You are on page 1of 180

GlobeSurfer III Technical Reference Manual

Copyright2008,OptionAllinformationaboutOptionGlobeSurferIIImaychangewithout priornotice.Informationpublishedinthisreferencemanualisaccurateatthetimeof publication.Althoughallsecurityprecautionsweretakenduringthecreationofthis referencemanual,Optionisnotliabletowardpersonsororganisationsforlossesordamages causedeitherdirectlyorindirectlyduetoinstructionscontainedinthisreferencemanual.All brandsandregisteredbrandsarepropertyoftheirrespectiveowners.Servicesmaybe changed,added,ordeleted.ForthenewestfirmwareversionofyourGlobeSurferIII,visit www.option.com QuestionsandanswersregardingtheGlobeSurferIIIcanbefoundonourSupportwebsite: http://support.option.com/support/faq.php TechnicalquestionscanbepostedafterregisteringthroughouronlineSupportWebForm: http://support.option.com/support/newticket.php Forregisteringpleasegoto: http://support.option.com/support/register.php

August2008

TableofContents
1. 2. IntroductiontoGlobeSurferIII .................................................................................................................6 Setup .........................................................................................................................................................7 2.1. SettingupWANandLANconnections.......................................................................................................7 2.2. PCNetworkConguration .........................................................................................................................7 GlobeSurferIIIManagementConsole .....................................................................................................10 3.1. AccessingtheGlobeSurferIIIManagementConsole.............................................................................10 3.2. MenuSystem ...........................................................................................................................................10 3.3. ManagingTables ......................................................................................................................................11 Home .......................................................................................................................................................12 4.1. Overview ..................................................................................................................................................12 4.2. MapView .................................................................................................................................................12 4.3. GlobeSurferIIIInstallationWizard.........................................................................................................13 4.3.1. InstallationWizard:Language .............................................................................................................14 4.3.2. InstallationWizard:Telephony............................................................................................................14 4.3.3. InstallationWizard:UMTS...................................................................................................................15 4.3.4. InstallationWizard:Wireless...............................................................................................................16 4.3.5. InstallationWizard:WirelessEncryption ............................................................................................17 4.3.6. InstallationWizard:FirewallPolicy......................................................................................................18 4.3.7. InstallationWizard:Finish ...................................................................................................................20 QuickSetup..............................................................................................................................................21 InternetConnection .................................................................................................................................23 6.1. General.....................................................................................................................................................23 6.2. Settings ....................................................................................................................................................24 6.3. Routing.....................................................................................................................................................25 6.4. Advanced .................................................................................................................................................26 LocalNetwork..........................................................................................................................................27 7.1. Overview ..................................................................................................................................................27 7.2. Device.......................................................................................................................................................28 7.3. Wireless ...................................................................................................................................................28 7.3.1. Overview..............................................................................................................................................29 7.3.2. Settings ................................................................................................................................................30 7.3.3. Advanced .............................................................................................................................................31 7.4. SharedStorage/DiskManagement..........................................................................................................33 7.4.1. RAIDProperties ...................................................................................................................................34 7.5. SharedPrinters/PrintServer....................................................................................................................35 Services....................................................................................................................................................36 8.1. Overview ..................................................................................................................................................36 8.2. Firewall.....................................................................................................................................................36 8.2.1. Overview..............................................................................................................................................38 8.2.2. AccessControl .....................................................................................................................................40 8.2.3. PortForwarding...................................................................................................................................49 8.2.4. DMZHost.............................................................................................................................................52 8.2.5. PortTriggering .....................................................................................................................................54 8.2.6. WebsiteRestrictions............................................................................................................................57

3.

4.

5. 6.

7.

8.

GlobeSurferIIIPage3of180

TECHNICALREFERENCEMANUAL

8.2.7. NAT ......................................................................................................................................................60 8.2.8. Connections .........................................................................................................................................64 8.2.9. AdvancedFiltering...............................................................................................................................65 8.2.10. Log .......................................................................................................................................................71 8.3. VPN/InternetProtocolSecurity(IPSec) ...................................................................................................76 8.3.1. InternetProtocolSecurity(IPSec)Settings..........................................................................................77 8.3.2. IPSecLogSettings ................................................................................................................................77 9. System .....................................................................................................................................................79 9.1. Overview ..................................................................................................................................................79 9.2. SystemSettings........................................................................................................................................80 9.2.1. Overview/SystemSettings...................................................................................................................80 9.2.2. DateandTime .....................................................................................................................................83 9.3. Users ........................................................................................................................................................85 9.3.1. UserSettings........................................................................................................................................86 9.3.2. GroupSettings .....................................................................................................................................88 9.4. NetworkConnections ..............................................................................................................................88 9.4.1. ConnectionWizard ..............................................................................................................................90 9.4.2. LANBridge ...........................................................................................................................................93 9.4.3. LANEthernet .....................................................................................................................................101 9.4.4. LANWireless......................................................................................................................................103 9.4.5. WANCellular .....................................................................................................................................110 9.4.6. ConfiguringyourWirelessWindows XPclients ...............................................................................114 9.5. Monitor ..................................................................................................................................................117 9.5.1. NetworkConnection..........................................................................................................................117 9.5.2. CPU ....................................................................................................................................................118 9.5.3. SystemLog.........................................................................................................................................119 9.6. Routing...................................................................................................................................................120 9.6.1. General/Routing ................................................................................................................................120 9.6.2. BGPandOSPF ....................................................................................................................................123 9.6.3. PPPoERelay .......................................................................................................................................124 9.7. Management..........................................................................................................................................124 9.7.1. UniversalPlugandPlay .....................................................................................................................124 9.7.2. SimpleNetworkManagementProtocol(SNMP)...............................................................................125 9.7.3. RemoteAdministration .....................................................................................................................127 9.8. Maintenance ..........................................................................................................................................129 9.8.1. AboutGlobeSurferIII.......................................................................................................................129 9.8.2. ConfigurationFile ..............................................................................................................................130 9.8.3. Reboot ...............................................................................................................................................131 9.8.4. RestoreFactorySettings....................................................................................................................131 9.8.5. Firmwareupgrade .............................................................................................................................132 9.8.6. Diagnostics.........................................................................................................................................133 9.9. ObjectsandRules ..................................................................................................................................134 9.9.1. Protocols............................................................................................................................................134 9.9.2. NetworkObjects................................................................................................................................139 9.9.3. SchedulerRules .................................................................................................................................142 9.9.4. Certificates.........................................................................................................................................144 10. Shortcuts ...............................................................................................................................................154 11. Telephone..............................................................................................................................................156

GlobeSurferIIIPage4of180

TECHNICALREFERENCEMANUAL

11.1. Missedcalls ............................................................................................................................................156 11.2. Incomingcalls ........................................................................................................................................156 11.3. Outgoingcalls.........................................................................................................................................157 11.4. Telephonesettings.................................................................................................................................157 11.5. CallForwarding ......................................................................................................................................158 11.6. CallWaiting ............................................................................................................................................159 11.7. CallerID..................................................................................................................................................160 11.8. SIMsetup ...............................................................................................................................................160 11.8.1. SIMPINchange..................................................................................................................................161 11.8.2. SIMPINenable ..................................................................................................................................162 11.8.3. SIMPIN2change................................................................................................................................162 11.8.4. Unlockdevice ....................................................................................................................................163 12. SMS .......................................................................................................................................................163 12.1. SMSCreate.............................................................................................................................................164 12.2. Inbox ......................................................................................................................................................165 12.3. Outbox ...................................................................................................................................................166 12.4. Sent ........................................................................................................................................................166 12.5. Drafts .....................................................................................................................................................166 12.6. Templates ..............................................................................................................................................167 12.7. Archive ...................................................................................................................................................167 12.8. SIMcard .................................................................................................................................................167 12.9. Settings ..................................................................................................................................................168 ListofAcronyms ............................................................................................................................................169 Glossary ........................................................................................................................................................171

GlobeSurferIIIPage5of180

TECHNICALREFERENCEMANUAL

1. IntroductiontoGlobeSurferIII
Withinminutes,youcanconnecttoyourmobilenetworkanduseawirelessconnectiontotheInternet throughthemobilenetwork. GlobeSurferIIIiscompatiblewithGSMand3GmobilenetworksandsupportsGPRS,EDGE,UMTSand HSDPAtechnologies. Tip:Toachievethebestpossiblereception,checkthesignalstrengthonthedisplayoftheunit(the morebarsthebetterthereception).Youmayfindthatplacingtheunitnearawindowprovidesthe bestreception. Simplesetup GlobeSurferIIIprovidesyouwithaquickinstallationandsetupthatgetsyoueasilyandquickly connectedtotheInternet.YoucanuseanInternetbrowser(e.g.MicrosoftInternetExplorer6.0or Firefox1.5)andmostpersonalcomputers,includingWindows,MacintoshandLinux.TheQuick SetupWizardintroducesyoutothebasicsettingsthatneedtobeconfiguredforusewiththemobile network.Onceyouhaveconfigured,youcanreviewandenablecustomisedwirelesssecuritysettings. Instantprotection YourGlobeSurferIIIsupportsNetworkAddressTranslation(NAT).Thisnetworkservicehidesthe computersinyournetworksotheycannotbefoundordirectlyaccessedfromoutsideyournetwork.A firewallisalsoincludedwhich,bydefault,blocksincomingtrafficandallowsoutgoingtraffic. Additionalsecurity GlobeSurferIIIsupportsbothWiredEquivalentPrivacy(WEP)andWiFiProtectedAccess(WPAand WPA2)toprotectyournetworkdata.Securitylogskeepyouawareofpotentialsecurityrisksand intrusionattempts.Youcanviewlogsonlineorviaemail. Stayintouch YoucanuseGlobeSurferIIItosendandreceiveSMStextmessages.Thedisplayonthe frontoftheunitletsyouknowwhenanewSMSarrives. YoucanuseGlobeSurferIIItomakemobilephonecalls.Whenyougetaphonecallthe displayshowsthecallersnumberandindicatesmissedcalls. Importantnote Toprotectyournetworkfromunauthorisedaccess,andtomakeitmoredifficultforhackerstoanalyse yourdata,pleaseconfiguretheWLANsecuritysettingsandenableWEP,WPAorWPA2encryptionon yourGlobeSurferIII. AboutThisManual ThismanualdescribesconfigurationandoperationofGlobeSurferIII.Itisintendedasacomplement totheGlobeSurferIIIUserGuidetoprovidereferenceinformationfortheadvanceduserofthe GlobeSurferIII.ItisassumedthatthehardwareinstallationofGlobeSurferIIIhasbeendonewhen theReferenceManualisread.ThisversionofthemanualisvalidforGlobeSurferIII.

GlobeSurferIIIPage6of180

TECHNICALREFERENCEMANUAL

2. Setup
Connectingyourcomputerorhomenetworktothegatewayisasimpleprocedure,varyingslightly dependingonyouroperatingsystem.ThischapterwillhelpyoutoseamlesslyintegrateGlobeSurferIII withyourcomputerorhomenetwork.TheWindowsdefaultnetworksettingsdictatethatinmost casesthesetupproceduredescribedbelowwillbeunnecessary.Forexample,thedefaultDHCPsetting inWindows2000isclient,requiringnofurthermodication.However,itisadvisedtofollowthesetup proceduredescribedbelowtoverifythatallcommunicationparametersarevalidandthatthephysical cableconnectionsarecorrect.Thesetupprocedureconsistsofthreeconsecutivecongurationstages: SettingupWANandLANconnections(seesection2.1) PCNetworkConguration(seesection2.2) GlobeSurferIIIQuickSetup(seesection4.3)

2.1.

SettingupWANandLANconnections

WANConnection:settinguptheWANconnectionrequiresthataSIMcardisinsertedcorrectlyinto theSIMslotoftheGlobeSurferIII.SeetheUserGuideforinstructionsonhowtoinserttheSIM card.WiththeSIMcardinplaceyouconfiguretheWANconnectionthroughtheQuickSetupof GlobeSurferIII(seesection4.3).ThefirsttimeyoulogintoGlobeSurferIIIyouwillhavetoentera PINcode.ThePINcodeisreceivedfromyourISP,butnormallyprovidedseparatelyfromtheSIM cardforsecurityreasons. LANConnection:yourcomputercanconnecttothegatewayintwoways,eitherthroughEthernet orthroughtheuseofWireless.ThemostcommontypeofconnectionisEthernet,withmost platformsfeaturingfoursuchports.UseanEthernetcabletoconnectbetweenanEthernetporton yourgatewayandyourcomputersnetworkcard.PleaserefertotheaccompanyingInstallation Guidesforadditionalinformation.

2.2.

PCNetworkConguration

EachnetworkinterfaceonthePCshouldeitherbeconguredwithastaticallydenedIPaddressand DNSaddress,orshouldbeinstructedtoautomaticallyobtainanIPaddressusingtheNetworkDHCP server.GlobeSurferIIIprovidesaDHCPserveronitsLANanditisrecommendedtocongureyourLAN toobtainitsIPandDNSserverIPsautomatically.Thiscongurationprincipleisidenticalbutperformed differentlyoneachoperatingsystem. ThefollowingscreendisplaystheTCP/IPPropertiesdialogboxasitappearsinWindowsXP.Following areTCP/IPcongurationinstructionsforallsupportedoperatingsystems.

GlobeSurferIIIPage7of180

TECHNICALREFERENCEMANUAL

WindowsXP AccessNetworkConnectionsfromtheControlPanel. RightclicktheEthernetconnectionicon,andselectProperties. UndertheGeneraltab,selecttheInternetProtocol(TCP/IP)component,andpresstheProperties button. TheInternetProtocol(TCP/IP)propertieswindowwillbedisplayed. SelecttheObtainanIPaddressautomaticallyradiobutton. SelecttheObtainDNSserveraddressautomaticallyradiobutton. ClickOKtosavethesettings. Windows2000/98/Me AccessNetworkandDialingConnectionsfromtheControlPanel. RightclicktheEthernetconnectionicon,andselectPropertiestodisplaytheconnections properties. SelecttheInternetProtocol(TCP/IP)component,andpressthePropertiesbutton. TheInternetProtocol(TCP/IP)propertieswillbedisplayed. SelecttheObtainanIPaddressautomaticallyradiobutton. SelecttheObtainDNSserveraddressautomaticallyradiobutton. ClickOKtosavethesettings. WindowsNT AccessNetworkfromtheControlPanel. FromtheProtocoltab,selecttheInternetProtocol(TCP/IP)component,andpresstheProperties button. FromtheIPAddresstabselecttheObtainanIPaddressautomaticallyradiobutton. FromtheDNStab,verifythatnoDNSserverisdenedintheDNSServiceSearchOrderboxandno sufxisdenedintheDomainSufxSearchOrderbox.

GlobeSurferIIIPage8of180

TECHNICALREFERENCEMANUAL

Linux Loginintothesystemasasuperuser,byenteringsuattheprompt. TypeifcongtodisplaythenetworkdevicesandallocatedIPaddresses. Typepumpi<dev>,where<dev>isthenetworkdevicename. TypeifcongagaintoviewthenewallocatedIPaddress. Makesurenorewallisactiveondevice<dev>.

GlobeSurferIIIPage9of180

TECHNICALREFERENCEMANUAL

3. GlobeSurferIIIManagementConsole
TheGlobeSurferIIImanagementconsoledescribedhereallowsyoutocontrolvariousGlobeSurferIII systemparameters,usingauserfriendlygraphicalinterface.Themanagementconsoleincludesa connectionstatusscreen,aquicksetupscreen,networkconfiguration,securityconfiguration, authenticationwithmultipleusersupport,connectionmonitoringandmore.

3.1.

AccessingtheGlobeSurferIIIManagementConsole

Toaccessthemanagementconsole: LaunchaWebbrowseronaPCintheLANorWLAN. TypetheIPaddressoftheGlobeSurferIIIoranameasprovidedbythesupplierintheaddressbar (InternetExplorer)orlocationbar(NetscapeNavigator).ThedefaultIPaddressis192.168.1.1,and defaultnameishttp://umtsgateway.mydomain. Enteryourusernameandpasswordtologontothewebbasedmanagementconsole. Yoursessionwillautomaticallytimeoutafterafewminutesofinactivity.Ifyoutrytooperatethe managementconsoleafterthesessionhasexpiredtheLoginscreenwillappearandyouwillhavetore enteryourusernameandpasswordbeforeproceeding.Thisfeaturehelpstopreventunauthorised usersfromaccessingthemanagementconsoleandchangingtheGlobeSurferIIIsettings.

3.2.

MenuSystem

TheGlobeSurferIIImanagementconsolescreenshavebeengroupedintoseveralsubjectareasand maybeaccessedbyclickingontheappropriateiconinthetopmenu.

Thesubjectareasare: Home:displaysanoverviewofthestatusoftheInternetConnection,LocalNetwork,Storage, PrintersandServices(seesection4) QuickSetup:quickaccesstobasicconfigurationsettings(seesection5) InternetConnection:configureinternetconnections(seesection6) LocalNetwork:configurelocalnetwork,storageandprintersettings(seesection7) Services:configureFirewall,PrintServer,PersonalDomainName,FileServerandIPSecsettings(see section8) System:configuresystemsettings(seesection9) Shortcuts:displaysiconstoenablequickandeasyaccesstoallareas(seesection10) Telephone:manageyourtelephonyoptions(seesection11) SMS:manageyourSMSmessages(seesection12)

GlobeSurferIIIPage10of180

TECHNICALREFERENCEMANUAL

3.3.

ManagingTables

TablesareusedthroughouttheGlobeSurferIIImanagementconsole.Theyhandleuserdefined entriesrelatingtoelementssuchasnetworkconnections,localservers,restrictionsandconfigurable parameters.Theprinciplesoutlinedinthissectionapplytoalltablesinthemanagementconsole.

Inatypicaltableeachrowdefinesanentryinthetable.ThefollowingiconslocatedintheAction columnenableadding,editinganddeletingtableentries: ClicktheAddicontoaddanentryofthesametypeasonthatrow. ClicktheEditicontoedittheentryonthatrow. ClicktheDeleteicontoremovetheentryonthatrow. ClicktheMoveDownicontomoveanentrydown. ClicktheMoveUpicontomoveanentryup. Inmanytablesthelastrowincludesalinkthatallowsaddinganewentrytothetable.

GlobeSurferIIIPage11of180

TECHNICALREFERENCEMANUAL

4. Home
Fromthisscreenyoucanclickonthetabsatthetoplefthandsidetoroutetothefollowingscreens: OverviewstatusofInternetConnection/LocalNetwork/Storage/Printers/Services(seesection4.1) MapViewpictorialoverviewofallcomponentsconnectedtoGlobeSurferIII(seesection4.2) InstallationWizardguidesyouthroughthemainsettingsforyourGlobeSurferIII(seesection4.3) QuickSetuproutesdirectlytotheQuickSetupareatochangethemainsettings(seesection5)

4.1.

Overview

ThisscreendisplaysanoverviewofthestatusoftheInternetConnection,LocalNetwork,Storage, PrintersandServicesavailabletoyouwithGlobeSurferIII.Fordetailsofeachcomponentyoucan easilydrilldownbyclickingonthearea.

4.2.

MapView

ThisscreenshowsapictorialoverviewofallcomponentscurrentlyconnectedtoyourGlobeSurferIII includingthefirewallandallnetworksincludingwirelessnetworks.Fordetailsofeachcomponentyou caneasilydrilldownbyclickingonthecomponenticon.

GlobeSurferIIIPage12of180

TECHNICALREFERENCEMANUAL

4.3.

GlobeSurferIIIInstallationWizard

TheGlobeSurferIIImanagementconsoleallowsyoutocontrolvariousGlobeSurferIIIsystem parameters.Theinterfaceisaccessedthroughawebbrowser: StartawebbrowseronyourPC. Entertheaddress192.168.1.1todisplaytheGlobeSurferIIImanagementconsole.Whenfirst loggingontothemanagementconsole,theLoginscreenwillappear.Configureyourlanguage settingsandenterapassword.Toverifycorrectnessretypethepassword,andclickOKtologinto themanagementconsole.Forsecurityreasonsitisstronglyrecommendedthatyouspecifya password.However,makesureyourememberyournewusernameandpassword,sincethisisthe onlywayyouwillbeabletologintotheGlobeSurferIIIfromnowon.

AfterchoosingyourpasswordandclickingOKyouwillbeforwardedtotheInstallationWizardpage. ClickOKtocontinuetheInstallationWizard. TheInstallationWizardhelpsyoutoquicklysetthemostimportantsettingsofyourGlobeSurferIII. IfyouwouldliketocompletetheInstallationwithoutusingtheWizardjustclickCancel. Alternatively,clicktheQuickSetupiconontheleftsidebar,afterloginin.Thefollowingsections describethevariousconfigurationparametersofInstallation.OnceyouhavefilledtheInstallation sectionsasdescribedbelow,clicktheOKbuttontoconfigureyourGlobeSurferIII.

GlobeSurferIIIPage13of180

TECHNICALREFERENCEMANUAL


4.3.1. InstallationWizard:Language

SelectthelanguageandtimezoneyouwouldliketouseontheGlobeSurferIIIManagementConsole andDisplay.

4.3.2. InstallationWizard:Telephony

Selectthecountryforyourtelephonehandset.Thiswilladaptthetelephoneconnectorof GlobeSurferIIItoworkwithyourhandset.

GlobeSurferIIIPage14of180

TECHNICALREFERENCEMANUAL


4.3.3. InstallationWizard:UMTS

CheckorchangethefollowingsettingsontheInstallationscreentoconfiguretheUMTSconnection:

Accesspointname:entertheaccesspointnameasprovidedbyyourInternetServiceProvider(ISP),or acceptthenamealreadyset. UMTSconnectmethod: ConnectManually:connecttotheInternetbyclickingConnectontheConnectionStatuspagein themanagementconsoleorpresstheConnectbuttonontheGlobeSurferIIIunit. Automaticallyconnectupontraffic:GlobeSurferIIIwillautomaticallyconnectwhenyou attempttosenddataviatheInternet. Alwaysconnected:GlobeSurferIIIwillconnecttotheinternetwhenpossibleandwillremain connected. Incaseofinactivity,disconnectafter(minutes):thedefaultiszero(0),meaningUMTSwillstay connecteduntilmanuallydisconnected.Themaximumis1440minutes(24hrs).Note:Incomingtrafficis treatedasinactivity.

