPproxyenablesthesystemtoissueIGMPhostmessagesonbehalf ofhoststhatthesystemdiscoveredthroughstandardIGMPinterfaces.IGMPproxyenablestherouting of multicast packets according to the IGMP requests of LAN devices asking to join multicast groups. SelecttheMulticastIGMPProxyInternalcheckboxtoenablethisfeature. Routing Information Protocol (RIP) Select this check box to enable the Routing Information Protocol (RIP).RIPdeterminesaroutebasedonthesmallesthopcountbetweensourceanddestination.When RIPisenabled,selectthefollowing: ListentoRIPmessagesselectNone,RIPv1,RIPv2orRIPv1/2.
GlobeSurferIIIPage113of180
TECHNICALREFERENCEMANUAL
SendRIPmessagesselectNone,RIPv1,RIPv2broadcastorRIPv2multicast. Routing Table Allows you to add or modify routes when this device is active. Use the 'New Route' buttontoaddarouteoreditexistingroutes.
9.4.5.4.
Advanced
Your gateway's firewall helps protect your computer by preventing unauthorized users from gaining access to it through a network such as the Internet. The firewall can be activated per network connection. Toenablethefirewallonthisnetworkconnection,selectthe'Enabled'checkbox.
9.4.6. ConfiguringyourWirelessWindows XPclients
IfyourPChaswirelesscapabilities,Microsoft Windows XPwillautomaticallyrecognizethisandcreate awirelessconnectionforyou.YoucanviewthisconnectionunderWindow'sNetworkConnections. Note:ThefollowingdescriptionandimagesareinaccordancewithMicrosoft Windows XP,Version 2002,runningServicePack2. 1 OpenyourNetworkConnectionswindowfromWindow 'sControlPanel. 2 Doubleclickthewirelessconnectionicon.TheWirelessNetworkConnectionscreenwillappear, displayingallavailablewirelessnetworksinyourvicinity.Ifyourgatewayisconnectedandactive, youwillseeGlobeSurferIII'swirelessconnection.Notethattheconnection'sstatusisNot connectedanddefinedasUnsecuredwirelessnetwork.
GlobeSurferIIIPage114of180
TECHNICALREFERENCEMANUAL
3 ClicktheconnectiononcetomarkitandthenpresstheConnectbuttonatthebottomofthe screen.Aftertheconnectionisestablished,itsstatuswillchangetoConnected:
GlobeSurferIIIPage115of180
TECHNICALREFERENCEMANUAL
An icon will appear in the notification area, announcing the successful initiation of the wireless connection.
YoucannowuseGlobeSurferIII'swirelessnetworkfromtheconfiguredPC.However,socananyother userwithawirelessPC,whichhappenstobeinyournetwork'sradiorange.Suchauserhasaccessto any disk shares available in your network. To prevent this scenario, the next logical step is to secure yourwirelessnetwork,allowingonlyspecificuserstoconnect.
GlobeSurferIIIPage116of180
TECHNICALREFERENCEMANUAL
9.5.
Monitor
ToaccesstheNetworkConnectionsscreen,clicktheNetworktabatthetoprighthandsideofthe MonitorscreenintheSystemarea.
Thisscreendisplaysatablesummarizingthemonitoredconnectiondata.GlobeSurferIIIconstantly monitorstrafcwithinthelocalnetworkandbetweenthelocalnetworkandtheInternet.Youcanview statisticalinformationaboutdatareceivedfromandtransmittedtotheInternet(WAN)andto computersinthelocalnetwork(LAN). Click on the LAN Bridge hyperlink to be routed to the LAN Bridge Properties screen in the Network ConnectionstabintheSystemarea(seesection9.4.2) ClickontheLANEthernethyperlinktoberoutedtotheLANEthernetPropertiesscreenintheNetwork ConnectionstabintheSystemarea(seesection9.4.3)
GlobeSurferIIIPage117of180
TECHNICALREFERENCEMANUAL
Click on the LAN Wireless 802.1g Access Point hyperlink to be routed to the LAN Wireless 802.11g AccessPointPropertiesscreenintheNetworkConnectionstabintheSystemarea(seesection9.4.4) ClickontheWANCellularhyperlinktoberoutedtotheWANCellularPropertiesscreenintheNetwork ConnectionstabintheSystemarea(seesection9.4.5) ClickontheIPAddressDistributionhyperlinktoberoutedtotheIPAddressDistributionscreeninthe NetworkConnectionstabintheServices(seesection8.6.2) PresstheClosebuttontogototheHomescreen. PresstheAutomaticRefreshOffbuttontokeepthescreenasitisandnotconstantlyupdate. PresstheAutomaticRefreshOnbuttontoconstantlyupdatethedisplayedparameters. PresstheResetStatisticsbuttontoresettheReceivedbytes(MB),Sentbytes(MB),ReceivedPackets, SentPackets,Receivedbytes,Sentbytes,ReceiveErrors,ReceiveDropsandCurrentconnectiontime fieldstozero. PresstheRefreshbuttontoupdatethedisplaymanually.
9.5.2. CPU
To access the CPU screen, click the CPU tab at the top right hand side of the Monitor screen in the Systemarea.
GlobeSurferIIIPage118of180
TECHNICALREFERENCEMANUAL
PresstheRefreshbuttontorefreshthescreenmanually.
9.5.3. SystemLog
ToaccesstheSystemLogscreen,clicktheLogtabatthetoprighthandsideoftheMonitorscreenin theSystemarea.
Thisscreendisplaysthesystemlog.Filtersonthelogaredisplayedandcanbeadded,modifiedand deleted.Foreachfilterthefollowingdataisshown: Component:componentsthefilterappliesto:choosefromthedropdownlist Severity:eventsofthisseverityorhigherwillappearinthelog:choosefromthedropdownlist: o None o Emergency o Alert o Critical o Error o Warning o Notice o Information o Debug Action:add,modifyordelete ClicktheNewFilterhyperlinktoaddanewfilter. PresstheApplyFiltersbuttontoapplythefiltersyouhavesetup,tothelog. PresstheResetFiltersbuttontodeleteallfilters. Foreachlogentrythefollowingdataisshown: Time:dateandtimestamp Component:areaofsystemwhereeventhappened Severity:levelofseverityoflogentry Details:descriptionoflogentry.Warningsareshowninorange.Errorsareshowninred.
GlobeSurferIIIPage119of180
TECHNICALREFERENCEMANUAL
9.6.
Routing
ToaccesstheGeneral/Routingscreen,clicktheGeneraltabatthetoprighthandsideoftheRouting screenintheSystemarea.
GlobeSurferIIIPage120of180
TECHNICALREFERENCEMANUAL
Youcanadd,editanddeleteroutingrulesfromtheroutingtablein themannerdescribedinsection3.3. ClicktheNewRouteicontogototheRouteSettingsscreen(seesection9.6.1.1) Thefollowingdatacanbemodified: Routing Information Protocol (RIP): select this checkbox in order to enable connections previously defined to use RIP. If this checkbox is not selected, RIP will be disabled for all connections,includingthosedefinedtouseRIP. o PoisonReverse:selectthischeckboxsetPoisonReverse o Do not Advertise Direct Connected Routes: select this checkbox if you do not wish to advertisedirectconnectedroutes Internet Group Management Protocol (IGMP): GlobeSurfer III provides support for IGMP multicasting,whichallowshostsconnectedtoanetworktobeupdatedwheneveranimportant changeoccursinthenetwork.Amulticastissimplyamessagethatissentsimultaneouslytoa predefinedgroupofrecipients.Whenyoujoinamulticastgroupyouwillreceiveallmessages addressedtothegroup,muchlikewhathappenswhenanemailmessageissenttoamailing list.IGMPmulticastingmaybeusefulwhenconnectedtotheInternetthrougharouter.When an application running on a LAN computer sends out a request to join a multicast group, GlobeSurferIIIwilllistenandinterceptthisgroup'smessages,sendingthemtothesubscribed application.Selectthischeckboxtoenablethisfeature. o IGMPFastLeave:selectthischeckboxtosetIGMPFastLeave o IGMPMulticasttoUnicast:selectthischeckboxtosetIGMPMulticasttoUnicast
Domain Routing: when GlobeSurfer III's DNS server receives a reply from an external DNS
GlobeSurferIIIPage121of180
TECHNICALREFERENCEMANUAL
9.6.1.1.
RouteSettings
Whenaddingaroutingrule,youneedtospecify: Name:selectthetypeofnetworkdevice(LANBridgeorWANCellular). Destination:thedestinationisthedestinationhost,subnetaddress,networkaddress, ordefaultroute.Thedestinationforadefaultrouteis0.0.0.0. Netmask:thenetworkmaskisusedinconjunctionwiththedestinationtodetermine whenarouteisused. Gateway:entertheIPaddressoftheGlobeSurferIII. Metric:ameasurementofthepreferenceofaroute.Typically,thelowestmetricisthe mostpreferredroute.Ifmultipleroutesexisttoagivendestinationnetwork,theroute withthelowestmetricisused.