GlobeSurferIIIPage15of180

TECHNICALREFERENCEMANUAL


4.3.4. InstallationWizard:Wireless

SSID:theServiceSetIdentifier:enteranameforyourlocalwirelessnetwork(WLAN)(maximum32 characters). Note:SettingtheSSIDtosomethinguniquewillmakeitmucheasiertoidentifyyourownwireless network,especiallyifthereareotherwirelessnetworksavailableinthenearbyarea. SSIDbroadcast:ifyousettheEnabledcheckboxtobroadcast,thenotherdevicescandetectand connecttoyourWLAN.Clearthecheckboxtodisablebroadcastingandhidethenameofyournetwork. Thisprovidesminimalsecurity,asotherdeviceshavetoknowtheSSIDtoconnect.Youcaninstallthe WLANwiththisfeatureenabledandthendisableitonceyouhavesetupGlobeSurferIIIandits associatedwirelessclients.

GlobeSurferIIIPage16of180

TECHNICALREFERENCEMANUAL


4.3.5. InstallationWizard:WirelessEncryption

InordertoprohibitunauthorizedaccesstoyourGlobeSurferIII,makesuretoapplysufficientsecurity andencryptiononyourwirelessnetwork. IfWPA2issupportedbyyourwirelessclientsitisrecommendedtoapplyWPA2encryptiontoyour wirelessnetworkasitoffersthehighestlevelofsecurity. Dependingonyourchoiceofsecuritymethod,theWirelessEncryptionpagewillrefreshwithrelevant configurationchoices.UnlessNoEncryptionisselectedyouwillbeaskedtoenteranencryptionkeyin eitherHEXorASCIIformat.HEXformatrequiresahexadecimalkey(09,af)ofvariouslength dependingonyourselection.AnASCIIkeyconsistsofapassphraseofvariouslengththatwillbe translatedbytheGlobeSurferIIIIIintoaHEXkey.UsinganASCIIkeycouldbeeasiertoremember thanaHEXkey,butinsomecasestherearecompatibilityissuesbetweendifferentvendorsofwireless equipment.Hence,ifyouareexperiencingproblemswhenusingASCIIkey,trytouseHEXkeysinstead. Availablechoicesare: None/Noencryption:thisoptionisnotrecommendedexceptduringinstallationofyour network. WPA:WiFiProtectedAccessisa256bitencryptionmethodwithkeysthatchangeautomatically overtime. WPA2:amoresecureversionofWPAwithimplementationofthe802.11istandard. WPAandWPA2:allowsbothoptions 802.1XWEP:WirelessEquivalentPrivacyisa40bitor104bitencryptionmethodwithuser configurablefixedkeys.802.1XindicatesRADIUSsupport. WEP/Non802.1XWEP:like802.1XWEPbutwithoutRADIUSsupport. AuthenticationOnly:authenticationbyphysicalMACaddress.

GlobeSurferIIIPage17of180

TECHNICALREFERENCEMANUAL

Note:WPA/WPA2isrecommendedasitprovidesthehigherlevelofsecurityduetothelongerkeythat changesautomatically.YoumustconfigureyourwirelessPCclientstousethesameencryptiontype andkeys.Otherwisethedeviceswillnotunderstandeachother.Enablingwirelessencryptionhasno securityeffectonwired(Ethernet)connections. ConfiguringWEP:selectthedesiredlevel(104bitprovideshighersecurity).EnterthePreSharedkeyin hexadecimal(10or26characters),orinplaintext(ASCII)format(5or13characters). ConfiguringWPA/WPA2:enterthePreSharedkeyasaplaintext(ASCII)passphraseofatleast8 characters.Note:notallwirelessclientequipmentsupportsASCIItextformat.Ifyouareexperiencing problems,usethehexadecimalkeyformatsincemostvendorssupportit.


4.3.6. InstallationWizard:FirewallPolicy

TheGlobeSurferIIIhasthreedifferentpredefinedFirewallPolicies: MinimumSecurity:lowestleveloffirewallsecurityallowingbothincomingandoutgoingtraffic. TypicalSecurity:offerssomefirewallsecurity,butisstillopenforallconnectionsinitiatedfrom clientsconnectedtotheGlobeSurferIII. MaximumSecurity:highestleveloffirewallsecuritywhereonlymostcommonlyusedprotocols areallowedalsoforlocalclientstryingtoconnecttotheInternet. Tolearnmoreaboutthesepredefinedsecuritylevels,pleaserefertosection8.2.Itisalsopossibleto addmoreadvancedfirewallpoliciesthanthesethreepredefinedlevels.

GlobeSurferIIIPage18of180

TECHNICALREFERENCEMANUAL

GlobeSurferIIIPage19of180

TECHNICALREFERENCEMANUAL


4.3.7. InstallationWizard:Finish

ThelastpageoftheInstallationWizardshowsallthesettingsmadeonpreviouspages.Iftheyalllook correct,presstheFinishbuttontoapplythesesettings. Ifyouwanttochangeanysettings,usetheBackbuttontonavigatetotheappropriatepageandmodify thatsetting. PresstheExitbuttonifyouwanttoquittheInstallationWizardwithoutapplyinganynewchanges.

GlobeSurferIIIPage20of180

TECHNICALREFERENCEMANUAL

5. QuickSetup

YoucanusetheQuickSetupscreentochangethemainsettingsneededtouseGlobeSurferIII: Webinterfaceanddisplay Language:selectthelanguageforGlobeSurferIII.Thecurrentlanguagesettingwillberestored ifyoudonotapplythesettings. Telephony CallerID:selectthecountryforthetelephonehandsetinterface,optionsavailableare: ETSIDTMF ETSIFSKringpulse ETSIFSKdualtone ETSIFSKLinereversal+dualtone ETSIFSKduringring Bellcore Australia UMTS Accesspointname:asprovidedbyyourmobileoperator UMTSconnectmethod:radiobuttonwiththefollowingchoices: ConnectManually:connecttotheInternetbyclickingConnectontheConnectionStatuspagein themanagementconsoleorpresstheConnectbuttononGlobeSurferIII Automaticallyconnectupontraffic:GlobeSurferIIIwillautomaticallyconnectwhenyou attempttosenddataviatheInternet Alwaysconnected:GlobeSurferIIIwillstayconnected

GlobeSurferIIIPage21of180

TECHNICALREFERENCEMANUAL

Incaseofinactivity,disconnectafter(minutes):Thedefaultis10minures.Setittozero(0)if youwanttheUMTStostayconnected.Themaximumis1440minutes(24hours).Incoming trafficistreatedasinactivity.

Wireless ThefollowingsettingsarethemostimportantforthelocalWirelessLAN: Wireless:clickontheEnabledcheckboxtoenablethisfunction SSID:theServiceSetIdentifierenteranameforyourlocalwirelessnetwork(WLAN) SSIDBroadcast PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.


.

GlobeSurferIIIPage22of180

TECHNICALREFERENCEMANUAL

6. InternetConnection
TheWANCellularconnectionconnectsGlobeSurferIIItotheInternetandothernetworksthrough GSMorUMTSmobiletelecommunicationsstandards.TheWANCellularPropertiesscreendisplaysa summaryoftheconnection. Fromthisscreenyoucanclickonthetabsatthetoplefthandsidetoroutetothefollowingdetailed screens: Generalsummaryofwirelessconnection(seesection6.1) Settingsgeneralcommunicationsparameters(seesection6.2) Routingsetsstaticordynamicroutingoptions(seesection6.3) Advancedactivatefirewallfornetworkconnection(seesection6.4)

6.1.

General

TheWANCellularconnectionconnectstheGlobeSurferIIItotheInternetandothernetworksthrough theGSMandUMTSmobiletelecommunicationsstandards.TheWANCellularPropertiesscreendisplays asummaryoftheconnectionproperties.

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage23of180

TECHNICALREFERENCEMANUAL

6.2.

Settings

Thetoppartoftheconfigurationwindowdisplaysgeneralcommunicationparameters.Itisnot recommendedtochangethedefaultvaluesinthisscreenunlessyouarefamiliarwiththenetworking conceptstheyrepresent.Sinceyourgatewayisconfiguredtooperatewiththedefaultvalues,no parametermodificationisnecessary.

Youcanconfigurethefollowinggeneralconnectionsettings: MTU:thisistheMaximumTransmissionUnit.Itspecifiesthelargestpacketsizepermittedfor Internettransmission.Manual,allowsyoutoenterthelargestpacketsizethatwillbe transmitted.Therecommendedsize,is1492.Youshouldleavethisvalueinthe1200to1500 range.TohavethegatewayselectthebestMTUforyourInternetconnection,selectAutomatic (defaultsetting). PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage24of180

TECHNICALREFERENCEMANUAL

6.3.

Routing

Youcanchoosetosetupyourgatewaytousestaticordynamicrouting.Dynamicroutingautomatically adjustshowpacketstravelonthenetwork,whereasstaticroutingspecifiesafixedroutingpathto neighbouringdestinations.

Youcanconfigurethefollowingroutingsettings: RoutingMode:selectoneofthefollowingroutingmodes: Route:useroutemodeifyouwantyourGlobeSurferIIItofunctionasarouterbetween twonetworks. NAPT:NetworkAddressandPortTranslation(NAPT)referstonetworkaddresstranslation involvingthemappingofportnumbers,allowingmultiplemachinestoshareasingleIP address.UseNAPTifyourLANencompassesmultipledevices,atopologythatnecessitates porttranslationinadditiontoaddresstranslation. Devicemetric:thisisavalueusedbythegatewaytodeterminewhetheronerouteissuperiorto another,consideringparameterssuchasbandwidth,delay,andmore. DefaultRoute:selectthischeckboxtodefinethisdeviceasthedefaultroute. MulticastIGMPProxyDefault:IGMPproxyenablesthesystemtoissueIGMPhostmessageson behalfofhoststhatthesystemdiscoveredthroughstandardIGMPinterfaces.IGMPproxy enablestheroutingofmulticastpacketsaccordingtotheIGMPrequestsofLANdevicesasking tojoinmulticastgroups.Selectthecheckboxtoenablethisfeature. RoutingInformationProtocol(RIP):selectthischeckboxtoenabletheRoutingInformation Protocol(RIP).RIPdeterminesaroutebasedonthesmallesthopcountbetweensourceand destination. RoutingTable:allowsyoutoaddormodifyrouteswhenthisdeviceisactive.UsetheNewRoute buttontoaddarouteoreditexistingroutes. PresstheOKbuttontoapplychangesandgobacktothepreviousscreen.

GlobeSurferIIIPage25of180

TECHNICALREFERENCEMANUAL

PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

6.4.

Advanced

Yourgateway'sfirewallhelpsprotectyourcomputerbypreventingunauthorizedusersfromgaining accesstoitthroughanetworksuchastheInternet.Thefirewallcanbeactivatedpernetwork connection.

Toenablethefirewallonthisnetworkconnection,selecttheEnabledcheckbox.Tolearnmoreabout yourgateway'ssecurityfeatures,pleaserefertosection8.2. PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage26of180

TECHNICALREFERENCEMANUAL

7. LocalNetwork
Thisareaprovidesanoverviewofandtheabilitytoconfigurelocalnetwork,storageandprinter settings. Fromthisscreenyoucanclickonthetabsatthetoplefthandsidetoroutetothefollowingdetailed screens: Overviewoverviewoflocalnetwork,storageandprinters(seesection7.1) Devicelistofalldevicesinlocalnetworkwithabilitytodrilldowntoseedetail(seesection7.2) Wirelessoverviewofwirelessnetworkwithabilitytodrilldowntoseedetail(seesection7.3) SharedStoragemanageyoursystemstoragearea,disksandRAIDdevices(seesection7.4) SharedPrintersshowsprintersattachedtothedeviceviatheUSBconnection(seesection7.5)

7.1.

Overview

Thisscreendisplaysanoverviewofthelocalnetwork,storageandprinters,andprovidesaccessto furtherscreenswhereindividualdevices,wirelessnetwork,sharedprintersandsharedstoragecanbe configuredandmodified.

Thefollowingdataisdisplayed: LocalNetwork:thenumberofcomputersconnectedisshown.Foreachcomputerthefollowing dataappears: Type Name IPaddress Status Blockstatus Storage:thenumberofexternalharddiskdrivesconnectedisshown Printers:thenumberofprintersconnectedisshown PresstheRefreshbuttontorefreshthescreen.

GlobeSurferIIIPage27of180

TECHNICALREFERENCEMANUAL

7.2.

Device

Thisscreendisplaysalistofallthedevicesinthelocalnetworkalongwiththeirstatus,andprovidesthe abilitytomodifyanddeleteeachentry.

Foreachdevicethefollowingdataisdisplayed: Name Numberofcomputersconnected Status ClickingonaLANBridgeentryroutesyoutotheLANBridgePropertiesscreenintheSystem/Network Connections/Generalpartofthesystem(seesection9.4.1) ClickingonaLANEthernetentryroutesyoutotheLANEthernetPropertiesscreeninthe System/NetworkConnections/Generalpartofthesystem(seesection9.4.1) ClickingonaLANWireless802.11gAccessPointentryroutesyoutotheLANWireless802.11gAccess PointPropertiesscreenintheSystem/NetworkConnections/Generalpartofthesystem(seesection 9.4.1)

7.3.

Wireless

Fromthisscreenyoucanclickonthetabsatthetoprighthandsidetoroutetothefollowingdetailed screens: Overview(seesection7.3.1) Settings(seesection7.3.2) Advanced(seesection7.3.3)

GlobeSurferIIIPage28of180

TECHNICALREFERENCEMANUAL


7.3.1. Overview

Thisscreenprovidesanoverviewofthewirelessnetwork.

Thefollowingdataisdisplayed: EnableWireless:clicktocheckboxtoenablewirelessfunctionality WirelessNetwork(SSID):theSSIDisthenetworknamesharedamongallpointsinawireless network.Itmustbeidenticalforallpointsinthewirelessnetwork.Itiscasesensitiveandmust notexceed32characters(useanyofthecharactersonthekeyboard). 802.11Mode:selectthewirelesscommunicationstandardthatiscompatiblewithyourPCs wirelesscard.Optionsare: 802.11b/gMixed 802.11gOnly 802.11bOnly Security:choosetherequiredsecurityoptionfromthedropdownbox,optionsare: None WebAuthentication PasswordProtected(WPA) PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage29of180

TECHNICALREFERENCEMANUAL


7.3.2. Settings

Thisscreenenablesyoutoentermorewirelesssettings.

Thefollowingdataisdisplayed: SSIDBroadcast:clickonthischeckboxtoenabletheSSID'sbroadcast.SSIDbroadcastisusedin ordertohidethenameoftheAP(SSID)fromclientsthatshouldnotbeawareofitsexistence. Channel:choosetheappropriatechannelfromthedropdownlistprovidedtocorrespondwith yournetworksettings.Alldevicesinyourwirelessnetworkmustbebroadcastondifferent channelsinordertofunctioncorrectly. Security:choosetheappropriatesecurityoptionfromthedropdownlist None WPA WPA2 WPAandWPA2 802.1XWEP Non802.1XWEP AuthenticationOnly CleanMacList:clickthisbuttontocleantheMaclist PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage30of180

TECHNICALREFERENCEMANUAL


7.3.3. Advanced

Fromthisscreenyoucanclickonthetabsatthetoplefthandsidetoroutetothefollowingdetailed screens: General(seesection7.3.3.1) Settings(seesection7.3.3.2) Wireless(seesection7.3.3.3) Advanced(seesection7.3.3.4)

7.3.3.1.

General

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

7.3.3.2.

Settings

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage31of180

TECHNICALREFERENCEMANUAL

7.3.3.3.

Wireless

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

7.3.3.4.

Advanced

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage32of180

TECHNICALREFERENCEMANUAL

7.4.

SharedStorage/DiskManagement

Thisscreenenablesyoutomanageyoursystemstoragearea,disksandRAIDdevices.

Thefollowingdataisdisplayed: Enabled:clickthischeckboxtoenablediskmanagement Status:thisshowsthestatusofdiskmanagementandhowmanydisksareconnected SystemStorageArea Status:showsthestatusofthesystemstorageareaandwhetheritisconnected AutomaticallyCreateSystemStorageArea:clickthischeckboxtoautomaticallycreatea systemstoragearea Disks:foreachdiskthefollowingdataappears: Device Description Type Size Partitions RAIDDevices:foreachRAIDdevicethefollowingdataappears: Device Name Type Status TotalSpace FreeSpace RAID Action AddRAIDDevice:clicktoaddanewdeviceandgototheRAIDPropertiesscreen(seesection7.4.1)

GlobeSurferIIIPage33of180

TECHNICALREFERENCEMANUAL

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen. PresstheRefreshbuttontorefreshthescreen.


7.4.1. RAIDProperties

ThisscreenenablesyoutoaddaRAIDdevice.

Thefollowingdatacanbeentered: RAIDlevel:chooseoneofthefollowingoptionsfromthedropdownlist: RAID0 RAID1 RAID5 MountEnabled:addamountpointnameforthecreateddevice PresstheNextbuttontoapplychangesandaddanotherdevice. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage34of180

TECHNICALREFERENCEMANUAL

7.5.

SharedPrinters/PrintServer

GlobeSurferIIIincludesaprintserverthatallowsprintersattachedtothedeviceviatheUSB connectiontobesharedbyallcomputersontheLAN.

Onthisscreenyoucanseeinformationaboutyourprinter,aswellasviewalistofprintjobs(when printsareinthequeue). Thefollowingcheckboxescanbemodified: Enabled SpooltoDisk AllowGuestAccess LPDSupport IPPSupport MicrosoftSharedPrintingSupport Foreachprintjob,thefollowingdataisdisplayed: Printer Status JobsinQueue JobsPrinted Action Storage:thenumberofexternalharddiskdrivesconnectedisshown Printers:thenumberofprintersconnectedisshown PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen. PresstheRefreshbuttontorefreshthescreen.

GlobeSurferIIIPage35of180

TECHNICALREFERENCEMANUAL

8. Services
8.1. Overview

Thisscreendisplaysicons/hyperlinksforthevariousservicesavailable: Firewall:thishyperlinkroutestotheFirewallOverviewscreen FileServer:thishyperlinkroutestotheFileServerOverviewscreen PrintServer:thishyperlinkroutestothePrintServerOverviewscreen IPSec:thishyperlinkroutestotheIPSecOverviewscreen PersonalDomainName:thishyperlinkroutestothePersonalDomainNameOverviewscreen Eachservicealsoshowsasummarydescriptionofthestatusoftheservice.

8.2.

Firewall

The GlobeSurfer III includes comprehensive and robust security services: Stateful Packet Inspection Firewall, user authentication protocols and password protection mechanisms. These featurestogetherallowuserstoconnecttheircomputerstotheInternetandsimultaneouslytobe protectedfromthesecuritythreatsoftheInternet. Thefirewall,thecornerstoneoftheGlobeSurferIIIssecurityservices,hasbeenexclusivelytailored to the needs of the residential/office user and has been preconfigured to provide optimum security. TheGlobeSurferIIIsfirewallprovidesboththesecurityandflexibilitythathomeandofficeusers seek.Itprovidesamanaged,professionallevelofnetworksecuritywhileenablingthesafeuseof interactiveapplications,suchasInternetgamingandvideoconferencing. TheGlobeSurferIIIsfirewallsupportsadvancedfiltering,designedtoallowcomprehensivecontrol overthefirewallsbehaviour.You candefinespecificinputandoutputrules,controltheorderof logically similar sets of rules and make a distinction between rules that apply to WAN and LAN

GlobeSurferIIIPage36of180

TECHNICALREFERENCEMANUAL

networkdevices. TheOverviewscreenallowsyoutochoosethesecuritylevelforthefirewall(seesection1.1.1). TheAccessControlscreencanbeusedtorestrictaccessfromthelocalnetworktotheInternet (seesection8.2.2). ThePortForwardingscreencanbeusedtoenableaccessfromtheInternettospecifiedservices providedbycomputersinthelocalnetworkandspecialInternetapplications(seesection8.2.3). The DMZ Host screenallows you to configure a LAN host to receive all traffic arriving at your GlobeSurferIII,whichdoesnotbelongtoaknownsession(seesection8.2.4). ThePortTriggeringscreenallowsyoutodefineporttriggeringentries,todynamicallyopenthe firewallforsomeprotocolsorports(seesection1.1.1). TheWebsiteRestrictionsscreenallowsyoutoblockLANaccesstoacertainhostorWebsiteon theInternet(seesection8.2.6). The NAT (Network Address Translation) screen allows you to hide the computers in your networksotheycannotbefoundordirectlyaccessedfromoutsideyournetwork(seesection 8.2.7). TheConnectionsscreenallowsyoutoviewalltheactiveconnectionsonthesystem(seesection 1.1.1). TheAdvancedFilteringscreenallowsyoutoimplicitlycontrolthefirewallsettingandrules(see section1.1.1). TheLogscreenallowsyoutoviewandconfigurethefirewallLog(seesection1.1.1)

GlobeSurferIIIPage37of180

TECHNICALREFERENCEMANUAL


8.2.1. Overview

UsetheOverviewscreentoconfigurethegatewaysbasicsecuritysettings. ThefirewallregulatestheflowofdatabetweenthehomenetworkandtheInternet.Both incomingandoutgoingdataareinspectedandtheneitheraccepted(allowedtopassthrough GlobeSurferIII)orrejected(barredfrompassingthroughGlobeSurferIII)accordingtoa flexibleandconfigurablesetofrules.Theserulesaredesignedtopreventunwantedintrusions fromtheoutside,whileallowinghomeusersaccesstotheInternetservicesthattheyrequire. ThefirewallrulesspecifywhattypesofservicesavailableontheInternetmaybeaccessedfrom thehomenetworkandwhattypesofservicesavailableinthehomenetworkmaybeaccessed fromtheInternet.Eachrequestforaservicethatthefirewallreceives,whetheroriginatingin theInternetorfromacomputerinthehomenetwork,ischeckedagainstthesetoffirewall rulestodeterminewhethertherequestshouldbeallowedtopassthroughthefirewall.Ifthe requestispermittedtopass,thenallsubsequentdataassociatedwiththisrequest(asession) willalsobeallowedtopass,regardlessofitsdirection. Forexample,whenyoupointyourWebbrowsertoaWebpageontheInternet,arequestis sentouttotheInternetforthispage.WhentherequestreachesGlobeSurferIIIthefirewall willidentifytherequesttypeandorigin,HTTPandaspecificPCinyourhomenetwork,inthis case.Unlessyouhaveconfiguredaccesscontroltoblockrequestsofthistypefromthis computer,thefirewallwillallowthisrequesttopassoutontotheInternet(seesection8.2.2for moreonsettingaccesscontrols).WhentheWebpageisreturnedfromtheWebserverthe firewallwillassociateitwiththissessionandallowittopass,regardlessofwhetherHTTPaccess fromtheInternettothehomenetworkisblockedorpermitted. Theimportantthingtonotehereisthatitistheoriginoftherequest,notsubsequentresponses

GlobeSurferIIIPage38of180

TECHNICALREFERENCEMANUAL

tothisrequest,thatdetermineswhetherasessioncanbeestablishedornot. YoumaychoosefromamongthreepredefinedsecuritylevelsforGlobeSurferIII:Minimum, TypicalandMaximum.ThetablebelowsummarizesthebehaviourofGlobeSurferIIIforeach ofthethreesecuritylevels. Securitylevel RequestsOriginatinginthe RequestsOriginatinginthe WAN(IncomingTraffic) LAN(OutgoingTraffic) MaximumSecurity Blocked:Noaccesstohome Limited:Bydefault,only networkfromInternet, commonlyusedservices, exceptasconfiguredinthe suchasWebbrowsingande PortForwarding,DMZhost mail,arepermitted* andRemoteAccessscreens TypicalSecurity Blocked:Noaccesstohome Blocked:Noaccesstohome networkfromInternet, networkfromInternet, exceptasconfiguredinthe exceptasconfiguredinthe PortForwarding,DMZhost PortForwarding,DMZhost andRemoteAccessscreens andRemoteAccessscreens MinimumSecurity Unrestricted:Permitsfull Blocked:Noaccesstohome accessfromInternetto networkfromInternet, homenetwork;all exceptasconfiguredinthe connectionattempts PortForwarding,DMZhost permitted. andRemoteAccessscreens *TheseservicesincludeTelnet,FTP,HTTP,HTTPS,DNS,IMAP,POP3andSMTP.Thelistof allowedservicesat'MaximumSecurity'modecanbeeditedintheAccessControlpage. Attention:Someapplications(suchassomeInternetmessengersandPeerToPeerclient applications)tendtousetheseports,iftheycannotconnectwiththeirowndefaultports.When applyingthisbehaviour,theseapplicationswillnotbeblockedoutbound,evenatMaximum SecurityLevel. Choosefromtheamongthethreepredefinedsecuritylevelsdescribedinthetableabove: MaximumSecurity:ifthisoptionischosen,remoteadministrationsettingswilloverride thesecurityinboundpolicyandoutboundaccessisallowedtothefollowingservices: DHCP,DNS,IMAP,POP3,HTTPS,FTPandTelnet. TypicalSecurity:thisisthedefaultoptionwhereremoteadministrationsettingswill overridethesecurityinboundpolicy. Minimumsecurity:thisoptionisnotrecommendedasitmayexposethehomenetwork tosignificantsecurityrisks,andthusshouldonlybeused,whennecessary,forshort periodsoftime. BlockIPFragments:clickthischeckboxinordertoprotectyourhomenetworkfroma commontypeofhackerattackthatcouldmakeuseoffragmenteddatapacketsto sabotageyourhomenetwork.(NotethatVPNoverIPSecandsomeUDPbasedservices

GlobeSurferIIIPage39of180

TECHNICALREFERENCEMANUAL

makelegitimateuseofIPfragments.YouwillneedtoallowIPfragmentstopassinto thehomenetworkinordertomakeuseoftheseselectservices.) PresstheOKbuttontoapplychangesandgobacktotheHomescreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheHomescreen.


8.2.2. AccessControl

You may want to block specific computers within the home network (or even the whole network)fromaccessingcertainservicesontheInternet.Forexample,youmaywanttoprohibit one computer from surfing the Web, another computer from transferring files using FTP, and thewholenetworkfromreceivingincomingemail. Access Control defines restrictions on the types of requests that may pass from the home networkouttotheInternet,andthusmayblocktrafficflowinginbothdirections.Itcanalsobe usedforallowingspecificserviceswhenmaximumsecurityisconfigured.Intheemailexample given above, you may prevent computers in the home network from receiving email by blockingtheiroutgoingrequeststoPOP3serversontheInternet. There are numerous services you should consider blocking, such as popular game and file sharing servers. For example, if you want to make sure that your employees do not put your businessatriskfromillegallytradedcopyrightfiles,youmaywanttoblockseveralpopularP2P andfilesharingapplications. ThisscreenoffersthefacilitytoblockaccesstoInternetservicesfromwithintheLAN.Entries canbeadded,editedordeleted. Thefollowingfieldsaredisplayed: LocalHost:identifier LocalAddress:computertoapplytheaccesscontrolruleto Protocols:typeofprotocol

GlobeSurferIIIPage40of180

TECHNICALREFERENCEMANUAL

Status:showsthestatusoftheaccesscontrolrule Action:optionsforaddingnewentriesoreditingordeletingexistingones ClickonNewEntrythisroutestotheAddAccessControlRulescreen(seesection8.2.2.1) ClickontheediticonthisroutestotheEditAccessControlRulescreen(seesection8.2.2.2) PresstheOKbuttontoapplychangesandgobacktotheHomescreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheHomescreen. PresstheResolveNowbuttontocheckthescreen. PresstheRefreshbuttontorefreshthescreen.

8.2.2.1.

AddAccessControlRule

Thisscreenallowstheentryofnewaccesscontrolrules.Thefollowingfieldsshouldbe entered: Address:specifythecomputerorgroupofcomputerstoapplytheaccesscontrolrule to:optionsavailableare: o Any o UserDefinedthisroutestotheEditNetworkObjectscreen(seesection 8.2.2.3) o SpecificcomputeraddressinyourLAN Protocol:typeofprotocolthatwillbeused:choosefromthedropdownlist: o Any o UserDefinedthisroutestotheEditServicescreen(seesection8.2.2.5) o ShowBasicServicesifthisoptionischosenareducedlistofoptionsis displayedincluding: FTPFileTransfer HTTPWebServer HTTPSSecuredWebServer

GlobeSurferIIIPage41of180

TECHNICALREFERENCEMANUAL

IMAPMessagingServer L2TPLayer2TunelingProtocol PingICMPEchoRequest POP3IncomingMail SMTPOutgoingMail SNMPSimpleNetworkManagementProtocol TelnetRemoteConnection TFTPTrivialFileTransferProtocol TracerouteRouteTrackingUtility o ShowAllServicesamorecomprehensivelistofservicesisdisplayed ReplyanHTMLPagetotheBlockedClient:clickthischeckboxtosendanHTMLpage totheclientwhenaccessisblockedthisischeckedbydefault Schedule:definethetimeperiodduringwhichthisrulewilltakeeffect: o Alwaysaccessisalwayscontrolled o UserdefinedthisroutestotheEditSchedulerRulescreen(seesection 8.2.2.7)

PresstheOKbuttontoapplychangesandgobacktotheAccessControlscreen. PresstheCancelbuttontorejectchangesandgobacktotheAccessControlscreen.

8.2.2.2.

EditAccessControlRule

Thisscreenallowstheeditingofexistingaccesscontrolrules.Thefollowingfieldsshouldbe entered: Address:specifythecomputerorgroupofcomputerstoapplytheaccesscontrolrule to:optionsavailableare: o Any o UserDefinedthisroutestotheEditNetworkObjectscreen(seesection 8.2.2.3) o SpecificcomputeraddressinyourLAN Protocol:typeofprotocolthatwillbeused:choosefromthedropdownlist:

GlobeSurferIIIPage42of180

TECHNICALREFERENCEMANUAL

o Any o UserDefinedthisroutestotheEditServicescreen(seesection8.2.2.5) o ShowBasicServicesifthisoptionischosenareducedlistofoptionsis displayedincluding: FTPFileTransfer HTTPWebServer HTTPSSecuredWebServer IMAPMessagingServer L2TPLayer2TunelingProtocol PingICMPEchoRequest POP3IncomingMail SMTPOutgoingMail SNMPSimpleNetworkManagementProtocol TelnetRemoteConnection TFTPTrivialFileTransferProtocol TracerouteRouteTrackingUtility o ShowAllServicesamorecomprehensivelistofservicesisdisplayed ReplyanHTMLPagetotheBlockedClient:clickthischeckboxtosendanHTMLpage totheclientwhenaccessisblockedthisischeckedbydefault Schedule:definethetimeperiodduringwhichthisrulewilltakeeffect: o Alwaysaccessisalwayscontrolled o UserdefinedthisroutestotheEditSchedulerRulescreen(seesection 8.2.2.7)

PresstheOKbuttontoapplychangesandgobacktotheAccessControlscreen. PresstheCancelbuttontorejectchangesandgobacktotheAccessControlscreen.

8.2.2.3.

EditNetworkObject

Thisscreenallowstheeditingofnetworkobjects.Thefollowingfieldsshouldbeentered: Description:typethedescriptionoftheobject

GlobeSurferIIIPage43of180

TECHNICALREFERENCEMANUAL

ClickonNewEntrythisroutestotheEditItemscreen(seesection8.2.2.4) PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

8.2.2.4.

EditItem

Thisscreenallowstheeditingofnetworkobjecttypes.Thefollowingfieldsshouldbe entered: NetworkObjectType:choosefromthedropdownlist: o IPAddress,thenenter IPaddress o IPSubnet,thenenter SubnetIPAddress SubnetMask o IPRange,thenenter FromIPAddress ToIPAddress o MACAddress,thenenter MACAddress MACMask o HostName,thenenter HostName o DHCPOption,thenchoosefromthedropdownlist: 60:VendorClassID 61:ClientID 77:UserClassID thenentertheappropriateID PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage44of180

TECHNICALREFERENCEMANUAL

8.2.2.5.

EditService

Thisscreenallowstheeditingofservices.Thefollowingfieldsshouldbeentered: ServiceName:typethenameoftheservice ClickonNewServerPortsthisroutestotheEditServiceServerPortsscreen(seesection 8.2.2.6) PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

8.2.2.6.

EditServiceServerPorts

Thisscreenallowstheeditingofserviceserverports.Thefollowingfieldsshouldbeentered: Protocol:choosefromthedropdownlist: o TCP,thenenter SourcePorts,thenchoosefromthedropdownlist: Any

GlobeSurferIIIPage45of180

TECHNICALREFERENCEMANUAL

o o o o

Single,thenenterportnumber Range,thenenterrangevalues DestinationPorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues UDP,thenenter SourcePorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues DestinationPorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues ICMP,thenenter ICMPMessagebychoosingfromthedropdownlist: EchoReply NetworkUnreachable HostUnreachable ProtocolUnreachable PortUnreachable DestinationNetworkUnknown DestinationHostUnknown RedirectforNetwork RedirectforHost EchoRequest Other GRE ESP AH Other,thenenter ProtocolNumber

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage46of180

TECHNICALREFERENCEMANUAL

8.2.2.7.

EditSchedulerRule

Thisscreenallowstheeditingofschedulerrules.Thefollowingfieldsshouldbeentered: Name:typethenameoftheschedulerruledandclickonNewTimeSegmentEntry RuleActivitysettings:choosefromthefollowingradiobuttons o RulewillbeActiveattheScheduledTime o RulewillbeInactiveattheScheduledTime ClickonNewTimeSegmentEntrythisroutestotheEditTimeSegmentscreen(seesection 8.2.2.8) PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage47of180

TECHNICALREFERENCEMANUAL

8.2.2.8.

EditTimeSegment

Thisscreenallowstheeditingoftimesegments.Thefollowingfieldsshouldbeentered: DaysofWeek:checkthedaysoftheweekwhentheruleshouldapply ClickonNewHoursRangeEntrythisroutestotheEditHourRangescreen(seesection 8.2.2.9) PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

8.2.2.9.

EditHourRange

Thisscreenallowstheentryofthehoursduringthedaywhentheruleswillapply.The followingfieldsshouldbeentered: StartTimeinhoursandminutes

GlobeSurferIIIPage48of180

TECHNICALREFERENCEMANUAL

EndTimeinhoursandminutes PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.


8.2.3. PortForwarding

Initsdefaultstate,GlobeSurferIIIblocksallexternalusersfromconnectingtoor communicatingwithyournetwork.Thereforethesystemissafefromhackerswhomaytryto intrudeonthenetworkanddamageit.However,youmaywanttoexposeyournetworktothe Internetincertainlimitedandcontrolledwaysinordertoenablesomeapplicationstowork fromtheLAN(game,voiceandchatapplications,forexample)andtoenableInternetaccessto serversinthehomenetwork.ThePortForwardingfeaturesupportsbothofthese functionalities.Ifyouarefamiliarwithnetworkingterminologyandconcepts,youmayhave encounteredthistopicreferredtoasLocalServers.

ThePortForwardingscreenletsyoudefinetheapplicationsthatrequirespecialhandlingby GlobeSurferIII.Allyouhavetodoisselecttheapplication'sprotocolandthelocalIPaddressof thecomputerthatwillbeusingorprovidingtheservice.Ifrequired,youmayaddnewprotocols inadditiontothemostcommononesprovidedbyGlobeSurferIII. Forexample,ifyouwantedtouseaFileTransferProtocol(FTP)applicationononeofyourPCs, youwouldsimplyselectFTPfromthelistandenterthelocalIPaddressorhostnameofthe designatedcomputer.AllFTPrelateddataarrivingatGlobeSurferIIIfromtheInternetwill henceforthbeforwardedtothespecifiedcomputer. Similarly,ifyouwanttograntInternetusersaccesstoserversinsideyourhomenetwork,you mustidentifyeachservicethatyouwanttoprovideandthePCthatwillprovideit.Forexample, ifyouwanttohostaWebserverinsidethehomenetworkyoumustselectHTTPfromthelistof protocolsandenterthelocalIPaddressorhostnameofthecomputerthatwillhosttheWeb server.WhenanInternetuserpointsherbrowsertotheexternalIPaddressofGlobeSurferIII, thegatewaywillforwardtheincomingHTTPrequesttothecomputerthatishostingtheWeb server.

GlobeSurferIIIPage49of180

TECHNICALREFERENCEMANUAL

Additionally,portforwardingenablesyoutoredirecttraffictoadifferentportinsteadofthe onetowhichitwasdesignated.Letssay,thatyouhaveaWebserverrunningonyourPCon port8080andyouwanttograntaccesstothisservertoanyonewhoaccessesGlobeSurferIII viaHTTP.Toaccomplishthis,dothefollowing: DefineaportforwardingrulefortheHTTPservice,withthePC'sIPorhostname. Specify8080inthe'ForwardtoPort'field.

AllincomingHTTPtrafficwillnowbeforwardedtothePCrunningtheWebserveronport8080. Whensettingaportforwardingservice,youmustensurethattheportisnotalreadyinuseby anotherapplication,whichmaystopfunctioning.AcommonexampleiswhenusingSIPsignaling inVoiceoverIPtheportusedbythegateway'sVoIPapplication(5060)isthesameporton whichportforwardingissetforLANSIPagents. Note:Someapplications,suchasFTP,TFTP,PPTPandH323,requirethesupportofspecial specificApplicationLevelGateway(ALG)modulesinordertoworkinsidethehomenetwork. Datapacketsassociatedwiththeseapplicationscontaininformationthatallowsthemtobe routedcorrectly.AnALGisneededtohandlethesepacketsandensurethattheyreachtheir intendeddestinations.GlobeSurferIIIisequippedwitharobustlistofALGmodulesinorderto enablemaximumfunctionalityinthehomenetwork. Note:TheALGisautomaticallyassignedbasedonthedestinationport. ThisscreenoffersthefacilitytoexposeservicesontheLANtoexternalInternetusers.Entries canbeadded,editedordeleted. Thefollowingfieldsaredisplayed: LocalHost:identifier LocalAddress:IPaddressorhostnameofcomputerprovidingtheservice Protocols:typeofprotocol Status:showsthestatusoftheportforwardingrule Action:optionsforaddingnewentriesoreditingordeletingexistingones ClickonNewEntrythisroutestotheAddPortForwardingRulescreen(seesection8.2.3.1) PresstheOKbuttontoapplychangesandgobacktotheHomescreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheHomescreen. PresstheResolveNowbuttontocheckthescreen. PresstheRefreshbuttontorefreshthescreen.

GlobeSurferIIIPage50of180

TECHNICALREFERENCEMANUAL

8.2.3.1.

AddPortForwardingRule

Thisscreenallowstheentryofnewportforwardingrules.Thefollowingfieldsshouldbe entered: LocalHost:IPaddressorthehostnameofthecomputerthatwillprovidetheservice theserver.(NotethatonlyoneLANcomputercanbeassignedtoprovidea specificserviceorapplication):optionsavailableare: o UserDefinedthisroutestotheEditItemscreen(seesection8.2.3.2) o Aspecificaddress Protocol:typeofprotocol:choosefromthedropdownlist: o Any o UserDefinedthisroutestotheEditServicescreen(seesection8.2.2.5) o ShowBasicServicesifthisoptionischosenareducedlistofoptionsis displayedincluding: FTPFileTransfer HTTPWebServer HTTPSSecuredWebServer IMAPMessagingServer L2TPLayer2TunelingProtocol PingICMPEchoRequest POP3IncomingMail SMTPOutgoingMail SNMPSimpleNetworkManagementProtocol TelnetRemoteConnection TFTPTrivialFileTransferProtocol TracerouteRouteTrackingUtility o ShowAllServicesamorecomprehensivelistofservicesisdisplayed PresstheOKbuttontoapplychangesandgobacktothePortForwardingscreen. PresstheCancelbuttontorejectchangesandgobacktothePortForwardingscreen. PresstheAdvancedbuttontogototheHomescreen.

GlobeSurferIIIPage51of180

TECHNICALREFERENCEMANUAL

8.2.3.2.

EditItem

Thisscreenallowstheeditingofnetworkobjecttypes.Thefollowingfieldsshouldbe entered: NetworkObjectType:choosefromthedropdownlist: o IPAddress,thenenter IPaddress o HostName,thenenter HostName PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.


8.2.4. DMZHost

TheDMZ(Demilitarized)HostfeatureallowsonelocalcomputertobeexposedtotheInternet. DesignateaDMZhostwhen: YouwishtouseaspecialpurposeInternetservice,suchasanonlinegameorvideo conferencingprogram,thatisnotpresentinthePortForwardinglistandforwhich noportrangeinformationisavailable.

GlobeSurferIIIPage52of180

TECHNICALREFERENCEMANUAL

Youarenotconcernedwithsecurityandwishtoexposeonecomputertoallservices withoutrestriction.

Warning:ADMZhostisnotprotectedbythefirewallandmaybevulnerabletoattack. DesignatingaDMZhostmayalsoputothercomputersinthehomenetworkatrisk. WhendesignatingaDMZhost,youmustconsiderthesecurityimplicationsandprotectitif necessary. Anincomingrequestforaccesstoaserviceinthehomenetwork,suchasaWebserver,is fieldedbyGlobeSurferIII.GlobeSurferIIIwillforwardthisrequesttotheDMZhost(ifoneis designated)unlesstheserviceisbeingprovidedbyanotherPCinthehomenetwork(assignedin PortForwarding),inwhichcasethatPCwillreceivetherequestinstead. ThisscreenoffersthefacilitytoallowasingleLANcomputertobefullyexposedtotheInternet. Thefollowingfieldsshouldbeentered: DMZHostIPAddress:clickonthecheckboxandenterthelocalIPaddressofthe computerthatyouwouldliketodesignateasaDMZhost.NotethatonlyoneLAN computermaybeaDMZhostatanytime. YoucandisabletheDMZhostsothatitwillnotbefullyexposedtotheInternet,butkeepitsIP addressrecordedontheDMZHostscreen.ThismaybeusefulifyouwishtodisabletheDMZ hostbutexpectthatyouwillwanttoenableitagaininthefuture. TodisabletheDMZhostsothatitwillnotbefullyexposedtotheInternet,clearthe checkboxnexttotheDMZIPdesignation,andclickOK. Toreinstateitatalatertime,simplyreselectthecheckbox. PresstheOKbuttontoapplychangesandgobacktotheHomescreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheHomescreen.

GlobeSurferIIIPage53of180

TECHNICALREFERENCEMANUAL


8.2.5. PortTriggering

Porttriggeringcanbeusedfordynamicportforwardingconfiguration.Bysettingporttriggering rules,youcanallowinboundtraffictoarriveataspecificLANhost,usingportsdifferentthan thoseusedfortheoutboundtraffic.Thisiscalledporttriggeringsincetheoutboundtraffic triggerstowhichportsinboundtrafficisdirected. Forexample,consideragamingserverthatisaccessedusingUDPprotocolonport2222.The gamingserverrespondsbyconnectingtheuserusingUDPonport3333whenstartinggaming sessions.Insuchacaseyoumustuseporttriggering,sincethisscenarioconflictswiththe followingdefaultfirewallsettings: Thefirewallblocksinboundtrafficbydefault. TheserverrepliestoGlobeSurferIII'sIP,andtheconnectionisnotsentbacktoyour host,sinceitisnotpartofasession. InordertosolvethisyouneedtodefineaPortTriggeringentry,whichallowsinboundtrafficon UDPport3333,onlyafteraLANhostgeneratedtraffictoUDPport2222.Thiswillresultin acceptingtheinboundtrafficfromthegamingserver,andsendingitbacktotheLANHostwhich originatedtheoutgoingtraffictoUDPport2222. Thisscreenoffersthefacilitytotriggertheopeningofportsforincomingdata.Entriescanbe added,editedordeleted. Thefollowingfieldsaredisplayed: Protocol:theprotocolforthisentry OutgoingTriggerPorts:showstherangeoftriggerportsforthisprotocol IncomingPortstoOpen:showstheportstobeopenedwhentriggered Action:optionsforaddingnewentriesoreditingordeletingexistingones Toaddatrigger,choosefromthedropdownlist: o UserDefinedthisroutestotheEditPortTriggeringRulescreen(seesection 8.2.5.1)

GlobeSurferIIIPage54of180

TECHNICALREFERENCEMANUAL

o ShowBasicServicesifthisoptionischosenareducedlistofoptionsis displayed o ShowAllServicesamorecomprehensivelistservicesisdisplayedincluding L2TPLayer2TunelingProtocol TFTPTrivialFileTransferProtocol AIMTalk DialPad.com ICQ RealAudioonPort7070 PresstheOKbuttontoapplychangesandgobacktotheHomescreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheHomescreen. YoucandisableaporttriggeringrulewithouthavingtoremoveitfromthePortTriggering screen. Totemporarilydisablearule,clearthecheckboxnexttotheservicename. Toreinstateitatalatertime,simplyreselectthecheckbox.T Toremovearule,clicktheRemoveactioniconfortheservice.Theservicewillbe permanentlyremoved. Theremaybeafewdefaultporttriggeringruleslistedwhenyoufirstaccesstheport triggeringscreen.Pleasenotethatdisablingtheserulesmayresultinimpairedgateway functionality.

8.2.5.1.