GlobeSurferIIIPage122of180
TECHNICALREFERENCEMANUAL
9.6.2. BGPandOSPF
To access the BGP and OSPF screen, click the BGP and OSPF tab at the top right hand side of the RoutingscreenintheSystemarea.
GlobeSurferIIIPage123of180
TECHNICALREFERENCEMANUAL
9.6.3. PPPoERelay
ToaccessthePPPoEscreen,clickthePPPoEtabatthetoprighthandsideoftheRoutingscreeninthe Systemarea.
Thefollowingdatacanbemodified: PointtoPoint Protocol over Ethernet (PPPoE): select this checkbox to enable PPPoE. This is a specificationforconnectingusersonanEthernetnetworktotheInternetbyusingabroadband connection(typicallythroughaDSLmodem).
9.7.
Management
ToaccesstheUPnPscreen,clicktheUniversalPlugandPlaytabatthetoprighthandsideofthe ManagementscreenintheSystemarea.
GlobeSurferIIIPage124of180
TECHNICALREFERENCEMANUAL
Thefollowingdatacanbemodified: AllowOtherNetworkUserstoControlGlobeSurferIIIsNetworkFeatures:selectthischeckbox toenabletheUPnPfeature.ThiswillenableyoutodefineUPnPservicesonanyLANhost. Enable Automatic Cleanup of Old Unused UPnP Services: select this checkbox to enable automatic cleanup of invalid rules. When enabled, this feature checks validity of all the UPnP servicesandrulesevery5minutes.AnyUPnPdefinedservicethatisfoundtobeoldandnotin useisremoved,unlessanyuserdefinedrule(seeSecurityscreen)dependsonit.Thisfeatureis disabled by default. Since there is a limitation on the maximum number of UPnP defined servicesto256,youshouldwanttoenablethecleanupfeatureifyoumightexceedthislimit.In thecasewherethelimitmightbeexceededUPnPservicesarenotdeletedwhendisconnectinga computerwithoutpropershutdownoftheUpnPapplication(e.g.messenger).Thus,ifyouare runningaboingo,servicesmayoftennotbedeleted,andwilleventuallyleadtoexhaustionof rulesandservices,andnonewservicescouldbedefined.Inthisscenariothecleanupfeature willfindservicesthatarenolongervalidandwillremovethem,preventingservicesexhaustion. WANConnectionPublication:selectanoptionfromthedropdownlist: PublishOnlytheMainWANConnection PublishAllWANConnections
ToaccesstheSNMPscreen,clicktheSimpleNetworkManagementProtocoltabatthetoprighthand sideoftheManagementscreenintheSystemarea.
GlobeSurferIIIPage125of180
TECHNICALREFERENCEMANUAL
SNMPenablesnetworkmanagementsystemstoremotelyconfigureandmonitorGlobeSurferIII.Your Internetserviceprovider(ISP)mayuseSNMPinordertoidentifyandresolvetechnicalproblems.Your ISPshouldprovidetechnicalinformationregardingthepropertiesofGlobeSurferIIIsSNMPagent. ThefollowingSNMPparameterscanbemodified,asprovidedbyyourInternetserviceprovider: Enabled:selectthischeckboxtoenableSNMP AllowIncomingWANAccesstoSNMP:selectthischeckboxtoallowincomingWANaccess SNMPcommunitystringsarepasswordsusedinSNMPmessagesbetweenthemanagement systemandGlobeSurferIII. ReadOnlyCommunityName:areadonlycommunityallowsthemanagertomonitor GlobeSurferIII. ReadWriteCommunityName:areadwritecommunityallowsthemanagertoboth monitorandconfigureGlobeSurferIII. TrustedPeer:entertheIPaddress,orsubnetsofaddresses,thatidentifywhichremote managementstationsareallowedtoperformSNMPoperationsonGlobeSurferIII,chooseone ofthefollowingfromthedropdownlist: AnyAddress SpecifyanIPAddress SpecifyaSubnet SNMPTraps:messagessentbyGlobeSurferIIItoaremotemanagementstation,inorderto notifythemanagerabouttheoccurrenceofimportanteventsorseriousconditions. GlobeSurferIIIsupportsbothSNMPversion1andSNMPversion2ctraps. Enabled:selectthischeckboxtoenableSNMPtraps,andthenenter: Version:selectoneofthefollowingfromthedropdownlist: SNMPv1 SNMPv2c Destination Community PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
GlobeSurferIIIPage126of180
TECHNICALREFERENCEMANUAL
9.7.3. Remote Administration
ToaccesstheRemoteAdministrationscreen,clicktheRemoteAdministrationtabatthetoprighthand sideoftheManagementscreenintheSystemarea.
ItispossibletoaccessandcontrolGlobeSurferIIInotonlyfromwithinthehomenetwork,butalso fromtheInternet.Thisallowsyoutovieworchangesettingswhiletravelling.Italsoenablesyouto allowyourISPtochangesettingsorhelpyoutroubleshootfunctionalityorcommunicationissuesfrom aremotelocation. RemoteaccesstoGlobeSurferIIIisblockedbydefaulttoensurethesecurityofyourhomenetwork. However,remoteaccessissupportedbythefollowingservices,andyoumayusetheRemote Administrationscreentoselectivelyenabletheseservicesiftheyareneeded. Note:WebManagement,TelnetandSSHmaybeusedtomodifysettingsofthefirewallordisableit. TheusermayalsochangelocalIPaddressesandothersettings,makingitdifficultorimpossibleto accessthegatewayfromthehomenetwork.Therefore,remoteaccesstoTelnetorHTTPservices shouldbeblockedandshouldonlybepermittedwhenabsolutelynecessary.
GlobeSurferIIIPage127of180
TECHNICALREFERENCEMANUAL
Thefollowingdatacanbemodified: AllowIncomingWANAccesstoWebManagement:usedtoobtainaccesstotheWebbased Managementandgainaccesstoallsystemsettingsandparameters(usingabrowser).Both secure(HTTPS)andnonsecure(HTTP)accessisavailable.Selectthecheckboxesrequired: UsingPrimaryHTTPPort(80) UsingSecondaryHTTPPort(8080) UsingPrimaryHTTPSPort(443) UsingSecondaryHTTPSPort(8443) AllowIncomingWANAccesstotheTelnetServer:usedtocreateacommandlinesessionand gainaccesstoallsystemsettingsandparameters(usingatextbasedterminal). UsingPrimaryTelnetPort(23) UsingSecondaryTelnetPort(8023) UsingSecureTelnetoverSSLPort(992) SNMP:usedtoallowSimpleNetworkManagementProtocol(SNMP)requeststoremotely configureandmonitorGlobeSurferIII.Formoreinformation,pleaserefertosection9.7.2. Enabled:selectthischeckboxtoenableSNMP AllowIncomingWANAccesstoSNMPselectthischeckboxtoallowincomingWANaccess DiagnosticTools:usedfortroubleshootingandremotesystemmanagementbyyouoryour InternetServiceProvider.TheutilitiesthatcanbeusedarePingandTraceroute(overUDP). AllowIncomingWANICMPEchoRequests(e.g.pingsandICMPtraceroutequeries):select thischeckboxtoallowincomingWANICMPechorequests AllowIncomingWANUDPTracerouteQueries:selectthischeckboxtoallowincomingWAN UDPtraceroutequeries AdditionalJnetPorts AllowJnetCommandsFromRemoteUpgradeServer:selectthischeckboxtoallowJnet commandsfromaremoteupgradeserver RemoteUpgradeServerURL:clickonthishyperlinktoroutetotheFirmwareupgradescreen intheMaintenancetabintheSystemarea(seesection9.8.5). EnableIncomingJnetRequeststoPort7020:selectthischeckboxtoenableincomingJnet requeststoport7020andthenclickonthishyperlinktoroutetotheSystemSettingsscreen intheSettingstabintheSystemarea(seesection9.2.1) AllowIncomingWANAccesstoJnet:selectthischeckboxtoallowincomingWANaccessto Jnet EnableIncomingJnetSSLRequeststoPort7021:selectthischeckboxtoenableincoming JnetSSLrequeststoport7021andthenclickonthishyperlinktoroutetotheSystem SettingsscreenintheSettingstabintheSystemarea(seesection9.2.1) AllowIncomingWANAccesstoJnetSSL:selectthischeckboxtoallowincomingWANaccess toJnetSSL
GlobeSurferIIIPage128of180
TECHNICALREFERENCEMANUAL
9.8.
Maintenance
ToaccesstheAboutGlobeSurferIIIscreen,clicktheAboutGlobeSurferIIItabatthetoprighthand sideoftheMaintenancescreenintheSystemarea.
GlobeSurferIIIPage129of180
TECHNICALREFERENCEMANUAL
ToaccesstheConfigurationFilescreen,clicktheConfigurationFiletabatthetoprighthandsideofthe MaintenancescreenintheSystemarea.
9.8.2.1.
UploadConfigurationFile
ToaccesstheUploadConfigurationFilescreen,clicktheUploadConfigurationFilebuttoninthe ConfigurationFilescreen.