EditPortTriggeringRule

GlobeSurferIIIPage55of180

TECHNICALREFERENCEMANUAL

Thisscreenallowstheeditingofporttriggeringrules.Thefollowingfieldsshouldbeentered: ServiceName:typethenameoftheservice ClickonNewTriggerPortsthisroutestotheEditServiceServerPortsscreen(seesection 8.2.2.6) ClickonNewOpenedPortsthisroutestotheEditServiceOpenedPortsscreen(seesection 8.2.5.2) PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

8.2.5.2.

EditServiceOpenedPorts

Thisscreenallowstheeditingofserviceopenedports.Thefollowingfieldsshouldbe entered: Protocol:choosefromthedropdownlist: o TCP,thenenter SourcePorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues DestinationPorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues SameasInitiatingPorts o UDP,thenenter SourcePorts,thenchoosefromthedropdownlist: Any

GlobeSurferIIIPage56of180

TECHNICALREFERENCEMANUAL

o o o o

Single,thenenterportnumber Range,thenenterrangevalues DestinationPorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues SameasInitiatingPorts ICMP,thenenter ICMPMessagebychoosingfromthedropdownlist: EchoReply NetworkUnreachable HostUnreachable ProtocolUnreachable PortUnreachable DestinationNetworkUnknown DestinationHostUnknown RedirectforNetwork RedirectforHost EchoRequest Other GRE ESP AH Other,thenenter ProtocolNumber

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
8.2.6. WebsiteRestrictions

GlobeSurferIIIPage57of180

TECHNICALREFERENCEMANUAL

YoumayconfigureGlobeSurferIIItoblockspecificInternetwebsitessothattheycannotbe accessedfromcomputersinthehomenetwork.Moreover,restrictionscanbeappliedtoa comprehensiveandautomaticallyupdatedtableofsitestowhichaccessisnotrecommended. ThisscreenoffersthefacilitytorestrictaccessfromtheLANtowebsites.Entriescanbeadded, editedordeleted. Thefollowingfieldsaredisplayed: LocalHost:thehostforwhichrestrictionsareshown LocalAddress:showstheaddressforthisentry RestrictedWebsite:thewebsitenametoberestricted RestrictedIPAddress:theIPaddresstoberestricted Status:showsthestatusofthewebsiterestriction Action:optionsforaddingnewentriesoreditingordeletingexistingones ClickonNewEntrythisroutestotheRestrictedWebsitescreen(seesection8.2.6.1) PresstheOKbuttontoapplychangesandgobacktotheHomescreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheHomescreen. PresstheResolveNowbuttontotrytolocatethesiteandresolvetheURLintooneormoreIP addresses. PresstheRefreshbuttontorefreshthescreen. YoumayeditthewebsiterestrictionbymodifyingitsentryundertheLocalHostcolumn.To modifyanentryclicktheEditactioniconfortherestriction.Modifythewebsiteaddress,group orscheduleasnecessary. ToensurethatallcurrentIPaddressescorrespondingtotherestrictedwebsitesareblocked, clicktheResolveNowbutton.GlobeSurferIIIwillcheckeachoftherestrictedwebsite addressesandensurethatallIPaddressesatwhichthiswebsitecanbefoundareincludedin theIPaddressescolumn. Youcandisablearestrictioninordertomakeawebsiteavailableagainwithouthavingto removeitfromtheWebsiteRestrictionsscreen.Thismaybeusefulifyouwishtomakethe websiteavailableonlytemporarilyandexpectthatyouwillwanttoblockitagaininthefuture. Totemporarilydisablearule,clearthecheckboxnexttotheservicename. Toreinstateitatalatertime,simplyreselectthecheckbox. Toremovearule,clicktheRemoveactioniconfortheservice.Theservicewillbe permanentlyremoved.

GlobeSurferIIIPage58of180

TECHNICALREFERENCEMANUAL

8.2.6.1.

RestrictedWebsite

Thisscreenallowstheentryofwebsitestoberestricted.Thefollowingfieldsshouldbe entered: RestrictedWebsite:enterthewebsiteaddress(IPaddressorURL)thatyouwould liketomakeinaccessiblefromyourhomenetwork(allwebpageswithinthesitewill alsobeblockedandifthewebsiteaddresshasmultipleIPaddresses,GlobeSurfer IIIwillresolvealladditionaladdressesandautomaticallyaddthemtotherestrictions table) LocalHost:specifythecomputerorgroupofcomputersforwhichyouwouldliketo applythewebsiterestriction:optionsavailableare: o Any o UserDefinedthisroutestotheEditNetworkObjectscreen(seesection 8.2.2.3) o AspecificcomputeraddressinyourLAN Schedule:choosewhenthewebsiteistoberestricted,bydefaulttherulewillalways beactive: o Alwaysaccessisalwayscontrolled o UserdefinedthisroutestotheEditSchedulerRulescreen(seesection 8.2.2.7) PresstheOKbuttontoapplychangesandgobacktotheRestrictedWebsitescreen. PresstheCancelbuttontorejectchangesandgobacktotheRestrictedWebsitescreen. ResolvingwillappearintheStatuscolumnwhilethesiteisbeinglocated(theURLis resolvedintooneormoreIPaddresses).IfthesiteissuccessfullylocatedthenResolved willappearinthestatusbar,otherwiseHostnameResolutionFailedwillappear.Incase GlobeSurferIIIfailstolocatethewebsite,dothefollowing: o Useawebbrowsertoverifythatthewebsiteisavailable.Ifitis,thenyou probablyenteredthewebsiteaddressincorrectly. o Ifthewebsiteisnotavailable,returntotheWebsiteRestrictionsscreenat alatertimeandclicktheResolveNowbuttontoverifythatthewebsitecan

GlobeSurferIIIPage59of180

TECHNICALREFERENCEMANUAL

befoundandblockedbyGlobeSurferIII.
8.2.7. NAT

TheNAT(NetworkAddressTranslation)screenallowsyoutohidethecomputersinyour networksotheycannotbefoundordirectlyaccessedfromoutsideyournetwork. Thisscreenoffersthefacilitytotranslatenetworkaddresses.Entriescanbeadded,editedor deleted. Thefollowingfieldsaredisplayed: NAT(NetworkAddressTranslation)IPAddressesPool o IPaddress:theIPaddresstobetranslated o Action:optionsforaddingnewentriesoreditingordeletingexistingones ClickonNewIPAddressthisroutestotheEditItemscreen(seesection8.2.7.1) NAT/NAPTRuleSets o RuleID:theruleidentifier o SourceAddress:IPaddressofsource o DestinationAddress:IPaddressofsource o Match:theconditionthatmustexistfortheruletoapply o Operation:protocolinuse o Status:showsthestatusoftheruleset o Action:optionsforaddingnewentriesoreditingordeletingexistingones

ClickonNewEntrythisroutestotheAddNAT/NAPTRulescreen(seesection8.2.7.2) PresstheOKbuttontoapplychangesandgobacktotheHomescreen.

GlobeSurferIIIPage60of180

TECHNICALREFERENCEMANUAL

PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheHomescreen. PresstheResolveNowbuttontocheckthescreen. PresstheRefreshbuttontorefreshthescreen.

8.2.7.1.

EditItem

Thisscreenallowstheeditingofnetworkobjecttypes.Thefollowingfieldsshouldbe entered: NetworkObjectType:choosefromthedropdownlist: o IPAddress,thenenter IPaddress o IPSubnet,thenenter SubnetIPAddress SubnetMask o IPRange,thenenter FromIPAddress ToIPAddress o DHCPOption,thenchoosefromthedropdownlist: 60:VendorClassID 61:ClientID 77:UserClassID thenentertheappropriateID PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage61of180

TECHNICALREFERENCEMANUAL

8.2.7.2.

AddNAT/NAPTRule

ThisscreenallowstheentryofnewNAT(NetworkAddressTranslation)/NAPTrules.The followingfieldsshouldbeentered: Matching o SourceAddress:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditNetworkObjectscreen(see section8.2.2.3) Aspecificaddress o DestinationAddress:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditNetworkObjectscreen(see section8.2.2.3) Aspecificaddress o Protocol:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditServicescreen(seesection 8.2.2.5) ShowBasicServicesifthisoptionischosenareducedlistofoptions isdisplayedincluding: FTPFileTransfer HTTPWebServer HTTPSSecuredWebServer IMAPMessagingServer L2TPLayer2TunelingProtocol

GlobeSurferIIIPage62of180

TECHNICALREFERENCEMANUAL

PingICMPEchoRequest POP3IncomingMail SMTPOutgoingMail SNMPSimpleNetworkManagementProtocol TelnetRemoteConnection TFTPTrivialFileTransferProtocol TracerouteRouteTrackingUtility ShowAllServicesamorecomprehensivelistofservicesisdisplayed Operation:choosefromthedropdownlist: o NATSourceIPtranslationrule NATAddresses:choosefromthedropdownlist: UserDefinedthisroutestotheEditNetworkObjectscreen (seesection8.2.2.3) o NAPTSourceIPandporttranslationrule NAPTAddress:choosefromthedropdownlist: UserDefinedthisroutestotheEditItemscreen(seesection 8.2.7.1) NAPTPorts:Choosefromthedropdownlist: Single,thenenterportnumber Range,thenenterrangevalues Logging o LogPacketsMatchedbyThisRule:clickthischeckboxtologpacketsmatched bythisrule Schedule:choosewhentheruleistobefollowed: o Alwaysaccessisalwayscontrolled o UserdefinedthisroutestotheEditSchedulerRulescreen(seesection 8.2.2.7)

PresstheOKbuttontoapplychangesandgobacktotheNATscreen. PresstheCancelbuttontorejectchangesandgobacktotheNATscreen.

GlobeSurferIIIPage63of180

TECHNICALREFERENCEMANUAL


8.2.8. Connections

Thisscreenshowsallconnectionscurrentlyactive. Thefollowingfieldsaredisplayed: ActiveConnections:numberofactiveconnections ApproximateMax.Connections:maximumnumberofpossibleconnections (approximate) Foreachactiveconnectionthefollowingfieldsaredisplayed: Number:numberofconnectioninsequentialorder Protocol:protocolused LANIPPort:IPaddressofLAN GlobeSurferIIIIPPort:IPaddressofGlobeSurferIII WANIPPort:IPaddressofWAN Direction:Outgoing/incoming Action:optionsfordeletingconnections PresstheClosebuttontogobacktothepreviousscreen. PresstheRefreshbuttontorefreshthescreen. PresstheAdvancedbuttontogototheHomescreen.

GlobeSurferIIIPage64of180

TECHNICALREFERENCEMANUAL


8.2.9. AdvancedFiltering

Advancedfilteringisdesignedtoallowcomprehensivecontroloverthefirewall'sbehaviour.You candefinespecificinputandoutputrules,controltheorderoflogicallysimilarsetsofrulesand makeadistinctionbetweenrulesthatapplytoWANandLANdevices. Thescreenisdividedintothreesections,oneforInputRuleSets,oneforOutputRuleSetsand oneforALG(ApplicationLevelGateway)RuleSets.TheInputRuleSetsandOutputRuleSets sectionsarecomprisedofsubsets,whichcanbegroupedintothreemainsubjects: Initialrulesrulesdefinedherewillbeappliedfirst,onallgatewaydevices. Networkdevicesrulesrulescanbedefinedpereachgatewaydevice. Finalrulesrulesdefinedherewillbeappliedlast,onallgatewaydevices.

Note:Theorderofthefirewallrules'appearanceintheAdvancedFilteringscreenrepresents thesequencebywhichtheywillbeapplied. Therearenumerousrulesautomaticallyinsertedbythefirewallinordertoprovideimproved securityandblockharmfulattacks. Thisscreendisplaysadvancedfilteringrules.Entriescanbeadded,edited,deleted,movedupor moveddown. Thefollowingfieldsaredisplayed:

GlobeSurferIIIPage65of180

TECHNICALREFERENCEMANUAL

InputRuleSetsforconfiguringinboundtraffic o RuleID:theruleidentifier o SourceAddress:sourceaddressofthepacketssenttoorreceivedfromthe networkobject o DestinationAddress:destinationaddressofthepacketssenttoorreceivedfrom thenetworkobjectthisaddresscanbeconfiguredinthesamemannerasthe sourceaddress o Match:theconditionthatmustexistfortheruletoapply o Operation:actiontherulewilltake o Status:showsthestatusoftheruleset o Action:optionsforaddingnewentriesorediting,deleting,movingupormoving downexistingones

ClickonNewEntrythisroutestotheAddAdvancedFilterscreen(seesection8.2.9.1) OutputRuleSetsforconfiguringoutboundtraffic o RuleID:theruleidentifier o SourceAddress:sourceaddressofthepacketssenttoorreceivedfromthe networkobject o DestinationAddress:destinationaddressofthepacketssenttoorreceivedfrom thenetworkobjectthisaddresscanbeconfiguredinthesamemannerasthe sourceaddress o Match:theconditionthatmustexistfortheruletoapply o Operation:actiontherulewilltake o Status:showsthestatusoftheruleset o Action:optionsforaddingnewentriesorediting,deleting,movingupormoving downexistingones ClickonNewEntrythisroutestotheAddAdvancedFilterscreen(seesection8.2.9.1) ALGRuleSets o RuleID:theruleidentifier o SourceAddress:sourceaddressofthepacketssenttoorreceivedfromthe networkobject o DestinationAddress:destinationaddressofthepacketssenttoorreceivedfrom thenetworkobjectthisaddresscanbeconfiguredinthesamemannerasthe sourceaddress o Match:theconditionthatmustexistfortheruletoapply o Operation:protocolinuse o Status:showsthestatusoftheruleset o Action:optionsforaddingnewentriesorediting,deleting,movingupormoving downexistingones ClickonNewEntrythisroutestotheAddALGRulescreen(seesection8.2.9.2)

GlobeSurferIIIPage66of180

TECHNICALREFERENCEMANUAL

PresstheOKbuttontoapplychangesandgobacktotheHomescreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheHomescreen. PresstheResolveNowbuttontocheckthescreen. PresstheRefreshbuttontorefreshthescreen.

8.2.9.1.

AddAdvancedFilter

Thisscreenallowstheentryofadvancedfilteringrules.Thefollowingfieldsshouldbe entered: Matchingtoapplyarule,amatchingmustbemadebetweenIPaddressesanda trafficprotocolmustbedefined: o SourceAddress:sourceaddressofthepacketssenttoorreceivedfromthe networkobject:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditNetworkObjectscreen(see section8.2.2.3) Aspecificaddress o DestinationAddress:destinationaddressofthepacketssenttoorreceived fromthenetworkobjectthisaddresscanbeconfiguredinthesamemanner asthesourceaddress:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditNetworkObjectscreen(see

GlobeSurferIIIPage67of180

TECHNICALREFERENCEMANUAL

section8.2.2.3) Aspecificaddress o Protocol:trafficprotocol:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditServicescreen(seesection 8.2.2.5) ShowBasicServicesifthisoptionischosenareducedlistofoptions isdisplayedincluding: FTPFileTransfer HTTPWebServer HTTPSSecuredWebServer IMAPMessagingServer L2TPLayer2TunelingProtocol PingICMPEchoRequest POP3IncomingMail SMTPOutgoingMail SNMPSimpleNetworkManagementProtocol TelnetRemoteConnection TFTPTrivialFileTransferProtocol TracerouteRouteTrackingUtility ShowAllServicesamorecomprehensivelistofservicesisdisplayed o Length:clickthischeckboxtoenterpacketordatalength,thenchoosefrom thedropdownlist: PacketLength,thenenterrangeinbytes DataLength,thenenterrangeinbytes Operation:definewhatactiontherulewilltake,byselectingoneofthefollowing fromthedropdownlist: o DropDenyaccesstopacketsthatmatchthesourceanddestinationIP addressesandserviceportsdefinedinMatching. o RejectDenyaccesstopacketsthatmatchthesourceanddestinationIP addressesandserviceportsdefinedinMatchingandsendsanICMPerrorora TCPresettotheoriginationpeer. o AcceptConnectionAllowaccesstopacketsthatmatchthesourceand destinationIPaddressesandserviceportsdefinedinMatching.Thedata transfersessionwillbehandledusingStatefulPacketInspection(SPI). o AcceptPacketAllowaccesstopacketsthatmatchthesourceand destinationIPaddressesandserviceportsdefinedinMatching.Thedata transfersessionwillnotbehandledusingStatefulPacketInspection(SPI), meaningthatotherpacketsthatmatchthisrulewillnotbeautomatically allowedaccess.Forexample,thiscanbeusefulwhencreatingrulesthatallow broadcasting. Logging o LogPacketsMatchedbyThisRule:clickthischeckboxtologthefirstpacket fromaconnectionthatwasmatchedbythisrule Schedule:choosewhentheruleistobefollowed:
TECHNICALREFERENCEMANUAL

GlobeSurferIIIPage68of180

o Alwaysaccessisalwayscontrolled o UserdefinedthisroutestotheEditSchedulerRulescreen(seesection 8.2.2.7) PresstheOKbuttontoapplychangesandgobacktotheAdvancedFilteringscreen. PresstheCancelbuttontorejectchangesandgobacktotheAdvancedFilteringscreen.

8.2.9.2.

AddALGRule

ThisscreenallowstheentryofALG(ApplicationLevelGateway)rules.Thefollowingfields shouldbeentered: Matchingtoapplyarule,amatchingmustbemadebetweenIPaddressesanda trafficprotocolmustbedefined: o SourceAddress:sourceaddressofthepacketssenttoorreceivedfromthe networkobject:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditNetworkObjectscreen(see section8.2.2.3) Aspecificaddress o DestinationAddress:destinationaddressofthepacketssenttoorreceived fromthenetworkobjectthisaddresscanbeconfiguredinthesamemanner asthesourceaddress:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditNetworkObjectscreen(see section8.2.2.3)

GlobeSurferIIIPage69of180

TECHNICALREFERENCEMANUAL

Aspecificaddress o Protocol:trafficprotocol:choosefromthedropdownlist: Any UserDefinedthisroutestotheEditServicescreen(seesection 8.2.2.5) ShowBasicServicesifthisoptionischosenareducedlistofoptions isdisplayedincluding: FTPFileTransfer HTTPWebServer HTTPSSecuredWebServer IMAPMessagingServer L2TPLayer2TunelingProtocol PingICMPEchoRequest POP3IncomingMail SMTPOutgoingMail SNMPSimpleNetworkManagementProtocol TelnetRemoteConnection TFTPTrivialFileTransferProtocol TracerouteRouteTrackingUtility ShowAllServicesamorecomprehensivelistofservicesisdisplayed Operation:choosefromthedropdownlist: o FTP o H.323CSL o SIP o IPSec Logging o LogPacketsMatchedbyThisRule:clickthischeckboxtologthefirstpacket fromaconnectionthatwasmatchedbythisrule Schedule:choosewhentheruleistobefollowed: o Alwaysaccessisalwayscontrolled o UserdefinedthisroutestotheEditSchedulerRulescreen(seesection 8.2.2.7)

PresstheOKbuttontoapplychangesandgobacktotheAdvancedFilteringscreen. PresstheCancelbuttontorejectchangesandgobacktotheAdvancedFilteringscreen.

GlobeSurferIIIPage70of180

TECHNICALREFERENCEMANUAL


8.2.10. Log

TheSecurityLogdisplaysalistoffirewallrelatedevents,includingattemptstoestablish inboundandoutboundconnections,attemptstoauthenticatethroughanadministrative interface(WebbasedmanagementorTelnetterminal),firewallconfigurationandsystemstart up. Thefollowingfieldsaredisplayed: Time:thedateandtimetheeventoccurred Event:therearefivekindsofevents: o InboundTraffic:theeventisaresultofanincomingpacket. o OutboundTraffic:theeventisaresultofoutgoingpacket. o FirewallSetup:configurationmessage. o WBMLogin:indicatesthatauserhasloggedintoWBM. o CLILogin:indicatesthatauserhasloggedintoCLI(viaTelnet). EventType:atextualdescriptionoftheevent: o Blocked:thepacketwasblockedthemessageiscolouredred o Accepted:thepacketwasacceptedthemessageiscolouredgreen Details:moredetailsaboutthepacketortheevent,suchasprotocol,IPaddresses,ports, etc. PresstheClosebuttontogobacktotheHomescreen. PresstheClearLogbuttontodeleteallentriesinthelogandstayonthisscreen. PresstheDownloadLogbuttontodownloadthelogintoaMicrosoftExcelspreadsheet. PresstheSettingsbuttontogototheLogSettingsscreen(seesection8.2.10.1) PresstheRefreshbuttontorefreshthescreen.

GlobeSurferIIIPage71of180

TECHNICALREFERENCEMANUAL

Thefollowingaretheavailableeventtypesthatcanberecordedinthefirewalllog: 1 Firewallinternalanaccompanyingexplanationfromthefirewallinternalmechanism willbeaddedincasethiseventtypeisrecorded. 2 Firewallstatuschangedthefirewallchangedstatusfromuptodownortheotherway around,asspecifiedintheeventtypedescription. 3 STPpacketanSTPpackethasbeenaccepted/rejected. 4 Illegalpacketoptionstheoptionsfieldinthepacket'sheaderiseitherillegalor forbidden. 5 Fragmentedpacketafragmenthasbeenrejected. 6 WinNukeprotectionaWinNukeattackhasbeenblocked. 7 ICMPreplayanICMPreplaymessagehasbeenblocked. 8 ICMPredirectprotectionanICMPredirectedmessagehasbeenblocked. 9 Packetinvalidinconnectionapackethasbeenblocked,beingonaninvalidconnection. 10 ICMPprotectionabroadcastICMPmessagehasbeenblocked. 11 Broadcast/Multicastprotectionapacketwithabroadcast/multicastsourceIPhasbeen blocked. 12 SpoofingprotectionapacketfromtheWANwithasourceIPoftheLANhasbeen blocked. 13 DMZnetworkpacketapacketfromademilitarizedzonenetworkhasbeenblocked. 14 Trusteddeviceapacketfromatrusteddevicehasbeenaccepted. 15 Defaultpolicyapackethasbeenaccepted/blockedaccordingtothedefaultpolicy. 16 RemoteadministrationapacketdesignatedforGlobeSurferIIIIImanagementhas beenaccepted/blocked. 17 Accesscontrolapackethasbeenaccepted/blockedaccordingtoanaccesscontrolrule. 18 Parentalcontrolapackethasbeenblockedaccordingtoaparentalcontrolrule. 19 NAToutfailedNATfailedforthispacket. 20 DHCPrequest GlobeSurferIIIIIsentaDHCPrequest(dependsonthe distribution). 21 DHCPresponseGlobeSurferIIIIIreceivedaDHCPresponse(dependsonthe distribution). 22 DHCPrelayagentaDHCPrelaypackethasbeenreceived(dependsonthedistribution). 23 IGMPpacketanIGMPpackethasbeenaccepted. 24 MulticastIGMPconnectionamulticastpackethasbeenaccepted. 25 RIPpacketaRIPpackethasbeenaccepted. 26 PPTPconnectionapacketinquiringwhetherGlobeSurferIIIIIisreadytoreceivea PPTPconnectionhasbeenaccepted. 27 Kerberoskeymanagement1293securityrelated,forfutureuse. 28 Kerberos88forfutureuse. 29 AUTH:113requestanoutboundpacketforAUTHprotocolhasbeenaccepted(for maximumsecuritylevel). 30 PacketCableforfutureuse. 31 IPV6overIPV4anIPv6overIPv4packethasbeenaccepted. 32 ARPanARPpackethasbeenaccepted.