GlobeSurferIIIPage130of180
TECHNICALREFERENCEMANUAL
ToaccesstheRebootscreen,clicktheReboottabatthetoprighthandsideoftheMaintenancescreen intheSystemarea.
ToaccesstheRestoreFactorySettingsscreen,clicktheRestoreFactorySettingstabatthetopright handsideoftheMaintenancescreenintheSystemarea.
GlobeSurferIIIPage131of180
TECHNICALREFERENCEMANUAL
ToaccesstheFirmwareupgradescreen,clicktheFirmwareupgradetabatthetoprighthandsideof theMaintenancescreenintheSystemarea.
GlobeSurferIIIPage132of180
TECHNICALREFERENCEMANUAL
Note:Youcanonlyusefileswithanrmtextensionwhenperformingthefirmwareupgradeprocedure. Enterthepathofthesoftwareimagefile,orpresstheBrowsebuttontobrowseforthefirmware upgradefileonyourPC. PresstheOKbuttontobeginthefirmwareupgradingprocess. PresstheCancelbuttontocanceltheupgradeandgototheHomescreen. ThefilewillstartloadingintoyourGlobeSurferIII.Whenloadingiscompleted,aconfirmationscreen willappear,askingyouifyouwanttoupgradetothenewversion. PresstheOKbuttontobeginthefirmwareupgradingprocess.Theupgradeprocesswillbeginand shouldtakenolongerthanoneminutetocomplete. PresstheCancelbuttontocanceltheupgradeandgototheHomescreen. WhentheupgradingisreadytheGlobeSurferIIIwillautomaticallyreboot.Thenewsoftwareversion willrun,maintainingyourcustomconfigurationsandsettings.
9.8.6. Diagnostics
ToaccesstheDiagnosticsscreen,clicktheDiagnosticstabatthetoprighthandsideoftheMaintenance screenintheSystemarea.
TheDiagnosticsscreencanassistyouintestingnetworkconnectivityandviewingstatistics,suchasthe numberofpacketstransmittedandreceived,roundtriptimeandsuccessstatus.
GlobeSurferIIIPage133of180
TECHNICALREFERENCEMANUAL
Thefollowingdatacanbemodified: Ping(ICMPEcho):thiscanbeusedtodiagnosenetworkconnectivity: Destination:entertheIPaddressorURLtobetested Numberofpings:enterthenumberofpingsyouwouldliketoperform Status:showsthecurrentstatus PresstheGobuttontorunthepingdiagnostic.Inafewseconds,diagnosticstatisticswill bedisplayed.Ifnonewinformationisdisplayed,presstheRefreshbutton. AddressResolutionProtocol(ARP):thisisamethodforfindingahostshardwareaddresswhen onlyitsnetworklayeraddressisknown: Destination:entertheIPaddressorURLtobetested Status:showsthecurrentstatus PresstheGobuttontoruntheARPdiagnostic Traceroute:thiscanbeusedtoperformatraceroute: Destination:entertheIPaddressorURLtobetested Status:showsthecurrentstatus PresstheGobuttontorunthetraceroute.Thescreenwillbeconstantlyrefreshed.To stopthetraceandviewtheresults,presstheCancelbutton. PresstheClosebuttontogototheHomescreen. PresstheRefreshbuttontorefreshthescreenandupdatethestatusfields.
9.9.
ObjectsandRules
ToaccesstheProtocolsscreen,clicktheProtocolstabatthetoprighthandsideoftheObjectsand RulesscreenintheSystemarea.
GlobeSurferIIIPage134of180
TECHNICALREFERENCEMANUAL
TheProtocolsfeatureincorporatesalistofpresetanduserdefinedapplicationsandcommonport settings.YoucanuseprotocolsinvarioussecurityfeaturessuchasAccessControlandPortForwarding. Youmayaddnewprotocolstosupportnewapplicationsoreditexistingonesaccordingtoyourneeds. Foreachprotocolthefollowingdataisdisplayed: Protocols Ports Action:add,modifyordelete ClickonaProtocolhyperlinkortheediticoninthetabletomodifyanentry,orclickontheNewEntry hyperlinkortheaddicontoaddanentry.InbothcasesyouwillberoutedtotheEditServicescreen. PresstheClosebuttontogotothepreviousscreen. PresstheAdvancedbuttontodisplayanextendedversionofthescreenwithmoreprotocols. PresstheBasicbuttontodisplayalimitedversionofthescreenwithfewerprotocols.
GlobeSurferIIIPage135of180
TECHNICALREFERENCEMANUAL
Enterthefollowingdata: ServiceName:nameoftheservice ServiceDescription:descriptionoftheservice Foreachserverportthefollowingdataisdisplayed: Protocol ServerPorts Action:add,modifyordelete Foreachopenedportthefollowingdataisdisplayed: Protocol OpenedPorts Action:add,modifyordelete ClickonaProtocolhyperlinkortheediticonintheServerPortstabletomodifyanentry,orclickonthe NewServerPortshyperlinkortheaddicontoaddanentry.InbothcasesyouwillberoutedtotheEdit ServiceServerPortsscreen. ClickonaProtocolhyperlinkortheediticonintheOpenedPortstabletomodifyanentry,orclickon theNewOpenedPortshyperlinkortheaddicontoaddanentry.Inbothcasesyouwillberoutedtothe EditServiceOpenedPortsscreen. PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
GlobeSurferIIIPage136of180
TECHNICALREFERENCEMANUAL
Youmaychooseanyoftheprotocolsavailableinthedropdownlist,oraddanewonebyselecting Other.Whenselectingaprotocolfromthedropdownlist,thescreenwillrefresh,presentingthe appropriatefieldstoenterforthatprotocol.Selectaprotocolandentertherelevantinformation. Thefollowingfieldsshouldbeentered: Protocol:choosefromthedropdownlist: TCP,thenenter SourcePorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues DestinationPorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues UDP,thenenter SourcePorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues DestinationPorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues ICMP,thenenter ICMPMessagebychoosingfromthedropdownlist: EchoReply NetworkUnreachable HostUnreachable ProtocolUnreachable PortUnreachable DestinationNetworkUnknown DestinationHostUnknown RedirectforNetwork
GlobeSurferIIIPage137of180
TECHNICALREFERENCEMANUAL
PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
Youmaychooseanyoftheprotocolsavailableinthedropdownlist,oraddanewonebyselecting Other.Whenselectingaprotocolfromthedropdownlist,thescreenwillrefresh,presentingthe appropriatefieldstoenterforthatprotocol.Selectaprotocolandentertherelevantinformation. Thefollowingfieldsshouldbeentered: Protocol:choosefromthedropdownlist: TCP,thenenter SourcePorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues DestinationPorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues SameasInitiatingPorts UDP,thenenter SourcePorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues
GlobeSurferIIIPage138of180
TECHNICALREFERENCEMANUAL
DestinationPorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues SameasInitiatingPorts ICMP,thenenter ICMPMessagebychoosingfromthedropdownlist: EchoReply NetworkUnreachable HostUnreachable ProtocolUnreachable PortUnreachable DestinationNetworkUnknown DestinationHostUnknown RedirectforNetwork RedirectforHost EchoRequest Other GRE ESP AH Other,thenenter ProtocolNumber
PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
9.9.2. NetworkObjects
ToaccesstheNetworkObjectsscreen,clicktheNetworkObjectstabatthetoprighthandsideofthe ObjectsandRulesscreenintheSystemarea.
NetworkObjectsisamethodusedtoabstractlydefineasetofLANhosts,accordingtooneormore
GlobeSurferIIIPage139of180
TECHNICALREFERENCEMANUAL
MACaddress,IPaddressandhostname.Definingsuchagroupcanassistwhenconfiguringsystem rules.Forexample,networkobjectscanbeusedwhenconfiguringGlobeSurferIII'ssecurityfiltering settingssuchasIPaddressfiltering,hostnamefilteringorMACaddressfiltering. YoucanusenetworkobjectsinordertoapplysecurityrulesbasedonhostnamesinsteadofIP addresses.Thismaybeuseful,sinceIPaddresseschangefromtimetotime.Moreover,itispossibleto definenetworkobjectsaccordingtoMACaddresses,makingruleapplicationmorepersistentagainst networkconfigurationsettings. Foreachnetworkobjectthefollowingdataisdisplayed: NetworkObject Items Action:add,modifyordelete ClickontheNewEntryhyperlinkortheaddicontoaddanentry.YouwillberoutedtotheEditNetwork Objectscreen(seebelow). PresstheClosebuttontogotothepreviousscreen
GlobeSurferIIIPage140of180
TECHNICALREFERENCEMANUAL
Youmaychooseanyoftheobjecttypesavailableinthedropdownlist.Whenselectinganobjecttype fromthedropdownlist,thescreenwillrefresh,presentingtheappropriatefieldstoenterforthat objecttype.Selectanobjecttypeandentertherelevantinformation. Thesourceaddressshouldbeenteredinoneofthefollowing: NetworkObjectType:choosefromthedropdownlist: IPAddress,thenenter IPaddress IPSubnet,thenenter SubnetIPAddress SubnetMask IPRange,thenenter FromIPAddress ToIPAddress MACAddress,thenenter MACAddress MACMask HostName,thenenter HostName DHCPOption,thenchoosefromthedropdownlist: 60:VendorClassID 61:ClientID 77:UserClassID thenentertheappropriateID PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
GlobeSurferIIIPage141of180
TECHNICALREFERENCEMANUAL
9.9.3. SchedulerRules
ToaccesstheSchedulerRulesscreen,clicktheSchedulerRulestabatthetoprighthandsideofthe ObjectsandRulesscreenintheSystemarea.