GlobeSurferIIIPage72of180

TECHNICALREFERENCEMANUAL

33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61

PPPDiscoveraPPPdiscoverpackethasbeenaccepted. PPPSessionaPPPsessionpackethasbeenaccepted. 802.1Qa802.1Q(VLAN)packethasbeenaccepted. OutboundAuth1XanoutboundAuth1Xpackethasbeenaccepted. IPVersion6anIPv6packethasbeenaccepted. GlobeSurferIIIIIinitiatedtrafficall trafficthatGlobeSurferIIIIIinitiatesis recorded. Maximumsecurityenabledserviceapackethasbeenacceptedbecauseitbelongstoa permittedserviceinthemaximumsecuritylevel. SynCookiesProtectionaSynCookiespackethasbeenblocked. ICMPFloodProtectionapackethasbeenblocked,stoppinganICMPflood. UDPFloodProtectionapackethasbeenblocked,stoppingaUDPflood. Serviceapackethasbeenacceptedbecauseofacertainservice,asspecifiedinthe eventtype. AdvancedFilterRuleapackethasbeenaccepted/blockedbecauseofanadvancedfilter rule. Fragmentedpacket,headertoosmallapackethasbeenblockedbecauseafterthe defragmentation,theheaderwastoosmall. Fragmentedpacket,headertoobigapackethasbeenblockedbecauseafterthe defragmentation,theheaderwastoobig. Fragmentedpacket,dropallnotused. Fragmentedpacket,badalignapackethasbeenblockedbecauseafterthe defragmentation,thepacketwasbadlyaligned. Fragmentedpacket,packettoobigapackethasbeenblockedbecauseafterthe defragmentation,thepacketwastoobig. Fragmentedpacket,packetexceedsapackethasbeenblockedbecause defragmentationfoundmorefragmentsthanallowed. Fragmentedpacket,nomemoryafragmentedpackethasbeenblockedbecausethere wasnomemoryforfragments. Fragmentedpacket,overlappedapackethasbeenblockedbecauseafterthe defragmentation,therewereoverlappingfragments. Defragmentationfailedthefragmenthasbeenstoredinmemoryandblockeduntilall fragmentsarrivedanddefragmentationcouldbeperformed. Connectionopenedusuallyadebugmessageregardingaconnection. Wildcardconnectionopenedusuallyadebugmessageregardingaconnection. Wildcardconnectionhookedusuallydebugmessageregardingconnection. Connectionclosedusuallyadebugmessageregardingaconnection. Echo/Chargen/Quote/Snorkprotectionapackethasbeenblocked,protectingfrom Echo/Chargen/Quote/Snork. FirstpacketinconnectionisnotaSYNpacketapackethasbeenblockedbecauseofa TCPconnectionthathadstartedwithoutaSYNpacket. Error:Nomemoryamessagenotifyingthatanewconnectionhasnotbeenestablished becauseoflackofmemory. NATError:Connectionpoolisfullamessagenotifyingthataconnectionhasnotbeen createdbecausetheconnectionpoolisfull.

GlobeSurferIIIPage73of180

TECHNICALREFERENCEMANUAL

62 63 64 65 66 67 68 69

NATError:NofreeNATIPamessagenotifyingthatthereisnofreeNATIP,therefore NAThasfailed. NATError:ConflictMappingalreadyexistsamessagenotifyingthatthereisaconflict sincetheNATmappingalreadyexists,thereforeNAThasfailed. Malformedpacket:Failedparsingapackethasbeenblockedbecauseitismalformed. Passiveattackonftpserver:ClientattemptedtoopenServerportsapackethasbeen blockedbecauseofanunauthorizedattempttoopenaserverport. FTPportrequestto3rdpartyisforbidden(Possiblebounceattack)apackethasbeen blockedbecauseofanunauthorizedFTPportrequest. FirewallRuleswerechangedthefirewallrulesethasbeenmodified. Userauthenticationamessageduringlogintime,includingbothsuccessfulandfailed authentication. FirstpacketisInvalidFirstpacketinconnectionfailedtopassfirewallorNAT

8.2.10.1.

LogSettings

Thisscreenallowsyoutoselectthetypesofactivitiesforwhichyouwouldliketohavealog messagegenerated: Thefollowingcheckboxescanbeclicked: AcceptedEvents o AcceptedIncomingConnectionswritealogmessageforeachsuccessful attempttoestablishaninboundconnectiontothehomenetwork. o AcceptedOutgoingConnectionswritealogmessageforeachsuccessful attempttoestablishanoutgoingconnectiontothepublicnetwork.

GlobeSurferIIIPage74of180

TECHNICALREFERENCEMANUAL

BlockedEvents o AllBlockedConnectionAttemptswritealogmessageforeachblocked attempttoestablishaninboundconnectiontothehomenetworkorvice versa.Youcanenableloggingofblockedpacketsofspecifictypesbydisabling thisoption,andenablingsomeofthemorespecificoptionsbelowit. o Specifytheblockedeventsthatshouldbemonitored.Usethistomonitor specificeventsuchasSynFlood.Alogmessagewillbegeneratedifeitherthe correspondingcheckboxischecked,ortheAllBlockedConnection Attemptscheckboxischecked. Winnuke DefragmentationError BlockedFragments SynFlood EchoChargen Multicast/Broadcast SpoofedConnection PacketIllegalOptions UDPFlood ICMPReplay ICMPRedirect ICMPMulticast ICMPFlood OtherEvents o RemoteAdministrationAttemptwritealogmessageforeachremote administrationconnectionattempt,whethersuccessfulornot. o ConnectionStatesprovideextrainformationabouteverychangeina connectionopenedbythefirewall.Usethisoptiontotrackconnection handlingbythefirewallandApplicationLevelGateways(ALGs). LogBuffer o PreventLogOverrunselectthischeckboxinordertostoploggingfirewall activitieswhenthememoryallocatedforthelogfillsup.

PresstheOKbuttontoapplychangesandgobacktotheLogscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheLogscreen.

GlobeSurferIIIPage75of180

TECHNICALREFERENCEMANUAL

8.3.

VPN/InternetProtocolSecurity(IPSec)

ThisscreenallowstheentryofInternetProtocolSecurity(IPSec)data.Thefollowingfieldsshouldbe entered: BlockUnauthorisedIP o Enabled:clickthischeckboxtoblockunauthorizedattempts,andthenenter o MaximumNumberofAuthenticationFailures:numberallowedbeforeblocking o BlockPeriod:timeinseconds AntiReplayProtection o Enabled:clickthischeckboxtoprovideantireplayprotection Connections:foreachconnectionthefollowingfieldsaredisplayed: Name:descriptionofconnection Status:statusofconnection Action:optionsforaddingnewentriesoreditingordeletingexistingones

PresstheOKbuttontoapplychangesandgobacktotheOverviewscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheHomescreen. PresstheSettingsbuttontogototheInternetProtocolSecurity(IPSec)Settingsscreen(seesection 1.1.1). PresstheLogSettingsbuttontorefreshthescreen.

GlobeSurferIIIPage76of180

TECHNICALREFERENCEMANUAL


8.3.1. InternetProtocolSecurity(IPSec)Settings

ThisscreendisplaystheIPSecpublickeyandallowsittoberecreated. PresstheRecreateKeybuttontorecreatetheIPSecpublickey. PresstheClosebuttontogobacktotheVPN/InternetProtocolSecurity(IPSec)screen. PresstheRefreshbuttontorefreshthescreen.


8.3.2. IPSecLogSettings

GlobeSurferIIIPage77of180

TECHNICALREFERENCEMANUAL

ThisscreenallowsthecustomizationoftheIPSeclog,byallowingtheusertochoosewhatdata isrecorded.ItisimportanttonotetheenablingmanyoftheseoptionsmayreduceGlobeSurfer IIIsperformance. Thefollowingcheckboxescanbeclicked: IKELogSettings o MessagesRawBytes o MessagesEncryptionandDecryption o MessagesInputStructure o MessagesOutputStructure o VerboseAutomaticKeying o VerboseIKEIPSecInteraction o VerbosePrivateKeys o VerboseDeadPeerDetection o VerboseNATTraversalNegotiation o VerboseIKERejectPackets o PrintAllIKEMessagesIgnoringRateLimit IPSecLogSettings o TunnelingCode o TunnelingTransmitCode o UserSpaceCommunicationCode o TransformSelectionandManipulationCode o InternalRouteTableManipulationCode o SecureAssociationTableManipulationCode o RadijTreeManipulationCode o EncryptionTransformsCode o AuthenticationTransformsCode o ReceiveCode o IPCompressionTransformsCode o EvenMoreVerboseOutput o VerboseRejectedPackets o PrintAllIPSecMessagesIgnoringRateLimit PresstheOKbuttontoapplychangesandgobacktotheVPN/InternetProtocolSecurity (IPSec)screen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheVPN/InternetProtocolSecurity (IPSec)screen.

GlobeSurferIIIPage78of180

TECHNICALREFERENCEMANUAL

9. System
Thisareaenablestheusertoconfiguresystemsettingsandperformmaintenancefunctions. Fromthisscreenyoucanclickonthetabsatthetoplefthandsidetoroutetothefollowingdetailed screens: Overviewsystemoverviewincludingversion,releasedate,platform,loadaverage(seesection9.1) Settingsconfiguresystemssettings,dateandtimeparametersandsettheclock(seesection9.2) Userslistofremoteusers/groups,andabilitytoadd,editordeleteusers/groups(seesection9.3) NetworkConnectionsconfigureparametersofphysicalconnections,LAN/WAN(seesection9.4) Monitormonitorstrafficwithinlocalnetworkorbetweenlocalnetwork/Internet(seesection9.5) Routingroutingoverview+enableRIP,IGMP,DomainRouting,BGP,OSPF,PPPoE(seesection9.6) ManagementabilitytoconfigureUPnP,SNPandRemoteAdministration(seesection9.7) Maintenanceconfigfile,reboot,restoresettings,performupgrade,diagnostics(seesection9.8) ObjectsandRulesprotocols,networkobjects,schedulerrules+X.509certificates(seesection9.9)

9.1.

Overview

Thisscreendisplaysgeneralsysteminformation: GatewayID:displaysthe12charactergatewayID. SoftwareVersion:displaysthe5charactersoftwareversion. ReleaseDate:displaysthedatethesoftwarewasreleased. Platform:displaystheplatformthesoftwarerunson. SystemHasBeenUpFor:showsthetimeinhoursandminutesthatthesystemhasbeenrunning. LoadAverage:showstheaverageloadover1,5and15minutes. ClickontheUpgradehyperlinktoberoutedtotheFirmwareupgradescreenintheMaintenancetabin theSystemarea(seesection9.8.5)

GlobeSurferIIIPage79of180

TECHNICALREFERENCEMANUAL

9.2.

SystemSettings

AccessGlobeSurferIII'ssystemsettingsbyclickingtheSettingstabintheSystemarea. Fromthisscreenyoucanclickonthetabsatthetoprighthandsidetoroutetothefollowingdetailed screens: Overview(seesection9.2.1) DateandTime(seesection9.2.2)


9.2.1. Overview/SystemSettings

ToaccesstheSystemSettingsscreen,clicktheOverviewtabatthetoprighthandsideoftheSettings screenintheSystemarea.

TheSystemSettingsscreenallowsyoutoconfigurevarioussystemandmanagementparameters: System: GlobeSurferIIIsHostname:hostnameistheURLaddressoftheGlobeSurferIII. LocalDomain:specifyyournetworkslocaldomain. GlobeSurferIIIManagementConsole: AutomaticRefreshofSystemMonitoringWebPages:selectthischeckboxtoenabletheautomatic refreshofsystemmonitoringwebpages. WarnUserBeforeNetworkConfigurationChanges:selectthischeckboxtoactivateuserwarnings beforenetworkconfigurationchangestakeeffect.

GlobeSurferIIIPage80of180

TECHNICALREFERENCEMANUAL

SessionLifetime:controlsthesessionlifetime(seconds)forloginstothemanagementconsole. Whenthetimehasexpiredtheloginscreenwillappearagain.

ManagementApplicationPorts:thissectionallowsyoutoconfigurethefollowingmanagement applicationports: PrimaryHTTPManagementPort SecondaryHTTPManagementPort PrimaryHTTPSManagementPort SecondaryHTTPSManagementPort PrimaryTelnetPort SecondaryTelnetPort SecureTelnetoverSSLPort Jungo.netPort Jungo.netSSLPort ManagementApplicationSSLAuthenticationOptions: PrimaryHTTPSManagementSSLClientAuthentication:selectfromthedropdownlist: None Optional Required SecondaryHTTPSManagementSSLClientAuthenticationselectfromthedropdownlist: None Optional Required SecureTelnetoverSSLClientAuthentication:selectfromthedropdownlist: None Optional Required SystemLogging: SystemLogBufferSize:sizeinKB RemoteSystemNotifyLevel:selectfromthedropdownlist: None Error Warning Information PersistentSystemLog:selectthischeckboxtokeepthesystemlog. SecurityLogging: SecurityLogBufferSize:sizeinKB RemoteSecurityNotifyLevel:selectfromthedropdownlist: None Error Warning

GlobeSurferIIIPage81of180

TECHNICALREFERENCEMANUAL

Information PersistentSecurityLog:selectthischeckboxtokeepthesecuritylog.

OutgoingMailServer: Server:enterthehostnameofyouroutgoing(SMTP)server. FromEmailAddress:eachemailrequiresafromaddressandsomeoutgoingserversrefuseto forwardemailwithoutavalidfromaddressforantispamconsiderations. Port:usedtoaltertheserverport,ifyourmailserverdoesnotusethestandardport25. ServerRequiresAuthentication:selectthecheckboxifyouroutgoingemailserverrequires authentication,andthenenter: UserName:yourusername Password:yourpassword Swap: Enabled:selectthischeckboxtoenableswapping. Status:showstheswapstatus.Possibleoptionsare: Disabled Inactive Active SwapSize:entertheswapsizeinMB. HTTPInterception: InterceptHTTPTrafficforAssistingwithInternetConnectivityProblems:selectthischeckboxto interceptHTTPtraffic. PerformWebAuthenticationOverHTTPS:selectthischeckboxtoperformwebauthenticationover HTTPS. HostInformation: EnableAutoDetectionofHostServices:selectthischeckboxtoenableautomaticdetectionofhost services. InstallationWizard: Use Installation Wizard Preconfigured Values: select this checkbox if you wish to use the installationwizardspreconfiguredvalues. LCDSettings: ScreensaverTimeout:setsthetimeinsecondsbeforethescreensaverisdisplayed GoHomeTimeout:setsthetimeinsecondsfortheGoHometimeout Contrast:setsthecontrastlevelontheLCD

GlobeSurferIIIPage82of180

TECHNICALREFERENCEMANUAL

PresstheOKbuttontoapplychangesandgobacktotheHomescreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheHomescreen.


9.2.2. DateandTime

To access the Date and Time screen, click the Date and Time tab at the top right hand side of the SettingsscreenintheSystemarea.

Toconfiguredateandtimesettingsenterthefollowing: Localization: LocalTime:showsthecurrentdateandtime.Thisissetautomaticallyifautomaticupdatehasbeen chosen,ormanuallybypressingtheClockSetbuttonatthebottomofthescreen. TimeZone:selectthelocaltimezonefromthepulldownmenu. DaylightSavingTime: Enabled:selectthischeckboxifyouwouldliketheDaylightSaving/BritishSummertimeoffsettobe madetothetimeinthetimezone. StartTime:enterthedateandtimewhenthedaylightsavingoffsetshouldstartfrom. EndTime:enterthedateandtimewhenthedaylightsavingoffsetshouldend. Offset:enterthenumberofminutesthatshouldbeaddedduringthedaylightsavingperiod. AutomaticTimeUpdate: Enabled:selectthischeckboxIfyouwanttheGlobeSurferIIItoupdatethetimeautomatically. Protocol:selecttheprotocoltobeusedtoperformthetimeupdatebyselectingoneofthetwo followingradiobuttons: o TimeofDay(TOD) o NetworkTimeProtocol(NTP) UpdateEvery:specifyhowoftentoperformtheupdate(inhours).Youcanchangethedefault

GlobeSurferIIIPage83of180

TECHNICALREFERENCEMANUAL

timeserveraddressbyclickingtheNewEntrylinkatthebottomofthesection. PresstheSyncNowbuttontosynchronisethetime. Status:showsthedateandtimewhenthetimewaslastupdated. ClickontheediticonintheTimeServertabletomodifyanentry,orclickontheNewEntry hyperlinkortheaddicontoaddanentry.InbothcasesyouwillberoutedtotheTimeServer Settingsscreen(seesection9.2.2.1). PresstheOKbuttontoapplychangesandgobacktotheHomescreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktotheHomescreen. PresstheClockSetbuttontogototheClockSetscreen. PresstheRefreshbuttontoupdatethestatusandstayonthisscreen

9.2.2.1.

TimeServerSettings

ToaccesstheTimeServerSettingsscreen,clicktheNewEntryhyperlinkfromtheDateandTimescreen intheSystemarea.

Toconfiguretimeserversettingsenterthefollowing: TimeServer:enterserverIPaddressordomainname PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage84of180

TECHNICALREFERENCEMANUAL

9.2.2.2.

ClockSet

ToaccesstheClockSetscreen,clicktheClockSetbuttononDateandTimescreenintheSystemarea.

Tosettheclockenterthefollowing: LocalDate:choosethecurrentmonth,dayandyearfromthedropdownlists. LocalTime:manuallyenterthecurrenthours,minutesandseconds. PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

9.3.

Users

AccessthelistofdefinedremoteusersbyclickingtheUserstabintheSystemarea.

Youcanadd,editanddeleteusersallowedtoaccesstheGlobeSurferIIIandyourlocalnetworkby managingtheusertableasdescribedinsection3.3. Foreachuserthefollowingdataisdisplayed: FullName:theremoteusersfullname

GlobeSurferIIIPage85of180

TECHNICALREFERENCEMANUAL

UserName:thenametheremoteuserwillusetoaccessyourlocalnetwork Permissions:theremoteusersprivilegesonyourlocalnetwork Action:add,modifyordelete

Foreachgroupthefollowingdataisdisplayed: Name Description Members Action:add,modifyordelete Click on the Microsoft File and Printer Sharing Access Permission hyperlink to be routed to the File ServerscreenofftheStoragetabintheServicesarea(seesection8.4.1). ClickonaspecificUserhyperlinkortheediticonintheUserstabletomodifyanentry,orclickonthe New User hyperlink or the add icon to add an entry. In both cases you will be routed to the User Settingsscreen(seesection9.3.1). ClickonaspecificGrouphyperlinkortheediticonintheGroupstabletomodifyanentry,orclickon theNewGrouphyperlinkortheaddicontoaddanentry.InbothcasesyouwillberoutedtotheGroup Settingsscreen(seesection9.3.2). PresstheClosebuttontogobacktothepreviousscreen.
9.3.1. UserSettings

ToaccesstheUserSettingsscreen,clickNewUserhyperlinkfromtheUsersscreenintheSystemarea.

Toconfigureusersettingsenterthefollowing:

GlobeSurferIIIPage86of180

TECHNICALREFERENCEMANUAL

General: FullName:theremoteusersfullname UserName:thenametheremoteuserwillusetoaccessyourlocalnetwork NewPassword:typeanewpasswordfortheremoteuser.Ifyoudonotwantto assignapasswordtotheremoteuserleavethisfieldempty.Thisfieldiscasesensitive. RetypeNewPassword:ifanewpasswordwasassigned,typeitagaintoverifycorrectness. Permissions:selectingtheremoteusersprivilegesonyourlocalnetwork: AdministratorPermissions:selectingthischeckboxgrantsremotesystemsetting modificationviathewebbasedmanagementconsoleortelnet WirelessPermissions:selectingthischeckboxgrantswirelesspermissions MicrosoftFileandPrinterSharingAccess:selectingthischeckboxgrantsaccessto Microsoftsfileandprintersharing. MicrosoftFileandPrinterSharingAccess:clickonthehyperlinkandyouwillberoutedto FileServerscreenofftheStoragetabintheServicesarea(seesection8.4.1). InternetPrinterAccess:selectingthischeckboxgrantsaccesstointernetprinters. InternetPrinterAccess:clickonthehyperlinkandyouwillbedirectedtothePrintServer screenofftheSharedPrinterstabintheLocalNetworkarea(seesection7.5). RemoteAccessbyVPN:selectingthischeckboxenablesremoteaccessbyVPN 802.1XAuthentication: AuthenticationMethod:chooseamethodfromthedropdownlistoptionsare: o None o MD5 o TLS o TTLS DiskManagement: EnableUserHomeDirectory:selectingthischeckboxenablestheusershomedirectory. EmailNotification: ClickheretoconfigurenotificationMailServer:clickonthehyperlinkandyouwillberoutedtothe SystemSettingsOverviewscreenofftheSettingstabintheSystemarea(seesection9.2.1). NotificationAddress:entertheappropriateaddress SystemsNotifyLevel:chooseamethodfromthedropdownlistoptionsare: o None o Error o Warning o Information SecurityNotifyLevel:chooseamethodfromthedropdownlistoptionsare: o None o Error o Warning o Information PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage87of180

TECHNICALREFERENCEMANUAL

9.3.2. GroupSettings

To access the Group Settings screen, click the New Group hyperlink from the Users screen in the Systemarea.

Toconfiguregroupsettingsenterthefollowing: General: Name:groupname Description:groupdescription GroupMembers: Administrator:selectingthischeckboxgrantsadministratorstatus PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

9.4.