Scheduler rules are used for limiting the activation of settings, such as firewall rules, to specific time periods,specifiedindaysoftheweek,andhours. Foreachschedulerrulethefollowingdataisdisplayed: Name Settings Status Action:add,modifyordelete Click on the New Entry hyperlink or the add icon to add an entry. You will be routed to the Edit SchedulerRulescreen(seebelow). PresstheClosebuttontogotothepreviousscreen. PresstheRefreshbuttontorefreshthescreen.
GlobeSurferIIIPage142of180
TECHNICALREFERENCEMANUAL
Enterthefollowingdata: Name:namefortherule RuleActivitysettings:choosefromthefollowingradiobuttonstospecifyiftherulewillbe active/inactiveduringthedesignatedtimeperiod: RulewillbeActiveattheScheduledTime RulewillbeInactiveattheScheduledTime ClickontheNewTimeSegmenthyperlinkortheaddicontoaddanentry.Youwillberoutedtothe EditTimeSegmentscreen(seebelow). PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
Enterthefollowingdata: DaysofWeek:selectdaysoftheweekwhentheruleshouldapply
GlobeSurferIIIPage143of180
TECHNICALREFERENCEMANUAL
9.9.4. Certificates
9.9.4.1.
Overview
Publickeycryptographyusesapairofkeys:apublickeyandacorrespondingprivatekey.Thesekeys canplayoppositeroles,eitherencryptingordecryptingdata.Yourpublickeyismadeknowntothe world,whileyourprivatekeyiskeptsecret. Thepublicandprivatekeysaremathematicallyassociated;howeveritiscomputationallyinfeasibleto deducetheprivatekeyfromthepublickey.Anyonewhohasthepublickeycanencryptinformation thatcanonlybedecryptedwiththematchingprivatekey.Similarly,thepersonwiththeprivatekeycan encryptinformationthatcanonlybedecryptedwiththematchingpublickey. Technically,bothpublicandprivatekeysarelargenumbersthatworkwithcryptographicalgorithmsto produceencryptedmaterial.Theprimarybenetofpublickeycryptographyisthatitallowspeople whohavenopreexistingsecurityarrangementtoauthenticateeachotherandexchangemessages securely.
GlobeSurferIIIPage144of180
TECHNICALREFERENCEMANUAL
9.9.4.2.
DigitalCerticates
Whenworkingwithpublickeycryptography,youshouldbecarefulandmakesurethatyouareusing thecorrectpersonspublickey.Maninthemiddleattacksposeapotentialthreat,whereanill intending3rdpartypostsaphoneykeywiththenameanduserIDofanintendedrecipient.Data transferthatisinterceptedbytheownerofthecounterfeitkeycanfallinthewronghands.Digital certicatesprovideameansforestablishingwhetherapublickeytrulybelongstothesupposedowner. Itisadigitalformofcredential.Ithasinformationonitthatidentiesyou,andanauthorisedstatement totheeffectthatsomeoneelsehasconrmedyouridentity. Digitalcerticatesareusedtofoilattemptsbyanillintendingpartytouseanunauthorizedpublickey. Adigitalcerticateconsistsofthefollowing: Apublickey Certicateinformation:theidentityoftheuser,suchasname,userIDandsoon. Digitalsignatures:astatementstatingthattheinformationenclosedinthecerticatehasbeen vouchedforbyaCerticateAuthority(CA). Bindingthisinformationtogether,acerticateisapublickeywithidenticationformsattached, coupledwithastampofapprovalbyatrustedparty.
9.9.4.3.
X.509CerticateFormat
GlobeSurferIIIsupportsX.509certicatesthatcomplywiththeITUTX.509internationalstandard.An X.509certicateisacollectionofastandardsetofeldscontaininginformationaboutauserordevice andtheircorrespondingpublickey.TheX.509standarddeneswhatinformationgoesintothe certicate,anddescribeshowtoencodeit(thedataformat).AllX.509certicateshavethefollowing data: Thecerticateholderspublickey,togetherwithanalgorithmidentierthatspecieswhich cryptosystemthekeybelongstoandanyassociatedkeyparameters. Theserialnumberofthecerticate:theentity(applicationorperson)thatcreatedthe certicateisresponsibleforassigningitauniqueserialnumbertodistinguishitfromother certicatesitissues.Thisinformationisusedinnumerousways;forexamplewhenacerticate isrevoked,itsserialnumberisplacedonaCerticateRevocationList(CRL). Thecerticateholdersuniqueidentier:thisnameisintendedtobeuniqueacrosstheInternet. ADNconsistsofmultiplesubsectionsandmaylooksomethinglikethis:CN=OptionWireless SwedenAB,EMAIL=info@option.com,OU=DevelopmentDepartment,O=OptionWireless
GlobeSurferIIIPage145of180
TECHNICALREFERENCEMANUAL
SwedenAB,C=SE.(TheserefertothesubjectsCommonName,OrganizationalUnit, OrganizationandCountry.) Thecerticatesvalidityperiod:thecerticatesstartdate/timeandexpirationdate/time indicateswhenthecerticatewillexpire. Theuniquenameofthecerticateissuer:theuniquenameoftheentitythatsignedthe certicate.ThisisnormallyaCA.Usingthecerticateimpliestrustingtheentitythatsignedthis certicate.(Notethatinsomecases,suchasrootortoplevelCAcerticates,theissuersignsits owncerticate.) Thedigitalsignatureoftheissuer:thesignatureusingtheprivatekeyoftheentitythatissued thecerticate. Thesignaturealgorithmidentier:identiesthealgorithmusedbytheCAtosignthecerticate.
9.9.4.4.
RequestinganX509Certicate
GlobeSurferIIIPage146of180
TECHNICALREFERENCEMANUAL
You might think of an X509 certicate as looking like a standard paper certicate with a public key tapedtoit.Ithasyournameandsomeinformationaboutyouonit,plusthesignatureoftheperson whoissuedittoyou. ClicktheCerticatestabinthetoprighthandcorneroftheObjectsandRulesscreenintheSystem area.TheGlobeSurferIIIsLocalscreenwillappear.
ClicktheCreateCerticateRequestbutton.TheCreateX509Requestscreenwillappear.
GlobeSurferIIIPage147of180
TECHNICALREFERENCEMANUAL
GlobeSurferIIIPage148of180
TECHNICALREFERENCEMANUAL
YoucanclicktheSaveiconundertheActioncolumn,andthenOpeninthedialogueboxtoviewthe Certicatewindow(Windowsonly)boxtosavethecerticatetoale.
YoucanalsoclicktheEditiconundertheActioncolumntoviewtheCerticateDetailsscreen.
GlobeSurferIIIPage149of180
TECHNICALREFERENCEMANUAL
9.9.4.5.
CreatingaSelfSignedCerticate
ClicktheCreateSelfSignedCerticatebutton.TheCreateSelfSignedX509Certicatescreenwill appear.
GlobeSurferIIIPage150of180
TECHNICALREFERENCEMANUAL
Afterashortwhile,presstheRefreshbutton,untiltheCerticateDetailsscreenappears.
GlobeSurferIIIPage151of180
TECHNICALREFERENCEMANUAL
ClicktheOK.ThemainGlobeSurferIIIsLocalscreenwillreappear,displayingthecerticatenameand issuer.
9.9.4.6.
LoadingaPKCS#12FormatCerticate
GlobeSurferIIIPage152of180
TECHNICALREFERENCEMANUAL
ClicktheUploadCerticatelink.TheLoadGlobeSurferIIIsLocalCerticatescreenwillappear.
Ifthe.p12filecontainedanyCAcertificates,theywillbedisplayedintheCAstore(clicktheCAstabto viewtheCAcertificates.
GlobeSurferIIIPage153of180
TECHNICALREFERENCEMANUAL
10. Shortcuts
This page displays icon shortcuts in alphabetical order for many of the GlobeSurfer III functions to enablequickandeasyaccesstoallareas.