NetworkConnections

GlobeSurferIIIsupportsvariousnetworkconnections,bothphysicalandlogical.TheNetwork Connectionsscreenenablesyoutoconfigurethevariousparametersofyourphysicalconnections,the LANandWAN,andcreatenewconnections,usingtunnelingprotocolsoverexistingconnections,such asPPPandVPN. WhenclickingtheNetworkConnectionstabintheSystemarea,thefollowingtypicalscreenwillappear:

GlobeSurferIIIPage88of180

TECHNICALREFERENCEMANUAL

ThissectiondescribesthedifferentnetworkconnectionsavailablewithGlobeSurferIIIintheirorderof appearanceintheNetworkConnectionsscreen,aswellastheconnectiontypesthatyoucancreate usingtheConnectionWizard. GlobeSurferIII'sdefaultnetworkconnectionsare: LANCreatingahome/SOHOnetwork LANBridge(seesection9.4.2) LANEthernet(seesection9.4.3) LANWireless(seesection9.4.4) WANInternetConnection WANCellular(seesection9.4.5) ThelogicalnetworkconnectionsavailablewithGlobeSurferIIIare: VirtualPrivateNetworkovertheInternet PointtoPointTunnelingProtocolVirtualPrivateNetwork Layer2TunnelingProtocoloverInternetProtocolSecurity InternetProtocolSecurity PointtoPointTunnelingProtocolServer Layer2TunnelingProtocolServer InternetProtocolSecurityServer AdvancedConnections PointtoPointProtocoloverEthernet NetworkBridging VLANInterface PointtoPointTunnelingProtocol PointtoPointTunnelingProtocolVirtualPrivateNetwork PointtoPointTunnelingProtocolServer Layer2TunnelingProtocol

GlobeSurferIIIPage89of180

TECHNICALREFERENCEMANUAL

Layer2TunnelingProtocoloverInternetProtocolSecurity Layer2TunnelingProtocolServer InternetProtocolSecurity InternetProtocolSecurityServer InternetProtocoloverInternetProtocol GeneralRoutingEncapsulation


ConnectionWizard

9.4.1.

ThelogicalnetworkconnectionscanbeeasilycreatedusingtheConnectionWizard.Thiswizardis consistsofaseriesofwebbasedmanagementscreens,intuitivelystructuredtogatherallthe informationneededtocreatealogicalconnection. InordertocreateaconnectionusingtheConnectionWizard,clicktheNewConnectionhyperlinkinthe NetworkConnectionsscreen.TheConnectionWizardscreenwillappear.

Thisscreenpresentsyouwiththemainconnectiontypes.Eachoptionthatyouchoosewillleadyouto furtheroptionsinatreelikeformation,addingmoreinformationwitheachstepandnarrowingdown theparameterstowardsthedesirednetworkconnection. ConnecttoaVirtualPrivateNetworkovertheInternet:selectingthisoptionwilltakeyoutothe ConnecttoaVirtualPrivateNetworkovertheInternetscreen.Thissectionwillhelpyouconnect GlobeSurferIIItoabusinessnetworkusingaVirtualPrivateNetwork(VPN)soyoucanworkfrom home,yourworkplaceoranotherlocation.

GlobeSurferIIIPage90of180

TECHNICALREFERENCEMANUAL

VPNClientorPointToPoint:selectingthisoptionwilltakeyoutotheVPNClientorPointToPoint screen. FromhereyoucanchooseoneofthefollowingprotocolstoconnecttoaremoteVPNserver: PointtoPointTunnelingProtocolVirtualPrivateNetwork(PPTPVPN):enablethesecure transferofdatatoanotherlocationovertheInternet,usingname/passwordauthentication Layer2TunnelingProtocoloverInternetProtocolSecurity(L2TPIPSecVPN):enablethesecure transferofdatatoanotherlocationovertheInternetusingprivateandpublickeysfor encryptionanddigitalcertificatesandusername/passwordforauthentication InternetProtocolSecurity(IPSec):enablethesecuretransferofdatatoanotherlocationover theInternetusingprivateandpublickeysforencryptionanddigitalcertificatesorsharedsecret forauthentication

VPNServer:selectingthisoptionwilltakeyoutotheVPNServerscreen.

GlobeSurferIIIPage91of180

TECHNICALREFERENCEMANUAL

FromhereyoucanchooseoneofthefollowingVPNprotocolstoallowaremotehosttoconnectto GlobeSurferIII: PointtoPointTunnelingProtocolServer(PPTPServer):enableVirtualPrivateNetwork(VPN) connectionstoyourhomenetworkfromotherlocations Layer2TunnelingProtocolServer(L2TPServer):enableVirtualPrivateNetwork(VPN) connectionstoyourhomenetworkfromotherlocations InternetProtocolSecurityServer(IPSecServer):enablesecureconnectionstoGlobeSurferIII fromotherlocations,usingprivateandpublickeysforencryptionanddigitalcertificatesor sharedsecretforauthentication

GoingbacktotheConnectionWizardpage: AdvancedConnection:selectingthisoptionwilltakeyoutotheAdvancedConnectionscreen.This sectionisacentralstartingpointforalltheadvancedlogicalnetworkconnections.Inaddition,it providesthesequenceforcreatingtheNetworkBridgeandVLANInterfaceconnections. Fromhereyoucanchooseyourconnectiontype: PointtoPointProtocoloverEthernetServer(PPTPServer):connecttotheInternetusingaPPP tunnelovertheEthernetprotocol NetworkBridging:connectseparatenetworkinterfacestoformoneseamlessLAN VLANInterface:connecttoanexternalvirtualnetwork PointtoPointTunnelingProtocol(PPTP):connecttotheInternetusingaPPTPconnection PointtoPointTunnelingProtocolVirtualPrivateNetwork(PPTPVPN):enablesecuretransferof datatoanotherlocationovertheInternet,usingusername/passwordauthentication PointtoPointTunnelingProtocolServer(PPTPServer):enableVirtualPrivateNetwork(VPN) connectionstoyourhomenetworkfromotherlocations Layer2TunnelingProtocol(L2TP):connecttotheInternetusinganL2TPconnection Layer2TunnelingProtocoloverInternetProtocolSecurity(L2TPIPSecVPN):enablesecure transferofdatatoanotherlocationovertheInternet,usingprivateandpublickeysfor

GlobeSurferIIIPage92of180

TECHNICALREFERENCEMANUAL

encryptionanddigitalcertificatesandusername/passwordauthentication Layer2TunnelingProtocolServer(L2TPServer):enableVirtualPrivateNetwork(VPN) connectionstoyourhomenetworkfromotherlocations InternetProtocolSecurity(IPSec):enablesecuretransferofdatatoanotherlocationoverthe Internet,usingprivateandpublickeysforencryptionanddigitalcertificatesorsharedsecretfor authentication InternetProtocolSecurityServer(IPSecServer):enablesecureconnectionstoGlobeSurferIII fromotherlocations,usingprivateandpublickeysforencryptionanddigitalcertificatesor sharedsecretforauthentication InternetProtocoloverInternetProtocol(IPIP):enabletransferofdatatoanotherlocationover theInternet,usinganonencryptedvirtualprivatenetwork GeneralRoutingEncapsulation(GRE):enabletransferofdatatoanotherlocationoverthe Internet,usinganonencryptedvirtualprivatenetwork

How to configure a LAN Bridge will be described in section 9.4.2. For more information on how to configuretheotheradvancedconnections,pleasecontacttheOptioncustomersupportcentre.
9.4.2. LANBridge

TheLANbridgeconnectionisusedtocombineseveralLANdevicesunderonevirtualnetwork.For example,creatingonenetworkforLANEthernetandLANwirelessdevices. Pleasenote,thatwhenabridgeisremoved,itsunderlyingdevicesinheritthebridge'sDHCPsettings. Forexample,theremovalofabridgethatisconfiguredasDHCPclient,automaticallyconfiguresthe

GlobeSurferIIIPage93of180

TECHNICALREFERENCEMANUAL

LANdevicesformerlyconstitutingthebridgeasDHCPclients,withtheexactDHCPclientconfiguration. Toconfigureanexistingbridgeorcreateanewone,performthefollowingsteps: ClicktheNewConnectionhyperlinkintheNetworkConnectionsscreen.TheConnectionWizard screenwillappear. SelecttheAdvancedConnectionradiobuttonandclickNext.TheAdvancedConnectionscreen willappear. SelecttheNetworkBridgingradiobuttonandclickNext.TheBridgeOptionsscreenwillappear.

ConfigureExistingBridge:selectthisoptionandclickNext.(Thisoptionwillonlyappearifabridge exists).TheNetworkBridgingscreenwillappearallowingyoutoaddnewconnectionsorremove existingones,bycheckingoruncheckingtheirrespectivecheckboxes.Forexample,checkingtheLAN WirelesscheckboxwilladdtheWirelessLANinterfacetotheexistingbridge.

AddaNewBridge:selectthisoptionandclickNext.AdifferentNetworkBridgingscreenwillappear allowingyoutoaddabridgeovertheunbridgedconnections,bycheckingtheirrespectivecheckboxes.

GlobeSurferIIIPage94of180

TECHNICALREFERENCEMANUAL

Importantnotes: Thesameconnectionscannotbesharedbytwobridges. Abridgecannotbebridged. BridgedconnectionswilllosetheirIPsettings. ClickNext.TheConnectionSummaryscreenwillappear,correspondingtoyourchanges.

ChecktheEdittheNewlyCreatedConnectioncheckboxifyouwishtoberoutedtothenew connection'sconfigurationscreenafterclickingFinish.ClickFinishtosavethesettings. Thenewbridgewillbeaddedtothenetworkconnectionslist,andwillbeconfigurablelikeanyother bridge.

GlobeSurferIIIPage95of180

TECHNICALREFERENCEMANUAL

9.4.2.1.

General

FromtheNetworkConnectionsscreen,ifyouclickonaLANBridgeconnection,youwillberoutedto theLANBridgePropertiesscreen. Fromthisscreenyoucanclickonthetabsatthetoplefthandsidetoroutetothefollowingdetailed screens: GeneraldisplaysanoverviewoftheLANBridge(seesection1.1.1.1) SettingsallowsyoutoeditgeneralLANBridgeparameters(seesection9.4.2.2) Routingallowsyoutosetupyourgatewaytousestaticordynamicrouting(seesection0) BridgingallowsyoutospecifyLANdevicestojoinunderthenetworkbridge(seesection9.4.2.4) AdvancedallowsyoutoenablethefirewallandaddadditionalIPaddresses(seesection9.4.2.5)

GlobeSurferIIIPage96of180

TECHNICALREFERENCEMANUAL

9.4.2.2.

Settings

Thetoppartoftheconfigurationwindowdisplaysgeneralcommunicationparameters.Itisnot recommendedtochangethedefaultvaluesinthisscreenunlessyouarefamiliarwiththenetworking conceptstheyrepresent.Sinceyourgatewayisconfiguredtooperatewiththedefaultvalues,no parametermodificationisnecessary. Youcanviewandconfigurethefollowinggeneralconnectionsettings: General DeviceName:nameofLANbridge Status:optionsare: Connected Disconnected Schedule:thisdropdownlistcontainsscheduleinformation,optionsare: Always Network:thisdropdownlistshowsthenetworktypes,optionsare: LAN WAN DMZ ConnectionType:thiswillbeBridge PhysicalAddress:thephysicaladdressofthenetworkcardusedforyournetwork.Somecardsallow youtochangethisaddress. MTU:MaximumTransmissionUnit.ItspecifiesthelargestpacketsizepermittedforInternet transmission.Optionsfromthedropdownlistare: Automatic:thegatewaywillselectthebestMTUforyourInternetconnectionthisisthe defaultsetting AutomaticbyDHCP:thegatewaywillselectthebestMTUbyDHCP Manual:thisallowsyoutoenterthelargestpacketsizethatwillbetransmitted.The

GlobeSurferIIIPage97of180

TECHNICALREFERENCEMANUAL

recommendedsizeis1492.Youshouldleavethisvalueinthe1200to1500range. InternetProtocolpleasenotethataccordingtotheselectionyoumakeintheInternetProtocoldrop downlist,thescreenwillrefreshanddisplayrelevantconfigurationsettings. InternetProtocoldropdownlist:selectoneofthefollowingoptions: NoIPAddress:selectifyourequirethisconnectiontohavenoIPaddress. ObtainanIPAddressAutomatically:selectifyourequirethisconnectiontotrytoobtainitsIP addressfromaDHCPserver. UsetheFollowingIPAddress:theLANconnectionisusuallyconfiguredusingapermanent (static)IPaddress.Yourserviceprovidershouldprovideyouwiththisaddressandsubnetmask. IPAddress:entertheIPaddressprovidedbyyourserviceprovider SubnetMask:enterthesubnetmask DNSServerpleasenotethataccordingtotheselectionyoumakeintheDNSServerdropdownlist,the screenwillrefreshanddisplayrelevantconfigurationsettings. DNSServerdropdownlist:selectoneofthefollowingoptions: NoDNSServer:selectifyourequirethisconnectiontohavenoDNSServer. UsetheFollowingDNSServerAddresses:itispossibletospecifyIPaddressesofprimaryand secondaryDNSserversif,forinstance,localdomainnamesshouldbehandledbylocalname servers.NotethatfortheCellularWANinterface,DNSserversareconfiguredseparately. PrimaryDNSServer:enterserveraddress SecondaryDNSServer:enterserveraddress IPAddressDistributionthissectionallowsyoutoconfigurethegateway'sDynamicHostConfiguration Protocol(DHCP)serverparameters.TheDHCPautomaticallyassignsIPaddressestonetworkPCs.Ifyou enablethisfeature,makesurethatyoualsoconfigureyournetworkPCsasDHCPclients. IPAddressDistributiondropdownlist:selectoneofthefollowingoptions: Disabled:selectifyouwouldliketoassignIPaddressestoyournetworkcomputersstatically. DHCPServer:selectifyouaregoingtoprovidetherangeofIPaddressestoassign. DHCPRelay:yourgatewaycanactasaDHCPrelayincaseyouwouldliketodynamicallyassign IP addresses from a DHCP server other than your gateway's DHCP server. Note that when selectingthisoptionyoumustalsochangeGlobeSurferIII'sWANtoworkinroutingmode. StartIPAddress:thefirstIPaddressthatmaybeassignedtoaLANhost.Sincethegateway'sdefault IPaddressis192.168.1.1,thisaddressmustbe192.168.1.2orgreater. EndIPAddress:thelastIPaddressintherangethatcanbeusedtoautomaticallyassignIP addressestoLANhosts. SubnetMask:amaskusedtodeterminetowhatsubnetanIPaddressbelongs.Anexampleofa subnetmaskvalueis255.255.0.0. LeaseTimeinMinutes:eachdevicewillbeassignedanIPaddressbytheDHCPserverforthis amountoftime,whenitconnectstothenetwork.Whentheleaseexpires,theserverwill determineifthecomputerhasdisconnectedfromthenetwork.Ifithas,theservermayreassign thisIPaddresstoanewlyconnectedcomputer.ThisfeatureensuresthatIPaddressesthatarenot inusewillbecomeavailableforothercomputersonthenetwork. ProvideHostNameIfNotSpecifiedbyClient:clickthischeckboxifyouwouldlikethegatewayto assignahostnameautomaticallyfortheDHCPclientifitdoesnthaveone

GlobeSurferIIIPage98of180

TECHNICALREFERENCEMANUAL

NewIPAddresshyperlink:thiswillappearonthescreenifDHCPRelayhasbeenchosen. PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen. IfDHCPRelayhasbeenchosen,clicktheNewIPAddresslink.TheDHCPRelayServerAddressscreen willappear:

IPAddress:specifytheIPaddressoftheDHCPserver. PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

9.4.2.3.

Routing

Youcanchoosetosetupyourgatewaytousestaticordynamicrouting.Dynamicroutingautomatically adjusts how packets travel on the network, whereas static routing specifies a fixed routing path to

GlobeSurferIIIPage99of180

TECHNICALREFERENCEMANUAL

neighboringdestinations. Device Metric The device metric is a value used by the gateway to determine whether one route is superiortoanother,consideringparameterssuchasbandwidth,delay,andmore. DefaultRouteSelectthischeckboxtodefinethisdeviceasthedefaultroute. MulticastIGMPProxyInternalIGMPproxyenablesthesystemtoissueIGMPhostmessagesonbehalf ofhoststhatthesystemdiscoveredthroughstandardIGMPinterfaces.IGMPproxyenablestherouting of multicast packets according to the IGMP requests of LAN devices asking to join multicast groups. SelecttheMulticastIGMPProxyInternalcheckboxtoenablethisfeature. Routing Information Protocol (RIP) Select this check box to enable the Routing Information Protocol (RIP).RIPdeterminesaroutebasedonthesmallesthopcountbetweensourceanddestination.When RIPisenabled,selectthefollowing: ListentoRIPmessagesselectNone,RIPv1,RIPv2orRIPv1/2. SendRIPmessagesselectNone,RIPv1,RIPv2broadcastorRIPv2multicast. RoutingTableAllowsyoutoaddormodifyrouteswhenthisdeviceisactive.UsetheNewRoutebutton toaddarouteoreditexistingroutes.

9.4.2.4.

Bridging

ThebridgesectionallowsyoutospecifytheLANdevicesthatyouwouldliketojoinunderthenetwork bridge. SelecttheSTPcheckboxtoenabletheSpanningTreeProtocolonthedevice.Youshouldusethisto ensure that there are no loops in your network configuration, and apply these settings in case your networkconsistsofmultipleswitches,orotherbridgesapartfromthosecreatedbythegateway.

GlobeSurferIIIPage100of180

TECHNICALREFERENCEMANUAL

9.4.2.5.

Advanced

Your gateway's firewall helps protect your computer by preventing unauthorized users from gaining access to it through a network such as the Internet. The firewall can be activated per network connection. Toenablethefirewallonthisnetworkconnection,selecttheEnabledcheckbox. Youcanaddaliasnames(additionalIPaddresses)tothegatewaybyclickingtheNewIPAddresslink. Thisenablesyoutoaccessthegatewayusingthesealiasesinadditiontothe192.168.1.1.
9.4.3. LANEthernet

A LAN Ethernet connection connects computers to GlobeSurfer III using Ethernet cables, either directlyorvianetworkhubsandswitches. NotethatavailableconfigurationoptionsmayvarydependingoniftheLANEthernetinterfaceispartof abridgeornot.

GlobeSurferIIIPage101of180

TECHNICALREFERENCEMANUAL

9.4.3.1.

General

9.4.3.2.

Settings

The top part of the configuration window displays general communication parameters. It is recommended not to change the default values in this screen unless you are familiar with the networking concepts they represent. Since your gateway is configured to operate with the default values, no parameter modification is necessary. You can configure the following general connection settings: Physical Address The physical address of the network card used for your network. Some cards allow youtochangethisaddress. MTUMTUistheMaximumTransmissionUnit.ItspecifiesthelargestpacketsizepermittedforInternet transmission. Manual, allows you to enter the largest packet size that will be transmitted. The

GlobeSurferIIIPage102of180

TECHNICALREFERENCEMANUAL

recommendedsize,is1492.Youshouldleavethisvalueinthe1200to1500range.Tohavethegateway selectthebestMTUforyourInternetconnection,selectAutomatic(defaultsetting).

9.4.3.3.

Advanced

Your gateway's firewall helps protect your computer by preventing unauthorized users from gaining access to it through a network such as the Internet. The firewall can be activated per network connection. Toenablethefirewallonthisnetworkconnection,selectthecheckbox. Youcanaddaliasnames(additionalIPaddresses)tothegatewaybyclickingtheNewIPAddresslink. Thisenablesyoutoaccessthegatewayusingthesealiasesinadditiontothe192.168.1.1.
9.4.4. LANWireless

The LAN Wireless interface in the GlobeSurfer III provides wireless connectivity for IEEE 802.11b/g equippedWLANclients.GlobeSurferIIIintegratesmultiplelayersofsecurity.TheseincludetheIEEE 802.1xportbasedauthenticationprotocol,RADIUSclient,EAPMD5,EAPTLS,EAPTTLS,EAPPEAP,Wi Fi Protected Access (WPA) and industry leading GlobeSurfer III Firewall and VPN applications. In addition, GlobeSurfe's builtin authentication server enables home/SOHO users to define authorized wirelessuserswithouttheneedforanexternalRADIUSserver. ToconfiguretheLANWirelessconnection: ClicktheNetworkConnectionstab,theNetworkConnectionsscreenwillappear.Clickthewireless connectionlink(oritsEditactionbutton)toviewitsproperties.TheLANWirelessPropertiesscreen willappear.

GlobeSurferIIIPage103of180

TECHNICALREFERENCEMANUAL

9.4.4.1.

General

9.4.4.2.

Settings

The top part of the configuration window displays general communication parameters. It is recommended not to change the default values in this screen unless you are familiar with the networking concepts they represent. Since your gateway is configured to operate with the default values, no parameter modification is necessary. You can configure the following general connection settings: Physical Address The physical address of the network card used for your network. Some cards allow youtochangethisaddress. MTUMTUistheMaximumTransmissionUnit.ItspecifiesthelargestpacketsizepermittedforInternet transmission. Manual, allows you to enter the largest packet size that will be transmitted. The recommendedsize,is1492.Youshouldleavethisvalueinthe1200to1500range.Tohavethegateway

GlobeSurferIIIPage104of180

TECHNICALREFERENCEMANUAL

selectthebestMTUforyourInternetconnection,selectAutomatic(defaultsetting).

9.4.4.3.