GlobeSurferIIIPage154of180
TECHNICALREFERENCEMANUAL
Diagnostics FileServer Firewall FirmwareUpgrade IPAddressDistribution IPSec L2TPServer NetworkConnections NetworkMonitor NetworkObjects PPPoERelay PPTPServer PersonalDomainName(DynamicDNS) PrintServer Protocols Reboot RemoteAdministration RestoreFactorySettings Routing SIMsetup Scheduler SharedStorage SimpleNetworkManagementProtocol(SNMP) SystemLog SystemSettings TimeSettings Unlockdevice Users WINSServer
GlobeSurferIIIPage155of180
TECHNICALREFERENCEMANUAL
11. Telephone
GlobeSurfer III is equipped with a telephony connector and can replace a regular fixed line service (POTS). In order to setup fixed line telephony to make phone calls through GlobeSurfer III, connect GlobeSurfer III to the first telephony plug. Note that you should configure your country in the GlobeSurferIIIInstallationwizard,seesection4.3. Fromthisscreenyoucanclickonthetabsatthetoplefthandsidetoroutetothefollowingdetailed screens: Missedcallslistofcallsreceivedbutnotanswered(seesection11.1) Incomingcallslistofcallsreceivedandanswered(seesection11.2) Outgoingcallscallsinitiatedfromyourphones(seesection11.3) Telephonesettingscontrolsbehaviouroffixedlinetelephony(seesection11.4) CallForwardingallowsyoutoforwardcallstoothernumbers(seesection11.5) CallWaitingallowsyoutoactivateordeactivatecallwaiting(seesection11.6) CallerIDallowsyoutoidentifythetelephonenumberofcaller(seesection11.7) SIMsetupallowsyoutochangeorenabletheSIMPINnumber(seesection11.8)
11.1. Missedcalls
TheMissedcallsscreenshowsalistofcalls,withCallerIDifreceived,thatwerenotansweredincluding atimestampoftheevent.ByclickingClearLogyouwillerasethehistoryofmissedcalls.
11.2. Incomingcalls
The Incoming calls screen shows calls, with Caller ID if received, that were received and answered including a time stamp and duration of the event. By clicking Clear Log you will erase the history of incomingcalls.
GlobeSurferIIIPage156of180
TECHNICALREFERENCEMANUAL
11.3. Outgoingcalls
The Outgoing calls screen shows calls, with Caller ID, that have been initiated from your telephones usingGlobeSurferIIIincludingatimestampanddurationoftheevent.ByclickingClearLogyouwill erasethehistoryofoutgoingcalls.
11.4. Telephonesettings
TheTelephonesettingsscreencontrolsthebehaviourofthefixedlinetelephonysupport ofGlobeSurferIII.
GlobeSurferIIIPage157of180
TECHNICALREFERENCEMANUAL
11.5. CallForwarding
TheCallForwardingscreenallowsyoutoforwardcallstoothernumberswhenthereisnoanswer,or thenumberisunreachableorbusy.
GlobeSurferIIIPage158of180
TECHNICALREFERENCEMANUAL
Allcalls:thefollowingoptionsapplytoallcalls: o Activate:clickingthisbuttonwillforwardallcallstothenumberprovided o Deactivate:clickingthisbuttonwillstoptheforwardingofallcalls o Clearnumber:clickingthisbuttonwilldeletethenumberprovided o Number:enterthephonenumbertoforwardallcallsto o Status:displaysthestatusofallcallforwardingasActivatedorDeactivated Noanswer:thefollowingoptionsapplytounansweredcalls: o Activate:clickingthisbuttonwillforwardunansweredcallstothenumberprovided o Deactivate:clickingthisbuttonwillstoptheforwardingofunansweredcalls o Clearnumber:clickingthisbuttonwilldeletethephonenumberprovided o Number:enterthephonenumbertoforwardunansweredcallsto o Status:displaysthestatusofunansweredcallforwardingasActivatedorDeactivated Unreachable:thefollowingoptionsapplytocallswhenthenumberisunreachable: o Activate:clickingthisbuttonwillforwardunreachablecallstothephonenumber provided o Deactivate:clickingthisbuttonwillstoptheforwardingofunreachablecalls o Clearnumber:clickingthisbuttonwilldeletethephonenumberprovided o Number:enterthephonenumbertoforwardcallstowhenthenumberisunreachable o Status:displaysthestatusofunreachablecallforwardingasActivatedorDeactivated Busy:thefollowingoptionsapplytocallswhenthenumberisbusy: o Activate:clickingthisbuttonwillforwardbusycallstothephonenumberprovided o Deactivate:clickingthisbuttonwillstoptheforwardingofbusycalls o Clearnumber:clickingthisbuttonwilldeletethephonenumberprovided o Number:enterthephonenumbertoforwardcallstowhenthenumberisbusy o Status:displaysthestatusofbusycallforwardingasActivatedorDeactivated
PresstheRefreshbuttontorefreshthescreen.
11.6. CallWaiting
TheCallWaitingscreenallowsyoutoactivateordeactivatecallwaitingfunctionality.
GlobeSurferIIIPage159of180
TECHNICALREFERENCEMANUAL
11.7. CallerID
TheCallerIDscreenallowsthesystemtoidentifythetelephonenumberofthecalleroneitherinbound oroutboundcalls.
UsetheCallerIDscreentomakethefollowingsettings: Incomingidentification:thefollowingoptionsapplytoincomingtelephonecalls: o Status:displaysOnorOff o Activate:clickingthisbuttonwillactivateidentificationofcallerforincomingcalls o Deactivate:clickingthisbuttonwilldeactivateidentificationofcallerforincomingcalls Outgoingidentification:thefollowingoptionsapplytooutgoingtelephonecalls: o Status:displaysOnorOff o Activate:clickingthisbuttonwillactivateidentificationofcallerforoutgoingcalls o Deactivate:clickingthisbuttonwilldeactivateidentificationofcallerforoutgoingcalls PresstheRefreshbuttontorefreshthescreen.
11.8. SIMsetup
TheSIMcardintheGlobeSurferIIIrequiresaPINcodetobeenteredbeforeitcanbeused.ThePIN codeyoureceivefromyourISPcanbechangedtoaPINcodeofyourown.BydefaultthePINcodeis
GlobeSurferIIIPage160of180
TECHNICALREFERENCEMANUAL
PresstheOKbuttontoapplychangesandgobacktothepreviousscreen.
GlobeSurferIIIPage161of180
TECHNICALREFERENCEMANUAL
11.8.2. SIMPINenable
11.8.3. SIMPIN2change
GlobeSurferIIIPage162of180
TECHNICALREFERENCEMANUAL
11.8.4. Unlockdevice
IncasetheGlobeSurferIIIislockedtoaspecificISP,itcanbeunlockedwithacodethatyoushouldbe able to get from your ISP. Normally there are certain conditions that must be fulfilled to be able to unlockthedevice.
PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
12. SMS
TheGlobeSurferIIIcansendandreceiveSMStextmessages.Itsupportsbothincomingandoutgoing concatenatedmessages,anditcansendflashSMSs. WhentheGlobeSurferIIIreceivesanewSMStextmessage,thisisindicatedbyanenvelopesymbol shownontheGlobeSurferIIIdisplay. Fromthisscreenyoucanclickonthetabsatthetoplefthandsidetoroutetothefollowingdetailed screens:
GlobeSurferIIIPage163of180
TECHNICALREFERENCEMANUAL
12.1. SMSCreate
CreatingandsendingSMStextmessages: SelecttheSMSCreatetab. TypeyourmessagetextintheSMSmessagefield. TheCharactersleftfieldshowshowmuchspaceisleft. EnterthemobilenumberofthepersonyouwanttocontactinthePhonenumbersfield.Usethe standardmobilenumberformat:+4976123456forinternational,and076123456fornational numbers. Tip:Youcanenterseveralnumbersseparatedbycommas(nospacesallowed),uptoamaximumoften phonenumbers.
Tip:GlobeSurferIIIsupportsconcatenatedSMS,whichworksasfollows:ifyouwanttosendalonger thanstandardSMSof160charactersyoucantypealmosttheequivalentof4standardmessages(upto 609characters).Whenyousendthemessageitwillbecountedasseparatemessages. Note: When you send an SMS, you may incur a charge depending on your subscription with your mobileoperator. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
GlobeSurferIIIPage164of180
TECHNICALREFERENCEMANUAL
12.2. Inbox
HandlingSMStextmessagesintheInbox: SelecttheInboxtabtodisplaythemessages,withunreadmessageinbold.
ClicktheSMSthatyouwanttoread.Themessagetextisshown.
GlobeSurferIIIPage165of180
TECHNICALREFERENCEMANUAL
12.3. Outbox
AfteraSMStextmessagehasbeensentfromyourGlobeSurferIIIitwillbestoredtemporarilyinthe Outboxfolderuntilitissent.
12.4. Sent
AfteraSMStextmessagehasbeensentfromyourGlobeSurferIIIitwillbestoredintheSentfolder. From here it is possible to open any sent message and choose to delete, forward or save it to the archive(seesection12.7).
12.5. Drafts
WhilecreatinganewSMStextmessagefromtheSMScreatetabitispossibletochoosetosaveitas draft instead of sending it directly. This SMS will then be accessible from the Drafts folder. When clickingonanSMSintheDraftsfolder,youwillbedirectedbacktotheSMScreatetabwhereitcanbe finalised. Note that when an SMS text message in the Drafts folder has been opened and then sent, it will be removedfromtheDraftsfolder.