Wireless

Thewirelessaccesspointsettingsare:SSIDTheSSIDisthenetworknamesharedamongallpointsina wirelessnetwork.TheSSIDmustbeidenticalforallpointsinthewirelessnetwork.Itiscasesensitive andmustnotexceed32characters(useanyofthecharactersonthekeyboard).Makesurethissetting isthesameforallpointsinyourwirelessnetwork.Foraddedsecurity,youshouldchangethedefault SSIDtoauniquename.SSIDBroadcastSelectthischeckboxtoenabletheSSID'sbroadcast.SSID broadcastisusedinordertohidethenameoftheAP(SSID)fromclientsthatshouldnotbeawaretoits existence.802.11ModeSelecttheWirelesscommunicationstandardthatiscompatiblewithyouPC's wirelesscard.Youcanworkineither802.11g,802.11borinmixedmode.ChannelSelectthe appropriatechannelfromthelistprovidedtocorrespondwithyournetworksettings.Alldevicesin yourwirelessnetworkmustbebroadcastondifferentchannelsinordertofunctioncorrectly.Frame BurstFrameBurstingisamethodtoincreasethespeedof802.11gbasedwirelessnetworksby unwrappingshort802.11gpacketsandrebundlingthemintoalargerpackettoreducetheimpactof mandatorygapsbetweenpackets.Ifyouareexperiencingproblemswithyourwirelessconnection,try todisableFrameBurst.NetworkAuthenticationTheWPAnetworkauthenticationmethodisOpen SystemAuthentication,meaningthatanetworkkeyisnotusedforauthentication.Whenusingthe 802.1XWEPorNon802.1XWEPsecurityprotocols,thisfieldchangestoacombobox,offeringthe SharedKeyAuthenticationmethod(whichusesanetworkkeyforauthentication),orbothmethods combined.TransmissionRateThetransmissionrateissetaccordingtothespeedofyourwireless connection.Selectthetransmissionratefromthedropdownlist,orselectAutotohaveGlobeSurfer

GlobeSurferIIIPage105of180

TECHNICALREFERENCEMANUAL

IIIautomaticallyusethefastestpossibledatatransmissionrate.CTSProtectionModeCTSProtection Modeboostsyourgateway'sabilitytointerceptWirelessGand802.11btransmissions.Conversely,CTS ProtectionModedecreasesperformance.Leavethisfeaturedisabledunlessyouencountersevere communicationdifficultiesbetweenthegatewayandWirelessGproducts.CTSProtectionTypeCTS ProtectionTypedefinesiftheCTSProtectionModedefinedaboveshoulduseCTSonlyorbothRTS/CTS. BeaconIntervalAbeaconisapacketbroadcastbyGlobeSurferIIItosynchronizethewireless network.TheBeaconIntervalvalueindicateshowoftenthebeaconissent.DTIMIntervalTheDelivery TrafficIndicationMessage(DTIM)isacountdownvaluethatinformswirelessclientsofthenext opportunitytoreceivemulticastandbroadcastmessages.Thisvaluerangesbetween1and16384. FragmentationThresholdPacketsthatarelargerthanthisthresholdarefragmentedintomultiple packets.Trytoincreasethefragmentationthresholdifyouencounterhighpacketerrorrates.Donot setthethresholdtoolow,sincethiscanresultinreducednetworkingperformance.RTSThreshold GlobeSurferIIIsendsRequesttoSend(RTS)packetstotheWirelessclientinordertonegotiatethe dispatchingofdata.TheWirelessclientrespondswithaCleartoSend(CTS)packet,signalingthat transmissioncancommence.Incasepacketsaresmallerthanthepresetthreshold,theRTC/CTS mechanismisnotactive.Ifyouencounterinconsistentdataflow,tryaminorreductionoftheRTS thresholdsize.MACFilteringModeYoucanfilterwirelessusersaccordingtotheirMACaddress,either allowingordenyingaccess.Choosetheactiontobeperformedbyselectingitfromthedropdown menu.ThenusetheMACFilteringSettingsoptiontoaddandremoveMACAddressestothelistof allowedordeniedclients. Toconfigureyourwirelesssecurity,enablethisfeaturebycheckingitsEnabledcheckboxonthe ConfigureLANWirelessAccessPointscreen.Thescreenwillrefresh,displayingthewirelesssecurity options.ClickApplytoifyouwishtosavethischange. StationsSecurityTypeSelectthetypeofsecurityprotocolforsecuringyourwirelessnetwork.Choose betweenWPA,WPA2,WPAandWPA2,802.1xWEP,andNon802.1xWEP.Thescreenwillrefresh, presentingeachprotocol'sconfigurationrespectively. WPAadataencryptionmethodfor802.11wirelessLANs. AuthenticationMethodSelecttheauthenticationmethodyouwouldliketo use.YoucanchoosebetweenPreSharedKeyand802.1x. PreSharedKeyThisentryappearsonlyifyouhadselectedthis authenticationmethod.EnteryourencryptionkeyinthePreSharedKeyfield. YoucanuseeitheranASCIIoraHexvaluebyselectingthevaluetypeinthecomboboxprovided. EncryptionAlgorithmSelectwhethertousetheTemporalKeyIntegrityProtocol(TKIP)ortheAdvanced EncryptionStandard(AES)fortheencryptionalgorithm.GroupKeyUpdateIntervalDefinesthetime intervalinsecondsforupdatingagroupkey. WPA2anenhancedversionofWPA,anddefinesthe802.11iprotocol. AuthenticationMethodSelecttheauthenticationmethodyouwouldliketo use.YoucanchoosebetweenPreSharedKeyand802.1x. PreSharedKeyThisentryappearsonlyifyouhadselectedthis authenticationmethod.EnteryourencryptionkeyinthePreSharedKeyfield.

GlobeSurferIIIPage106of180

TECHNICALREFERENCEMANUAL

YoucanuseeitheranASCIIoraHexvaluebyselectingthevaluetypeinthe comboboxprovided. EncryptionAlgorithmTheencryptionalgorithmusedforWPA2isthe AdvancedEncryptionStandard(AES). GroupKeyUpdateIntervalDefinesthetimeintervalinsecondsfor updatingagroupkey. WPAandWPA2MixedModeamixeddataencryptionmode. AuthenticationMethodSelecttheauthenticationmethodyouwouldliketo use.YoucanchoosebetweenPreSharedKeyand802.1x. PreSharedKeyThisentryappearsonlyifyouhadselectedthis authenticationmethod.EnteryourencryptionkeyinthePreSharedKeyfield. YoucanuseeitheranASCIIoraHexvaluebyselectingthevaluetypeinthe comboboxprovided. EncryptionAlgorithmTheencryptionalgorithmusedforWPAandWPA2isaeithertheTemporalKey IntegrityProtocol(TKIP)ortheAdvancedEncryptionStandard(AES).GroupKeyUpdateInterval Definesthetimeintervalinsecondsforupdatingagroupkey. 802.1xWEPadataencryptionmethodutilizingastaticallyorautomaticallydefinedkeyfor wirelessclientsthatuse802.1xforauthenticationandWEPforencryption.Youmaydefineupto fourkeysbutuseonlyoneatatime. GenerateKeysAutomaticallySelectthisoptiontogeneratetheencryption keysautomaticallyratherthanenteringthemmanually.Thescreenwillrefresh, hidingthetableofkeysdescribedbelow. GroupKeyUpdateIntervalDefinesthetimeintervalinsecondsfor updatingagroupkey. ActiveSelecttheencryptionkeytobeactivated. EncryptionKeyTypetheencryptionkeyuntiltheentirefieldisfilled.The keycannotbeshorterthanthefield'slength. FormatSelectthecharactertypeforthekey:HexorASCII. KeyLengthSelectthekeylengthinbits:40or104bits. The encryption key must be defined in the wireless Windows client as well. This is done in the Connection Properties Configuration window. If you have manually defined the encryption key, you mustalsospecifyitinthiswindow.Ifyouhavechosentheautomatickeygeneration,checktheThe keyisprovidedformeautomaticallycheckboxinstead.

GlobeSurferIIIPage107of180

TECHNICALREFERENCEMANUAL

1 IntheNetworkAuthenticationcombobox,selectShared. 2 IntheDataEncryptioncombobox,selectWEP. 3 EnteryourencryptionkeyinboththeNetworkkeyandtheConfirmnetworkkeyfields. Non802.1x WEP a data encryption method utilizing a staticallydefined key for wireless clients thatdonotuse802.1xforauthenticationbutWEPforencryption. This method's configuration is virtually identical to the 802.1x WEP method described above, excluding the automatic key generation and the group key update interval specification. Please refertothe802.1xWEPsectionabovewhenconfiguringthismethod.Rememberthatthestatickey mustbedefinedinthewirelessWindowsclientaswell. SelectoneofthefollowingInternetProtocoloptionsfromtheInternetProtocoldropdownmenu: NoIPAddress ObtainanIPAddressAutomatically UsetheFollowingIPAddress Pleasenotethataccordingtotheselectionyoumakeinthe'InternetProtocol'dropdownmenu,the screenwillrefreshanddisplayrelevantconfigurationsettings. NoIPAddressSelectNoIPAddressifyourequirethatthisconnectionwillhavenoIPaddress.

GlobeSurferIIIPage108of180

TECHNICALREFERENCEMANUAL

ObtainAddressAutomaticallySelectObtainAddressAutomaticallyifyourequirethatthisconnection willtrytoobtainitsIPaddressfromaDHCPserver. UsetheFollowingIPAddressTheLANconnectionisusuallyconfiguredusingapermanent(static)IP address.Yourserviceprovidershouldprovideyouwiththisaddress,andsubnetmask. ItispossibletospecifyIPaddressesofprimaryandsecondaryDNSserversifforinstancelocaldomain namesshouldbehandledbylocalnameservers.NotethatfortheCellularWANinterface,DNSservers areconfiguredseparately. TheIPAddressDistributionsectionallowsyoutoconfigurethegateway'sDynamicHostConfiguration Protocol(DHCP)serverparameters.TheDHCPautomaticallyassignsIPaddressestonetworkPCs.Ifyou enablethisfeature,makesurethatyoualsoconfigureyournetworkPCsasDHCPclients. SelectoneofthefollowingoptionsfromtheIPAddressDistributioncombobox: DHCPServerStartIPAddressThefirstIPaddressthatmaybeassignedtoaLANhost.Sincethe gateway'sdefaultIPaddressis192.168.1.1,thisaddressmustbe 192.168.1.2orgreater. End IP Address The last IP address in the range that can be used to automatically assign IP addressestoLANhosts. SubnetMaskAmaskusedtodeterminetowhatsubnetanIPaddressbelongs.Anexampleofa subnetmaskvalueis255.255.0.0. WINS server If you use a Windows Internet Naming Service (WINS), specify the WINS server addressinthisfield. LeaseTimeInMinutesEachdevicewillbeassignedanIPaddressbytheDHCPserverforathis amount of time, when it connects to the network. When the lease expires the server will determineifthecomputerhasdisconnectedfromthenetwork.Ifithas,theservermayreassign thisIPaddresstoanewlyconnectedcomputer.ThisfeatureensuresthatIPaddressesthatare notinusewillbecomeavailableforothercomputersonthenetwork. ProvideHostNameIfNotSpecifiedbyClientIftheDHCPclientdoesnothaveahostname,the gatewaywillautomaticallyassignoneforhim. DHCPRelayYourgatewaycanactasaDHCPrelayincaseyouwouldliketodynamicallyassignIP addressesfromaDHCPserverotherthanyourgateway'sDHCPserver.Notethatwhenselecting thisoptionyoumustalsochangeGlobeSurferIII'sWANtoworkinroutingmode. 7. AfterselectingDHCPRelayfromthedropdownmenu,aNewIPAddresslinkwillappear: ClicktheNewIPAddresslink.TheDHCPRelayServerAddressscreenwillappear:

GlobeSurferIIIPage109of180

TECHNICALREFERENCEMANUAL

1 SpecifytheIPaddressoftheDHCPserver. 2 ClickOKtosavethesettings. DisabledSelectDisabledfromthecomboboxifyouwouldliketostaticallyassignIPaddressesto yournetworkcomputers. Youcanchoosetosetupyourgatewaytousestaticordynamicrouting.Dynamicroutingautomatically adjusts how packets travel on the network, whereas static routing specifies a fixed routing path to neighboringdestinations. Device Metric The device metric is a value used by the gateway to determine whether one route is superiortoanother,consideringparameterssuchasbandwidth,delay,andmore. DefaultRouteSelectthischeckboxtodefinethisdeviceasthedefaultroute. MulticastIGMPProxyInternalIGMPproxyenablesthesystemtoissueIGMPhostmessagesonbehalf ofhoststhatthesystemdiscoveredthroughstandardIGMPinterfaces.IGMPproxyenablestherouting of multicast packets according to the IGMP requests of LAN devices asking to join multicast groups. SelecttheMulticastIGMPProxyInternalcheckboxtoenablethisfeature. Routing Information Protocol (RIP) Select this check box to enable the Routing Information Protocol (RIP).RIPdeterminesaroutebasedonthesmallesthopcountbetweensourceanddestination.When RIPisenabled,selectthefollowing: ListentoRIPmessagesselectNone,RIPv1,RIPv2orRIPv1/2. SendRIPmessagesselectNone,RIPv1,RIPv2broadcastorRIPv2multicast. RoutingTableAllowsyoutoaddormodifyrouteswhenthisdeviceisactive.UsetheNewRoutebutton toaddarouteoreditexistingroutes.

9.4.4.4.

Advanced

Your gateway's firewall helps protect your computer by preventing unauthorized users from gaining access to it through a network such as the Internet. The firewall can be activated per network connection. Toenablethefirewallonthisnetworkconnection,selecttheEnabledcheckbox. Youcanaddaliasnames(additionalIPaddresses)tothegatewaybyclickingtheNewIPAddresslink. Thisenablesyoutoaccessthegatewayusingthesealiasesinadditiontothe192.168.1.1.
9.4.5. WANCellular

TheWANCellularconnectionconnectstheGlobeSurferIIItotheInternetandothernetworksthrough

GlobeSurferIIIPage110of180

TECHNICALREFERENCEMANUAL

theGSMandUMTSmobiletelecommunicationsstandards.TheWANCellularPropertiesscreendisplays asummaryoftheconnectionproperties.

9.4.5.1.

General

9.4.5.2.

Settings

GlobeSurferIIIPage111of180

TECHNICALREFERENCEMANUAL

The top part of the configuration window displays general communication parameters. It is recommended not to change the default values in this screen unless you are familiar with the networking concepts they represent. Since your gateway is configured to operate with the default values, no parameter modification is necessary. You can configure the following general connection settings: MTUMTUistheMaximumTransmissionUnit.ItspecifiesthelargestpacketsizepermittedforInternet transmission. Manual, allows you to enter the largest packet size that will be transmitted. The recommendedsize,is1492.Youshouldleavethisvalueinthe1200to1500range.Tohavethegateway selectthebestMTUforyourInternetconnection,selectAutomatic(defaultsetting). SelectoneofthefollowingInternetProtocoloptionsfromtheInternetProtocoldropdownmenu: NoIPAddress ObtainanIPAddressAutomatically UsetheFollowingIPAddress Please note that according to the selection you make in the Internet Protocol drop down menu, the screenwillrefreshanddisplayrelevantconfigurationsettings. NoIPAddressSelectNoIPAddressifyourequirethatthisconnectionwillhavenoIPaddress. ObtainAddressAutomaticallySelectObtainAddressAutomaticallyifyourequirethatthisconnection willtrytoobtainitsIPaddressfromaDHCPserver. UsetheFollowingIPAddressTheLANconnectionisusuallyconfiguredusingapermanent(static)IP address.Yourserviceprovidershouldprovideyouwiththisaddress,andsubnetmask. ItispossibletospecifyIPaddressesofprimaryandsecondaryDNSserversifforinstancelocaldomain namesshouldbehandledbylocalnameservers.NotethatfortheCellularWANinterface,DNSservers areconfiguredseparately. If the Internet Protocol setting mentioned above is set to Obtain an IP address automatically, then thereisalsoanoptiontoconfiguretheDNSServersettingtoobtainDNSServersettingsautomatically.

GlobeSurferIIIPage112of180

TECHNICALREFERENCEMANUAL

9.4.5.3.

Routing

Youcanchoosetosetupyourgatewaytousestaticordynamicrouting.Dynamicroutingautomatically adjusts how packets travel on the network, whereas static routing specifies a fixed routing path to neighboringdestinations. RoutingModeWhenAdvancedroutingisselected,selectoneofthefollowing Routingmodes:RouteUseroutemodeifyouwantyourGlobeSurferIIItofunctionasarouter betweentwonetworks. NAPT Network Address and Port Translation (NAPT) refers to network address translation involvingthemappingofportnumbers,allowingmultiplemachinestoshareasingleIPaddress. Use NAPT if your LAN encompasses multiple devices, a topology that necessitates port translationinadditiontoaddresstranslation.DeviceMetricThedevicemetricisavalueusedby the gateway to determine whether one route is superior to another, considering parameters suchasbandwidth,delay,andmore. DefaultRouteSelectthischeckboxtodefinethisdeviceasthedefaultroute. MulticastIGMPProxyInternalIGMPproxyenablesthesystemtoissueIGMPhostmessagesonbehalf ofhoststhatthesystemdiscoveredthroughstandardIGMPinterfaces.IGMPproxyenablestherouting of multicast packets according to the IGMP requests of LAN devices asking to join multicast groups. SelecttheMulticastIGMPProxyInternalcheckboxtoenablethisfeature. Routing Information Protocol (RIP) Select this check box to enable the Routing Information Protocol (RIP).RIPdeterminesaroutebasedonthesmallesthopcountbetweensourceanddestination.When RIPisenabled,selectthefollowing: ListentoRIPmessagesselectNone,RIPv1,RIPv2orRIPv1/2.

GlobeSurferIIIPage113of180

TECHNICALREFERENCEMANUAL

SendRIPmessagesselectNone,RIPv1,RIPv2broadcastorRIPv2multicast. Routing Table Allows you to add or modify routes when this device is active. Use the 'New Route' buttontoaddarouteoreditexistingroutes.

9.4.5.4.

Advanced

Your gateway's firewall helps protect your computer by preventing unauthorized users from gaining access to it through a network such as the Internet. The firewall can be activated per network connection. Toenablethefirewallonthisnetworkconnection,selectthe'Enabled'checkbox.
9.4.6. ConfiguringyourWirelessWindows XPclients

IfyourPChaswirelesscapabilities,Microsoft Windows XPwillautomaticallyrecognizethisandcreate awirelessconnectionforyou.YoucanviewthisconnectionunderWindow'sNetworkConnections. Note:ThefollowingdescriptionandimagesareinaccordancewithMicrosoft Windows XP,Version 2002,runningServicePack2. 1 OpenyourNetworkConnectionswindowfromWindow 'sControlPanel. 2 Doubleclickthewirelessconnectionicon.TheWirelessNetworkConnectionscreenwillappear, displayingallavailablewirelessnetworksinyourvicinity.Ifyourgatewayisconnectedandactive, youwillseeGlobeSurferIII'swirelessconnection.Notethattheconnection'sstatusisNot connectedanddefinedasUnsecuredwirelessnetwork.

GlobeSurferIIIPage114of180

TECHNICALREFERENCEMANUAL

3 ClicktheconnectiononcetomarkitandthenpresstheConnectbuttonatthebottomofthe screen.Aftertheconnectionisestablished,itsstatuswillchangetoConnected:

GlobeSurferIIIPage115of180

TECHNICALREFERENCEMANUAL

An icon will appear in the notification area, announcing the successful initiation of the wireless connection.

YoucannowuseGlobeSurferIII'swirelessnetworkfromtheconfiguredPC.However,socananyother userwithawirelessPC,whichhappenstobeinyournetwork'sradiorange.Suchauserhasaccessto any disk shares available in your network. To prevent this scenario, the next logical step is to secure yourwirelessnetwork,allowingonlyspecificuserstoconnect.

GlobeSurferIIIPage116of180

TECHNICALREFERENCEMANUAL

9.5.

Monitor

AccessGlobeSurferIII'smonitoringsettingsbyclickingtheMonitortabintheSystemarea. Fromthisscreenyoucanclickonthetabsatthetoprighthandsidetoroutetothefollowingdetailed screens: Network(seesection9.5.1) CPU(seesection9.5.2) Log(seesection9.5.3)


9.5.1. NetworkConnection

ToaccesstheNetworkConnectionsscreen,clicktheNetworktabatthetoprighthandsideofthe MonitorscreenintheSystemarea.

Thisscreendisplaysatablesummarizingthemonitoredconnectiondata.GlobeSurferIIIconstantly monitorstrafcwithinthelocalnetworkandbetweenthelocalnetworkandtheInternet.Youcanview statisticalinformationaboutdatareceivedfromandtransmittedtotheInternet(WAN)andto computersinthelocalnetwork(LAN). Click on the LAN Bridge hyperlink to be routed to the LAN Bridge Properties screen in the Network ConnectionstabintheSystemarea(seesection9.4.2) ClickontheLANEthernethyperlinktoberoutedtotheLANEthernetPropertiesscreenintheNetwork ConnectionstabintheSystemarea(seesection9.4.3)

GlobeSurferIIIPage117of180

TECHNICALREFERENCEMANUAL

Click on the LAN Wireless 802.1g Access Point hyperlink to be routed to the LAN Wireless 802.11g AccessPointPropertiesscreenintheNetworkConnectionstabintheSystemarea(seesection9.4.4) ClickontheWANCellularhyperlinktoberoutedtotheWANCellularPropertiesscreenintheNetwork ConnectionstabintheSystemarea(seesection9.4.5) ClickontheIPAddressDistributionhyperlinktoberoutedtotheIPAddressDistributionscreeninthe NetworkConnectionstabintheServices(seesection8.6.2) PresstheClosebuttontogototheHomescreen. PresstheAutomaticRefreshOffbuttontokeepthescreenasitisandnotconstantlyupdate. PresstheAutomaticRefreshOnbuttontoconstantlyupdatethedisplayedparameters. PresstheResetStatisticsbuttontoresettheReceivedbytes(MB),Sentbytes(MB),ReceivedPackets, SentPackets,Receivedbytes,Sentbytes,ReceiveErrors,ReceiveDropsandCurrentconnectiontime fieldstozero. PresstheRefreshbuttontoupdatethedisplaymanually.
9.5.2. CPU

To access the CPU screen, click the CPU tab at the top right hand side of the Monitor screen in the Systemarea.

Thisscreenshowsvariousdetailsofalltheprocessesinthesystemandthecurrentuptime. PresstheClosebuttontogototheHomescreen. PresstheAutomaticRefreshOffbuttontokeepthescreenasitisandnotrefreshautomatically. PresstheAutomaticRefreshOnbuttontoenablethescreentoberefreshedautomaticallyatregular intervals.

GlobeSurferIIIPage118of180

TECHNICALREFERENCEMANUAL

PresstheRefreshbuttontorefreshthescreenmanually.
9.5.3. SystemLog

ToaccesstheSystemLogscreen,clicktheLogtabatthetoprighthandsideoftheMonitorscreenin theSystemarea.

Thisscreendisplaysthesystemlog.Filtersonthelogaredisplayedandcanbeadded,modifiedand deleted.Foreachfilterthefollowingdataisshown: Component:componentsthefilterappliesto:choosefromthedropdownlist Severity:eventsofthisseverityorhigherwillappearinthelog:choosefromthedropdownlist: o None o Emergency o Alert o Critical o Error o Warning o Notice o Information o Debug Action:add,modifyordelete ClicktheNewFilterhyperlinktoaddanewfilter. PresstheApplyFiltersbuttontoapplythefiltersyouhavesetup,tothelog. PresstheResetFiltersbuttontodeleteallfilters. Foreachlogentrythefollowingdataisshown: Time:dateandtimestamp Component:areaofsystemwhereeventhappened Severity:levelofseverityoflogentry Details:descriptionoflogentry.Warningsareshowninorange.Errorsareshowninred.