GlobeSurferIIIPage166of180
TECHNICALREFERENCEMANUAL
12.6. Templates
From the SMS create tab it is possible to choose to save a text message as a template instead of sendingitdirectly.Whenamessageissavedasatemplate,itcanbeloadedfromtheTemplatesfolder. ThisisconvenientwhenSMSmessagesareoftensenttothesamerecipientorwithsimilarcontent. Toremoveatemplate,simplyclicktheremoveiconforthatspecifictemplate.
12.7. Archive
SMStextmessagesfromInboxorSentfolderscanbestoredinthearchive.WhenselectingtheArchive tab,storedmessagesarelistedanditispossibletoopenanymessageandchoosetodelete,forwardor replytothatmessage.
12.8. SIMcard
The SIM card tab shows SMS text messages that are stored on the SIM card inserted in the GlobeSurferIII.AfteropeninganSMSfromtheSIMcardfolderyoucanchoosetodeleteit,replytoit, forwarditorsaveittotheArchivefolder.
GlobeSurferIIIPage167of180
TECHNICALREFERENCEMANUAL
12.9. Settings
OntheSettingstabitispossibletodefinetheSMSCnumberwhichisthenumbertotheShortMessage ServiceCentrethatwillbeusedforsendingSMSmessagesfromyourGlobeSurferIIIunit.Thisnumber isusuallyalreadyfilledinbydefault,butifnecessaryyoucanusetheSettingstabtochangeit. PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
GlobeSurferIIIPage168of180
TECHNICALREFERENCEMANUAL
ListofAcronyms
ALGApplicationLevelGateway APIApplicationProgrammingInterface CPECustomerPremiseEquipment DHCPDynamicHostCongurationProtocol DMZDemilitarizedZone DNSDomainNameSystem DOCSISDataOverCableServiceInterfaceSpecication DSLDigitalSubscriberLine FTPFileTransferProtocol HomePNAHomePhonelineNetworkAlliance HTTPHyperTextTransportProtocol IADIntegratedAccessDevice ICMPInternetControlMessageProtocol IGMPInternetGroupMulticastProtocol IPInternetProtocol IPSecIPSecurity LANLocalAreaNetwork MACMediaAccessControl MTUMaximumTransmissionUnit NAPTNetworkAddressPortTranslation OAMOperationsandMaintenance OEMOriginalEquipmentManufacturer
GlobeSurferIIIPage169of180
TECHNICALREFERENCEMANUAL
PDAPersonalDigitalAssistant POP3PostOfceProtocol3 POTSPlainOldTelephonyService PPPPointtoPointProtocol PPTPPointtoPointTunnellingProtocol RGResidentialGateway RIPRoutingInformationProtocol SNMPSimpleNetworkManagementProtocol SPIStatefulPacketInspection TCPTransmissionControlProtocol TFTPTrivialFileTransferProtocol UDPUserDatagramProtocol UPnPUniversalPlugandPlay URLUniversalResourceLocator USBUniversalSerialBus VPNVirtualPrivateNetwork WANWideAreaNetwork
GlobeSurferIIIPage170of180
TECHNICALREFERENCEMANUAL
Glossary
100BaseTAlsoknownasFastEthernet,anEthernetcablestandardwithadatatransferrateofupto 100Mbps. 10BaseTAnolderEthernetcablestandardwithadatatransferrateofupto10Mbps. 802.11,802.11bAfamilyofIEEE(InstituteofElectricalandElectronicsEngineers)denedspecications for wireless networks. Includes the 802.11b standard, which supports highspeed (up to 11 Mbps) wirelessdatatransmission. 802.3 The IEEE (Institute of Electrical and Electronics Engineers dened specication that describes thecharacteristicsofEthernet(wired)connections. AccesspointAdevicethatexchangesdatabetweencomputersonanetwork.Anaccesspointtypically doesnothaveanyFirewallorNATcapabilities. AdhocnetworkAsolelywirelesscomputertocomputernetwork.Unlikeaninfrastructurenetwork,an adhocnetworkdoesnotincludeagatewayrouter. Adapter Also known as a network interface card (NIC). An expansion card or other device used to providenetworkaccesstoacomputer,printer,orotherdevice. AdministratorApersonresponsibleforplanning,conguring,andmanagingthedaytodayoperation ofacomputernetwork.Thedutiesofanadministratorincludeinstallingnewworkstationsandother devices, adding and removing individuals from the list of authorized users, archiving les, overseeing passwordprotectionandothersecuritymeasures,monitoringusageofsharedresources,andhandling malfunctioningequipment. AuthenticationTheprocessofidentifyinganindividual,usuallybasedonausernameandpassword.In securitysystems,authenticationisdistinctfromauthorization,whichistheprocessofgivingindividuals accesstosystemobjectsbasedontheiridentity.Authenticationmerelyensuresthattheindividualis whoheorsheclaimstobe,butsaysnothingabouttheaccessrightsoftheindividual. BandwidthTheamountofinformation,orsizeofle,thatcanbesentthroughanetworkconnectionat onetime.Aconnectionwithmorebandwidthcantransferinformationmorequickly. Bridge A device that forwards packets of information from one segment of a network to another. A bridgeforwardsonlythosepacketsnecessaryforcommunicationbetweenthesegments. Broadband connection A highspeed connection, typically 256 Kbps or faster. Broadband services includecablemodemsandDSL. Broadband modem A device that enables a broadband connection to access the Internet. The two most common types of broadband modems are cable modems, which rely on cable television infrastructure,andDSLmodems,whichrelyontelephonelinesoperatingatDSLspeeds.
GlobeSurferIIIPage171of180
TECHNICALREFERENCEMANUAL
Broadcast Broadcasting sends a message to everyone on the network whereas multicasting sends a messagetoaselectlistofrecipients. BusAsetofhardwarelinesusedfordatatransferamongthecomponentsofacomputersystem.Abus essentially allows different parts of the system to share data. For example, a bus connects the disk drivecontroller,memoryandinput/outputportstothemicroprocessor. CablemodemAdevicethatenablesabroadbandconnectiontoaccesstheInternet.Cablemodemsrely on cable television infrastructure, in other words, the data travels on the same lines as your cable television. Caller ID A service within telephony networks that enables the receiver of a call to see the number calling. CAT5cableAbbreviationforCategory5cable.AtypeofEthernetcablethathasamaximumdatarate of100Mbps. ChannelApathorlinkthroughwhichinformationpassesbetweentwodevices. CHAP Challenge Handshake Authentication Protocol, a type of authentication in which the authenticationagent(typicallyanetworkserver)sendstheclientprogramarandomvaluethatisused onlyonceandanIDvalue.Thesenderandpeermustshareapredenedsecret. Client Any computer or program that connects to, or requests the services of, another computer or programonanetwork.ForalocalareanetworkortheInternet,aclientisacomputerthatusesshared networkresourcesprovidedbyaserver. Client/servernetworkAnetworkoftwoormorecomputersthatrelyonacentralservertomediate theconnectionsorprovideadditionalsystemresources.Thisdependenceonaserverdifferentiatinga client/servernetworkfromapeertopeernetwork. Computer name A name that uniquely identies a computer on the network so that all its shared resources can be accessed by other computers on the network. One computer name cannot be the sameasanyothercomputerordomainnameonthenetwork. CrossovercableAtypeofcablethatfacilitatesnetworkcommunications.Acrossovercableisacable thatisusedtointerconnecttwocomputersbycrossingover(reversing)theirrespectivepincontacts. DHCPAcronymforDynamicHostCongurationProtocol.ATCP/IPprotocolthatautomaticallyassigns temporaryIPaddressestocomputersonalocalareanetwork(LAN).GlobeSurferIIIsupportstheuse ofDHCP.YoucanuseDHCPtoshareoneInternetconnectionwithmultiplecomputersonanetwork. Dialup connection An Internet connection of limited duration that uses a public telephone network ratherthanadedicatedcircuitorsomeothertypeofprivatenetwork. DMZ Acronym for demilitarized zone. A collection of devices and subnets placed between a private
GlobeSurferIIIPage172of180
TECHNICALREFERENCEMANUAL
networkandtheInternettohelpprotecttheprivatenetworkfromunauthorizedInternetusers. DNS Acronym for Domain Name System. A data query service chiey used on the Internet for translating host names into Internet addresses. The DNS database maps DNS domain names to IP addresses,sothatuserscanlocatecomputersandservicesthroughuserfriendlynames. Domain In a networked computer environment, a collection of computers that share a common domain database and security policy. A domain is administered as a unit with common rules and procedures,andeachdomainhasauniquename. Domain name An address of a network connection that identies the owner of that address in a hierarchical format: server.organization.type. For example, www.whitehouse.gov identies the Web serverattheWhiteHouse,whichispartoftheU.S.government. DriveAnareaofstoragethatisformattedwithalesystemandhasadriveletter.Thestoragecanbea oppy disk (which is often represented by drive A), a hard disk (usually drive C), a CDROM (usually drive D), or another type of disk. You can view the contents of a drive by clicking the drives icon in Windows Explorer or My Computer. Drive C (also known as the hard disk), contains the computers operatingsystemandtheprogramsthathavebeeninstalledonthecomputer.Italsohasthecapacity tostoremanyofthelesandfoldersthatyoucreate. DriverWithinanetworkingcontext,adevicethatmediatescommunicationbetweenacomputeranda networkadapterinstalledonthatcomputer. DSLAcronymforDigitalSubscriberLine.Aconstant,highspeeddigitalconnectiontotheInternetthat usesstandardcoppertelephonewires. DSLmodemAdevicethatenablesabroadbandconnectiontoaccesstheInternet.DSLmodemsrelyon telephonelinesthatoperateatDSLspeeds. Duplex A mode of connection. Fullduplex transmission allows for the simultaneous transfer of informationbetweenthesenderandthereceiver.Halfduplextransmissionallowsforthetransferof informationinonlyonedirectionatatime. DynamicIPaddressTheIPaddressassigned(usingtheDHCPprotocol)toadevicethatrequiresit.A dynamicIPaddresscanalsobeassignedtoagatewayorrouterbyanISP. EdgecomputerThecomputeronanetworkthatconnectsthenetworktotheInternet.Otherdevices onthenetworkconnecttothiscomputer.Thecomputerrunningthemostcurrent,reliableoperating systemisthebestchoicetodesignateastheedgecomputer. EncryptionThetranslationofdataintoasecretcode.Encryptionisthemosteffectivewaytoachieve datasecurity.Toreadanencryptedle,youmusthaveaccesstoasecretkeyorpasswordthatenables youtodecryptit.
GlobeSurferIIIPage173of180
TECHNICALREFERENCEMANUAL
Ethernet A networking standard that uses cables to provide network access. Ethernet is the most widelyinstalledtechnologytoconnectcomputerstogether. EthernetcableAtypeofcablethatfacilitatesnetworkcommunications.AnEthernetcablecomesina coupleofavors.thereistwistedpair,andcoaxEthernetcables.Eachoftheseallowdatatotravelat 10Mbitpersecond. FirewallAsecuritysystemthathelpsprotectanetworkfromexternalthreats,suchashackerattacks, originating outside the network. A hardware Firewall is a connection routing device that has specic datacheckingsettingsandthathelpsprotectallofthedevicesconnectedtoit. FirmwareSoftwareinformationstoredinnonvolatilememoryonadevice. Flash memory A type of memory that does not lose data when power is removed from it. Flash memoryiscommonlyusedasasupplementtoorreplacementforharddisksinportablecomputers.In thiscontext,ashmemoryeitherisbuiltintotheunitor,morecommonly,isavailableasaPCCardthat canbepluggedintoaPCMCIAslot. FTP Acronym for File Transfer Protocol. The standard Internet protocol for downloading, or transferring,lesfromonecomputertoanother. GatewayAdevicethatactsasacentralpointfornetworkeddevices,receivestransmittedmessages, and forwards them. GlobeSurfer III can link manycomputers on a single network, andcan sharean encryptedInternetconnectionwithwiredandwirelessdevices. Gateway address The IP address you use when you make a connection outside your immediate network. HexadecimalAnumberingsystemthatuses16ratherthan10asthebaseforrepresentingnumbers.It is therefore referred to as a base16 numbering system. The hexadecimal system uses the digits 0 through 9 and the letters A through F (uppercase or lowercase) to represent the decimal numbers 0 through 15. For example, the hexadecimal letter D represents the decimal number 13. One hexadecimaldigitisequivalentto4bits,and1bytecanbeexpressedbytwohexadecimaldigits. HomePNA An industry standard that ensures that through existing telephone lines and a registered jack,computerusersonahomenetworkcanshareresources(suchasanInternetconnection,les,and printers) without interfering with regular telephone service. HomePNA currently offers data transmissionspeedsofupto10Mbps. HomeRF An industry standard that combines 802.11b and portable phone standards for home networking. It uses frequency hopping (switching of radio frequencies within a given bandwidth to reducetheriskofunauthorizedsignalinterception).HomeRFoffersdatatransmissionspeedsofupto 1.6Mbpsatdistancesofupto150feet. HostnameTheDNSnameofadeviceonanetwork,usedtosimplifytheprocessoflocatingcomputers onanetwork.
GlobeSurferIIIPage174of180
TECHNICALREFERENCEMANUAL
HubAdevicethathasmultipleportsandthatservesasacentralconnectionpointforcommunication linesfromalldevicesonanetwork.Whendataarrivesatoneport,itiscopiedtotheotherports. IEEE Acronym for Institute of Electrical and Electronics Engineers. A society of engineering and electronicsprofessionalsthatdevelopsstandardsfortheelectrical,electronics,computerengineering, andsciencerelatedindustries.TheIEEE(EyetripleE)isanonprot,technicalprofessionalassociation ofmorethan377,000individualmembersin150countries.ThefullnameistheInstituteofElectrical andElectronicsEngineers,Inc.,althoughtheorganizationismostpopularlyknownandreferredtoby thelettersIEEE. InfrastructurenetworkAnetworkcongurationinwhichwirelessdevicesconnecttoawirelessaccess point(suchasGlobeSurferIII)insteadofconnectingtoeachotherdirectly. Internet domain In a networked computer environment, a collection of computers that share a commondomaindatabaseandsecuritypolicy.Adomainisadministeredasaunitwithcommonrules andprocedures,andeachdomainhasauniquename. Intranet A network within an organization that uses Internet technologies (such a Web browser for viewing information) and protocols (such as TCP/IP), but is available only to certain people, such as employeesofacompany.Alsocalledaprivatenetwork.SomeintranetsofferaccesstotheInternet,but suchconnectionsaredirectedthroughaFirewall. IP Acronym for Internet Protocol. The protocol within TCP/IP that is used to send data between computers over the Internet. More specically, this protocol governs the routing of data messages, whicharetransmittedinsmallercomponentscalledpackets. IPaddressAcronymforInternetProtocoladdress.IPistheprotocolwithinTCP/IPthatisusedtosend data between computers over the Internet. An IP address is an assigned number used to identify a computerthatisconnectedtoanetworkthroughTCP/IP.AnIPaddressconsistsoffournumbers(each ofwhichcanbenogreaterthan255)separatedbyperiods,suchas192.168.1.1. ISO/OSIreferencemodelAbbreviationforInternationalOrganizationforStandardizationOpenSystems Interconnection reference model. An architecture that standardizes levels of service and types of interactionforcomputersthatexchangeinformationthroughacommunicationsnetwork.TheISO/OSI reference model separates computertocomputer communications into seven protocol layers, or levels;each builds on and relies on the standards contained in the levels below it. The lowest of the seven layers deals solely with hardware links; the highest deals with software interactions at the program level. It is a fundamental blueprint designed to help guide the creation of hardware and softwarefornetworks. ISPAcronymforInternetserviceprovider.Acompanythatprovidesindividualsorcompaniesaccessto theInternet. KbpsAbbreviationofkilobitspersecond.Datatransferspeed,asthroughamodemoronanetwork, measuredinmultiplesof1,000bitspersecond.
GlobeSurferIIIPage175of180
TECHNICALREFERENCEMANUAL
LAN Acronym for local area network. A group of computers and other devices dispersed over a relativelylimitedarea(forexample,abuilding)andconnectedbyacommunicationslinkthatenables anydevicetointeractwithanyotheronthenetwork. MAC address Abbreviation for media access control address. The address that is used for communicationbetweennetworkadaptersonthesamesubnet.Eachnetworkadapterismanufactured withitsownuniqueMACaddress. MAClayerAbbreviationformediaaccesscontrollayer.Theloweroftwosublayersthatmakeupthe datalinklayerintheISO/OSIreferencemodel.TheMAClayermanagesaccesstothephysicalnetwork, soaprotocollikeEthernetworksatthislayer. Mapping A process that allows one computer to communicate with a resource located on another computer on the network. For example, if you want to access a folder that resides on another computer,youmaptothatfolder,aslongasthecomputerthatholdsthefolderhasbeenconguredto shareit. MbpsAbbreviationofmegabitspersecond.Aunitofbandwidthmeasurementthatdenesthespeed atwhichinformationcanbetransferredthroughanetworkorEthernetcable.Onemegabyteisroughly equivalenttoeightmegabits. ModemAdevicethattransmitsandreceivesinformationbetweencomputers. MPPE Microsoft Point to Point Encryption (MPPE) is a means of representing Point to Point Protocol (PPP)packetsinanencryptedform. MulticastTotransmitasinglemessagetoaselectgroupofrecipients.Asimpleexampleofmulticasting is sending an email message to a mailing list. Teleconferencing and videoconferencing also use multicasting,butrequiremorerobustprotocolsandnetworks. NATAcronymfornetworkaddresstranslation.TheprocessofconvertingbetweenIPaddressesused withinaprivatenetworkandInternetIPaddresses.NATenablesallofthecomputersonanetworkto shareoneIPaddress. Network A collection of two or more computers that are connected to each other through wired or wireless means. These computers can share access to the Internet and the use of les, printers, and otherequipment. Network adapter Also known as a network interface card (NIC). An expansion card or other device usedtoprovidenetworkaccesstoacomputer,printer,orotherdevice. NetworknameThesinglenameofagroupingofcomputersthatarelinkedtogethertoformanetwork. Network printer A printer that is not connected directly to a computer, but is instead connected directlytoanetworkthroughawiredorwirelessconnection. PacketAunitofinformationtransmittedasawholefromonedevicetoanotheronanetwork.
GlobeSurferIIIPage176of180
TECHNICALREFERENCEMANUAL
PAPPasswordAuthenticationProtocol,themostbasicformofauthentication,inwhichausersname and password are transmitted over a network and compared to a table of namepassword pairs. Typically,thepasswordsstoredinthetableareencrypted.TheBasicAuthenticationfeaturebuiltinto theHTTPprotocolusesPAP. PCCardAperipheraldevicethataddsmemory,massstorage,modemcapability,orothernetworking servicestoportablecomputers. PCI Acronym for Peripheral Component Interconnect. A specic bus type designed to be used with devicesthathavehighbandwidthrequirements. PCI card A card designed to t into a PCI expansion slot in a personal computer. PCI cards provide additionalfunctionality;forexample,twotypesofPCIcardsarevideoadaptersandnetworkinterface cards.SeePCI. PCIexpansionslotAconnectionsocketdesignedtoaccommodatePCIcards. PCMCIA Acronym for Personal Computer Memory Card International Association. A nonprot organization of manufacturers and vendors formed to promote a common technical standard for PC Cardbased peripherals and the slot designed to hold them, primarily on portable computers and intelligentelectronicdevices. PeertopeernetworkAnetworkoftwoormorecomputersthatcommunicatewithoutusingacentral server. This lack of reliance on a server differentiates a peertopeer network from a client/server network. PINGAprotocolfortestingwhetheraparticularcomputerisconnectedtothe Internetbysending a packettothecomputersIPaddressandwaitingforaresponse. Plug and Play A set of specications that allows a computer to automatically detect and congure variousperipheraldevices,suchasmonitors,modems,andprinters. PortAphysicalconnectionthroughwhichdataistransferredbetweenacomputerandotherdevices (suchasamonitor,modem,orprinter),anetwork,oranothercomputer.Also,asoftwarechannelfor networkcommunications. PPPoEAcronymforPointtoPointProtocoloverEthernet.Aspecicationforconnectingusersonan EthernetnetworktotheInternetbyusingabroadbandconnection(typicallythroughaDSLmodem). PPTPIPSecurity,asetofprotocolsdevelopedtosupportsecureexchangeofpacketsattheIPlayer. IPsechasbeendeployedwidelytoimplementVirtualPrivateNetworks(VPNs). PPTP PointtoPoint Tunneling Protocol, a technology for creating Virtual Private Networks (VPNs). Because the Internet is essentially an open network, the PointtoPoint Tunneling Protocol (PPTP) is usedtoensurethatmessagestransmittedfromoneVPNnodetoanotheraresecure.WithPPTP,users candialintotheircorporatenetworkviatheInternet.
GlobeSurferIIIPage177of180
TECHNICALREFERENCEMANUAL
Prole A computerbased record that contains an individual networks software settings and identicationinformation. ProtocolAsetofrulesthatcomputersusetocommunicatewitheachotheroveranetwork. ResourceAnytypeofhardware(suchasamodemorprinter)orsoftware(suchasanapplication,le, orgame)thatuserscanshareonanetwork. RestorefactorydefaultsThetermusedtodescribetheprocessoferasingyourbasestationscurrent settingstorestorefactorysettings.YouaccomplishthisbypressingtheResetbuttonandholdingitfor veormoreseconds.Notethatthisisdifferentfromresettingthebasestation. RJ11 connector An attachment used to join a telephone line to a device such as a modem or the externaltelephonelines. RJ45connectorAnattachmentfoundontheendsofallEthernetcablesthatconnectsEthernet(wired) cablestootherdevicesandcomputers Server A computer that provides shared resources, such as storage space or processing power, to networkusers. Shared folder A folder (on a computer) that has been made available for other people to use on a network. SharedprinterAprinter(connectedtoacomputer)thathasbeenmadeavailableforotherpeopleto useonanetwork. SharingTomaketheresourcesassociatedwithonecomputeravailabletousersofothercomputerson anetwork. SNTP Acronym for Simple Network Time Protocol. A protocol that enables client computers to synchronizetheirclockswithatimeserverovertheInternet. SSID Acronym for Service Set Identier, also known as a wireless network name. An SSID value uniquelyidentiesyournetworkandiscasesensitive. StaticIPaddressApermanentInternetaddressofacomputer(assignedbyanISP). Straightthrough cable A type of cable that facilitates network communications. An Ethernet cable comesinacoupleofavors.Thereistwistedpair,andcoaxEthernetcables.Eachoftheseallowdatato travelat10Mbitpersecond.UnliketheCrossovercable,straightthroughcablehasthesameorderof pincontactsoneachendplugofthecable. Subnet A distinct network that forms part of a larger computer network. Subnets are connected throughroutersandcanuseasharednetworkaddresstoconnecttotheInternet. Subnet mask Typically, a subnet may represent all the machines at one geographic location, in one
GlobeSurferIIIPage178of180
TECHNICALREFERENCEMANUAL
building,oronthesamelocalareanetwork(LAN).Havinganorganizationsnetworkdividedintosub netsallowsittobeconnectedtotheInternetwithasinglesharednetworkaddress.Similarinformto anIPaddressandtypicallyprovidedbyanISP.Anexampleofasubnetmaskvalueis255.255.0.0. Switch A central device that functions similarly to a hub, forwarding packets to specic ports rather thanbroadcastingeverypackettoeveryport.Aswitchismoreefcientwhenusedonahighvolume network. SwitchednetworkAcommunicationsnetworkthatusesswitchingtoestablishaconnectionbetween parties. Switching A communications method that uses temporary rather than permanent connections to establishalinkortorouteinformationbetweentwoparties.Incomputernetworks,messageswitching andpacketswitchingallowanytwopartiestoexchangeinformation.Messagesarerouted(switched) throughintermediarystationsthattogetherservetoconnectthesenderandthereceiver. TCP/IP Acronym for Transmission Control Protocol/Internet Protocol. A networking protocol that allowscomputerstocommunicateacrossinterconnectednetworksandtheInternet.Everycomputer ontheInternetcommunicatesbyusingTCP/IP. Throughput The data transfer rate of a network, measured as the number of kilobytes per second transmitted. USBAcronymforuniversalserialbus.USB(UniversalSerialBus)isaplugandplayinterfacebetweena computer and addon devices (such as audio players, joysticks, keyboards, telephones, scanners, and printers). With USB, a new device can beadded to your computer without having to add an adapter cardorevenhavingtoturnthecomputeroff. USBadapterAdevicethatconnectstoaUSBport. USBconnectorTheplugendoftheUSBcablethatisconnectedtoaUSBport.Itisabouthalfaninch wide,rectangularandsomewhatat. USBportArectangularslotinacomputerintowhichaUSBconnectorisinserted. UTP Acronym for unshielded twisted pair. A cable that contains one or more twisted pairs of wires withoutadditionalshielding.Itsmoreexibleandtakeslessspacethanashieldedtwistedpair(STP) cable,buthaslessbandwidth. VirtualserverOneofmultipleWebsitesrunningonthesameserver,eachwithauniquedomainname andIPaddress. VPN A Virtual Private Network (VPN) is a private Network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling Protocol and securityprocedures.
GlobeSurferIIIPage179of180
TECHNICALREFERENCEMANUAL
WANAcronymforwideareanetwork.Ageographicallywidespreadnetworkthatmightincludemany linkedlocalareanetworks. WiFiAtermcommonlyusedtomeanthewireless802.11bstandard. WirelessReferstotechnologythatconnectscomputerswithouttheuseofwiresandcables.Wireless devicesuseradiotransmissiontoconnectcomputersonanetworktooneanother.Radiosignalscanbe transmitted through walls, ceilings, and oors, so you can connect computers that are in different roomsinthehousewithoutphysicallyattachingthemtooneanother. WirelessaccesspointAdevicethatexchangesdatabetweenwirelesscomputersorbetweenwireless computersandwiredcomputersonanetwork. WirelessnetworknameThesinglenameofagroupingofcomputersthatarelinkedtogethertoforma network. Wireless security A wireless network encryption mechanism that helps to protect data transmitted overwirelessnetworks. WLAN Acronym for wireless local area network. A network that exclusively relies on wireless technologyfordeviceconnections.
GlobeSurferIIIPage180of180
TECHNICALREFERENCEMANUAL