GlobeSurferIIIPage119of180

TECHNICALREFERENCEMANUAL

PresstheClosebuttontogototheHomescreen. PresstheClearLogbuttontodeleteallthelogentries. PresstheDownloadlogbuttontosavethelogtoanExcelspreadsheet. PresstheRefreshbuttontoupdatethedata.

9.6.

Routing

AccessGlobeSurferIII'sroutingsettingsbyclickingtheRoutingtabintheSystemarea. Fromthisscreenyoucanclickonthetabsatthetoprighthandsidetoroutetothefollowingdetailed screens: General(seesection9.6.1) BGPandOSPF(seesection9.6.2) PPoERelay(seesection9.6.3)


9.6.1. General/Routing

ToaccesstheGeneral/Routingscreen,clicktheGeneraltabatthetoprighthandsideoftheRouting screenintheSystemarea.

Foreachroutethefollowingdataisdisplayed: Name:thetypeofnetworkdevice(LANBridgeorWANCellular). Destination:thedestinationisthedestinationhost,subnetaddress,networkaddress, ordefaultroute.Thedestinationforadefaultrouteis0.0.0.0.

GlobeSurferIIIPage120of180

TECHNICALREFERENCEMANUAL

Gateway:theIPaddressoftheGlobeSurferIII. Netmask:thenetworkmaskisusedinconjunctionwiththedestinationtodetermine whenarouteisused. Metric:ameasurementofthepreferenceofaroute.Typically,thelowestmetricisthe mostpreferredroute.Ifmultipleroutesexisttoagivendestinationnetwork,theroute withthelowestmetricisused. Status Action:add,modifyordelete

Youcanadd,editanddeleteroutingrulesfromtheroutingtablein themannerdescribedinsection3.3. ClicktheNewRouteicontogototheRouteSettingsscreen(seesection9.6.1.1) Thefollowingdatacanbemodified: Routing Information Protocol (RIP): select this checkbox in order to enable connections previously defined to use RIP. If this checkbox is not selected, RIP will be disabled for all connections,includingthosedefinedtouseRIP. o PoisonReverse:selectthischeckboxsetPoisonReverse o Do not Advertise Direct Connected Routes: select this checkbox if you do not wish to advertisedirectconnectedroutes Internet Group Management Protocol (IGMP): GlobeSurfer III provides support for IGMP multicasting,whichallowshostsconnectedtoanetworktobeupdatedwheneveranimportant changeoccursinthenetwork.Amulticastissimplyamessagethatissentsimultaneouslytoa predefinedgroupofrecipients.Whenyoujoinamulticastgroupyouwillreceiveallmessages addressedtothegroup,muchlikewhathappenswhenanemailmessageissenttoamailing list.IGMPmulticastingmaybeusefulwhenconnectedtotheInternetthrougharouter.When an application running on a LAN computer sends out a request to join a multicast group, GlobeSurferIIIwilllistenandinterceptthisgroup'smessages,sendingthemtothesubscribed application.Selectthischeckboxtoenablethisfeature. o IGMPFastLeave:selectthischeckboxtosetIGMPFastLeave o IGMPMulticasttoUnicast:selectthischeckboxtosetIGMPMulticasttoUnicast

Domain Routing: when GlobeSurfer III's DNS server receives a reply from an external DNS

GlobeSurferIIIPage121of180

TECHNICALREFERENCEMANUAL

server,itwilladdaroutingentryfortheIPaddressofthereplythroughthedevicefromwhichit arrived.ThismeansthatfuturepacketsfromthisIPaddresswillberoutedthroughthedevice fromwhichthereplyarrived.Selectthecheckboxtoenabledomainrouting. PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

9.6.1.1.

RouteSettings

Whenaddingaroutingrule,youneedtospecify: Name:selectthetypeofnetworkdevice(LANBridgeorWANCellular). Destination:thedestinationisthedestinationhost,subnetaddress,networkaddress, ordefaultroute.Thedestinationforadefaultrouteis0.0.0.0. Netmask:thenetworkmaskisusedinconjunctionwiththedestinationtodetermine whenarouteisused. Gateway:entertheIPaddressoftheGlobeSurferIII. Metric:ameasurementofthepreferenceofaroute.Typically,thelowestmetricisthe mostpreferredroute.Ifmultipleroutesexisttoagivendestinationnetwork,theroute withthelowestmetricisused.

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage122of180

TECHNICALREFERENCEMANUAL


9.6.2. BGPandOSPF

To access the BGP and OSPF screen, click the BGP and OSPF tab at the top right hand side of the RoutingscreenintheSystemarea.

Thefollowingdatacanbemodified: BorderGatewayProtocol(BGP):selectthischeckboxtoenableBGP,thenenter: BGPConfigurationFile:byclickingontheSetDefaultValuebutton ZebraConfigurationFile:byclickingontheSetDefaultValuebutton

OpenShortestPathFirst(OSPF):selectthischeckboxtoenableOSPF,thenenter: OSPFConfigurationFile:byclickingontheSetDefaultValuebutton ZebraConfigurationFile:byclickingontheSetDefaultValuebutton

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage123of180

TECHNICALREFERENCEMANUAL


9.6.3. PPPoERelay

ToaccessthePPPoEscreen,clickthePPPoEtabatthetoprighthandsideoftheRoutingscreeninthe Systemarea.

Thefollowingdatacanbemodified: PointtoPoint Protocol over Ethernet (PPPoE): select this checkbox to enable PPPoE. This is a specificationforconnectingusersonanEthernetnetworktotheInternetbyusingabroadband connection(typicallythroughaDSLmodem).

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

9.7.

Management

AccessGlobeSurferIII'smanagementsettingsbyclickingtheManagementtabintheSystemarea. Fromthisscreenyoucanclickonthetabsatthetoprighthandsidetoroutetothefollowingscreens: UniversalPlugandPlay(seesection9.7.1) SimpleNetworkManagementProtocol(SNMP)(seesection9.7.2) RemoteAdministration(seesection9.7.3)


9.7.1. UniversalPlugandPlay

ToaccesstheUPnPscreen,clicktheUniversalPlugandPlaytabatthetoprighthandsideofthe ManagementscreenintheSystemarea.

GlobeSurferIIIPage124of180

TECHNICALREFERENCEMANUAL

Thefollowingdatacanbemodified: AllowOtherNetworkUserstoControlGlobeSurferIIIsNetworkFeatures:selectthischeckbox toenabletheUPnPfeature.ThiswillenableyoutodefineUPnPservicesonanyLANhost. Enable Automatic Cleanup of Old Unused UPnP Services: select this checkbox to enable automatic cleanup of invalid rules. When enabled, this feature checks validity of all the UPnP servicesandrulesevery5minutes.AnyUPnPdefinedservicethatisfoundtobeoldandnotin useisremoved,unlessanyuserdefinedrule(seeSecurityscreen)dependsonit.Thisfeatureis disabled by default. Since there is a limitation on the maximum number of UPnP defined servicesto256,youshouldwanttoenablethecleanupfeatureifyoumightexceedthislimit.In thecasewherethelimitmightbeexceededUPnPservicesarenotdeletedwhendisconnectinga computerwithoutpropershutdownoftheUpnPapplication(e.g.messenger).Thus,ifyouare runningaboingo,servicesmayoftennotbedeleted,andwilleventuallyleadtoexhaustionof rulesandservices,andnonewservicescouldbedefined.Inthisscenariothecleanupfeature willfindservicesthatarenolongervalidandwillremovethem,preventingservicesexhaustion. WANConnectionPublication:selectanoptionfromthedropdownlist: PublishOnlytheMainWANConnection PublishAllWANConnections

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.


9.7.2. SimpleNetworkManagementProtocol(SNMP)

ToaccesstheSNMPscreen,clicktheSimpleNetworkManagementProtocoltabatthetoprighthand sideoftheManagementscreenintheSystemarea.

GlobeSurferIIIPage125of180

TECHNICALREFERENCEMANUAL

SNMPenablesnetworkmanagementsystemstoremotelyconfigureandmonitorGlobeSurferIII.Your Internetserviceprovider(ISP)mayuseSNMPinordertoidentifyandresolvetechnicalproblems.Your ISPshouldprovidetechnicalinformationregardingthepropertiesofGlobeSurferIIIsSNMPagent. ThefollowingSNMPparameterscanbemodified,asprovidedbyyourInternetserviceprovider: Enabled:selectthischeckboxtoenableSNMP AllowIncomingWANAccesstoSNMP:selectthischeckboxtoallowincomingWANaccess SNMPcommunitystringsarepasswordsusedinSNMPmessagesbetweenthemanagement systemandGlobeSurferIII. ReadOnlyCommunityName:areadonlycommunityallowsthemanagertomonitor GlobeSurferIII. ReadWriteCommunityName:areadwritecommunityallowsthemanagertoboth monitorandconfigureGlobeSurferIII. TrustedPeer:entertheIPaddress,orsubnetsofaddresses,thatidentifywhichremote managementstationsareallowedtoperformSNMPoperationsonGlobeSurferIII,chooseone ofthefollowingfromthedropdownlist: AnyAddress SpecifyanIPAddress SpecifyaSubnet SNMPTraps:messagessentbyGlobeSurferIIItoaremotemanagementstation,inorderto notifythemanagerabouttheoccurrenceofimportanteventsorseriousconditions. GlobeSurferIIIsupportsbothSNMPversion1andSNMPversion2ctraps. Enabled:selectthischeckboxtoenableSNMPtraps,andthenenter: Version:selectoneofthefollowingfromthedropdownlist: SNMPv1 SNMPv2c Destination Community PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage126of180

TECHNICALREFERENCEMANUAL


9.7.3. Remote Administration

ToaccesstheRemoteAdministrationscreen,clicktheRemoteAdministrationtabatthetoprighthand sideoftheManagementscreenintheSystemarea.

ItispossibletoaccessandcontrolGlobeSurferIIInotonlyfromwithinthehomenetwork,butalso fromtheInternet.Thisallowsyoutovieworchangesettingswhiletravelling.Italsoenablesyouto allowyourISPtochangesettingsorhelpyoutroubleshootfunctionalityorcommunicationissuesfrom aremotelocation. RemoteaccesstoGlobeSurferIIIisblockedbydefaulttoensurethesecurityofyourhomenetwork. However,remoteaccessissupportedbythefollowingservices,andyoumayusetheRemote Administrationscreentoselectivelyenabletheseservicesiftheyareneeded. Note:WebManagement,TelnetandSSHmaybeusedtomodifysettingsofthefirewallordisableit. TheusermayalsochangelocalIPaddressesandothersettings,makingitdifficultorimpossibleto accessthegatewayfromthehomenetwork.Therefore,remoteaccesstoTelnetorHTTPservices shouldbeblockedandshouldonlybepermittedwhenabsolutelynecessary.

GlobeSurferIIIPage127of180

TECHNICALREFERENCEMANUAL

Thefollowingdatacanbemodified: AllowIncomingWANAccesstoWebManagement:usedtoobtainaccesstotheWebbased Managementandgainaccesstoallsystemsettingsandparameters(usingabrowser).Both secure(HTTPS)andnonsecure(HTTP)accessisavailable.Selectthecheckboxesrequired: UsingPrimaryHTTPPort(80) UsingSecondaryHTTPPort(8080) UsingPrimaryHTTPSPort(443) UsingSecondaryHTTPSPort(8443) AllowIncomingWANAccesstotheTelnetServer:usedtocreateacommandlinesessionand gainaccesstoallsystemsettingsandparameters(usingatextbasedterminal). UsingPrimaryTelnetPort(23) UsingSecondaryTelnetPort(8023) UsingSecureTelnetoverSSLPort(992) SNMP:usedtoallowSimpleNetworkManagementProtocol(SNMP)requeststoremotely configureandmonitorGlobeSurferIII.Formoreinformation,pleaserefertosection9.7.2. Enabled:selectthischeckboxtoenableSNMP AllowIncomingWANAccesstoSNMPselectthischeckboxtoallowincomingWANaccess DiagnosticTools:usedfortroubleshootingandremotesystemmanagementbyyouoryour InternetServiceProvider.TheutilitiesthatcanbeusedarePingandTraceroute(overUDP). AllowIncomingWANICMPEchoRequests(e.g.pingsandICMPtraceroutequeries):select thischeckboxtoallowincomingWANICMPechorequests AllowIncomingWANUDPTracerouteQueries:selectthischeckboxtoallowincomingWAN UDPtraceroutequeries AdditionalJnetPorts AllowJnetCommandsFromRemoteUpgradeServer:selectthischeckboxtoallowJnet commandsfromaremoteupgradeserver RemoteUpgradeServerURL:clickonthishyperlinktoroutetotheFirmwareupgradescreen intheMaintenancetabintheSystemarea(seesection9.8.5). EnableIncomingJnetRequeststoPort7020:selectthischeckboxtoenableincomingJnet requeststoport7020andthenclickonthishyperlinktoroutetotheSystemSettingsscreen intheSettingstabintheSystemarea(seesection9.2.1) AllowIncomingWANAccesstoJnet:selectthischeckboxtoallowincomingWANaccessto Jnet EnableIncomingJnetSSLRequeststoPort7021:selectthischeckboxtoenableincoming JnetSSLrequeststoport7021andthenclickonthishyperlinktoroutetotheSystem SettingsscreenintheSettingstabintheSystemarea(seesection9.2.1) AllowIncomingWANAccesstoJnetSSL:selectthischeckboxtoallowincomingWANaccess toJnetSSL

GlobeSurferIIIPage128of180

TECHNICALREFERENCEMANUAL

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

9.8.

Maintenance

AccessGlobeSurferIII'smaintenancesettingsbyclickingtheMaintenancetabintheSystemarea. Fromthisscreenyoucanclickonthetabsatthetoprighthandsidetoroutetothefollowingdetailed screens: AboutGlobeSurferIII(seesection9.8.1) ConfigurationFile(seesection9.8.2) Reboot(seesection9.8.3) RestoreFactorySettings(seesection9.8.4) Firmwareupgrade(seesection9.8.5) Diagnostics(seesection9.8.6)


9.8.1. AboutGlobeSurferIII

ToaccesstheAboutGlobeSurferIIIscreen,clicktheAboutGlobeSurferIIItabatthetoprighthand sideoftheMaintenancescreenintheSystemarea.

ThisscreenshowstechnicalinformationregardingGlobeSurferIIIincluding: SoftwareVersion ReleaseDate Platform Modemfirmwareversion HardwareVersion HardwareSerialNumber IMSI IMEI

GlobeSurferIIIPage129of180

TECHNICALREFERENCEMANUAL

ClickontheUpgradehyperlinkinthetoprighthandcornertoupgrade.ThisroutesyoutotheFirmware upgradescreenintheMaintenancetabintheSystemarea(seesection9.8.5). PresstheClosebuttontogobacktotheHomescreen.


9.8.2. ConfigurationFile

ToaccesstheConfigurationFilescreen,clicktheConfigurationFiletabatthetoprighthandsideofthe MaintenancescreenintheSystemarea.

ClicktheUploadConfigurationFilebuttontoloadaconfigurationfileandrestartGlobeSurferIII.This routesyoutotheUploadConfigurationFilescreen(seesection9.8.2.1). ClicktheDownloadConfigurationFilebuttontosaveacopyoftheconfigurationfile. PresstheClosebuttontogototheHomescreen.

9.8.2.1.

UploadConfigurationFile

ToaccesstheUploadConfigurationFilescreen,clicktheUploadConfigurationFilebuttoninthe ConfigurationFilescreen.

GlobeSurferIIIPage130of180

TECHNICALREFERENCEMANUAL

PressBrowsetolocatetheconfigurationfile. PresstheOKbuttontobegintheconfigurationfileuploadingprocess. PresstheCancelbuttontorejectchangesandgototheHomescreen.


9.8.3. Reboot

ToaccesstheRebootscreen,clicktheReboottabatthetoprighthandsideoftheMaintenancescreen intheSystemarea.

PresstheOKbuttontorebootGlobeSurferIII.Thismaytakeoneminute.Toreenterthemanagement consoleafterrebootingGlobeSurferIII,clockthebrowsersRefreshbutton. PresstheCancelbuttontocanceltherebootandgototheHomescreen.


9.8.4. RestoreFactorySettings

ToaccesstheRestoreFactorySettingsscreen,clicktheRestoreFactorySettingstabatthetopright handsideoftheMaintenancescreenintheSystemarea.

GlobeSurferIIIPage131of180

TECHNICALREFERENCEMANUAL

YoumaysometimeswishtorestoreGlobeSurferIIIsfactorydefaultsettingsThismayhappen,for example,whenyouwishtobuildanewnetworkfromthebeginning,orwhenyoucannotrecall changesmadetothenetworkandwishtogobacktothedefaultconfiguration. Note:Allwebbasedmanagementsettingsandparameters,notonlythoseintheAdvancedsection,will berestoredtotheirdefaultvalues.Thisincludestheadministratorpasswordauserspecified passwordwillnolongerbevalid. PresstheOKbuttontorestoreGlobeSurferIIIsconfigurationtothefactorydefaults. PresstheCancelbuttontocanceltherestoreandgototheHomescreen.


9.8.5. Firmwareupgrade

ToaccesstheFirmwareupgradescreen,clicktheFirmwareupgradetabatthetoprighthandsideof theMaintenancescreenintheSystemarea.

GlobeSurferIIIoffersabuiltinmechanismforupgradingitssoftware,withoutlosinganyofyour customconfigurationsandsettings.Thesoftwareisupgradedbyloadingasoftwareimagefilethatyou havepreviouslydownloadedfromtheInternetorreceivedonCD.

GlobeSurferIIIPage132of180

TECHNICALREFERENCEMANUAL

Note:Youcanonlyusefileswithanrmtextensionwhenperformingthefirmwareupgradeprocedure. Enterthepathofthesoftwareimagefile,orpresstheBrowsebuttontobrowseforthefirmware upgradefileonyourPC. PresstheOKbuttontobeginthefirmwareupgradingprocess. PresstheCancelbuttontocanceltheupgradeandgototheHomescreen. ThefilewillstartloadingintoyourGlobeSurferIII.Whenloadingiscompleted,aconfirmationscreen willappear,askingyouifyouwanttoupgradetothenewversion. PresstheOKbuttontobeginthefirmwareupgradingprocess.Theupgradeprocesswillbeginand shouldtakenolongerthanoneminutetocomplete. PresstheCancelbuttontocanceltheupgradeandgototheHomescreen. WhentheupgradingisreadytheGlobeSurferIIIwillautomaticallyreboot.Thenewsoftwareversion willrun,maintainingyourcustomconfigurationsandsettings.
9.8.6. Diagnostics

ToaccesstheDiagnosticsscreen,clicktheDiagnosticstabatthetoprighthandsideoftheMaintenance screenintheSystemarea.

TheDiagnosticsscreencanassistyouintestingnetworkconnectivityandviewingstatistics,suchasthe numberofpacketstransmittedandreceived,roundtriptimeandsuccessstatus.

GlobeSurferIIIPage133of180

TECHNICALREFERENCEMANUAL

Thefollowingdatacanbemodified: Ping(ICMPEcho):thiscanbeusedtodiagnosenetworkconnectivity: Destination:entertheIPaddressorURLtobetested Numberofpings:enterthenumberofpingsyouwouldliketoperform Status:showsthecurrentstatus PresstheGobuttontorunthepingdiagnostic.Inafewseconds,diagnosticstatisticswill bedisplayed.Ifnonewinformationisdisplayed,presstheRefreshbutton. AddressResolutionProtocol(ARP):thisisamethodforfindingahostshardwareaddresswhen onlyitsnetworklayeraddressisknown: Destination:entertheIPaddressorURLtobetested Status:showsthecurrentstatus PresstheGobuttontoruntheARPdiagnostic Traceroute:thiscanbeusedtoperformatraceroute: Destination:entertheIPaddressorURLtobetested Status:showsthecurrentstatus PresstheGobuttontorunthetraceroute.Thescreenwillbeconstantlyrefreshed.To stopthetraceandviewtheresults,presstheCancelbutton. PresstheClosebuttontogototheHomescreen. PresstheRefreshbuttontorefreshthescreenandupdatethestatusfields.

9.9.

ObjectsandRules

AccessGlobeSurferIII'sobjectsandrulessettingsbyclickingtheObjectsandRulestabintheSystem area. Fromthisscreenyoucanclickonthetabsatthetoprighthandsidetoroutetothefollowingdetailed screens: Protocols(seesection9.9.1) NetworkObjects(seesection9.9.2) SchedulerRules(seesection9.9.3) Certificates(seesection9.9.4)


9.9.1. Protocols

ToaccesstheProtocolsscreen,clicktheProtocolstabatthetoprighthandsideoftheObjectsand RulesscreenintheSystemarea.

GlobeSurferIIIPage134of180

TECHNICALREFERENCEMANUAL

TheProtocolsfeatureincorporatesalistofpresetanduserdefinedapplicationsandcommonport settings.YoucanuseprotocolsinvarioussecurityfeaturessuchasAccessControlandPortForwarding. Youmayaddnewprotocolstosupportnewapplicationsoreditexistingonesaccordingtoyourneeds. Foreachprotocolthefollowingdataisdisplayed: Protocols Ports Action:add,modifyordelete ClickonaProtocolhyperlinkortheediticoninthetabletomodifyanentry,orclickontheNewEntry hyperlinkortheaddicontoaddanentry.InbothcasesyouwillberoutedtotheEditServicescreen. PresstheClosebuttontogotothepreviousscreen. PresstheAdvancedbuttontodisplayanextendedversionofthescreenwithmoreprotocols. PresstheBasicbuttontodisplayalimitedversionofthescreenwithfewerprotocols.

GlobeSurferIIIPage135of180

TECHNICALREFERENCEMANUAL

Enterthefollowingdata: ServiceName:nameoftheservice ServiceDescription:descriptionoftheservice Foreachserverportthefollowingdataisdisplayed: Protocol ServerPorts Action:add,modifyordelete Foreachopenedportthefollowingdataisdisplayed: Protocol OpenedPorts Action:add,modifyordelete ClickonaProtocolhyperlinkortheediticonintheServerPortstabletomodifyanentry,orclickonthe NewServerPortshyperlinkortheaddicontoaddanentry.InbothcasesyouwillberoutedtotheEdit ServiceServerPortsscreen. ClickonaProtocolhyperlinkortheediticonintheOpenedPortstabletomodifyanentry,orclickon theNewOpenedPortshyperlinkortheaddicontoaddanentry.Inbothcasesyouwillberoutedtothe EditServiceOpenedPortsscreen. PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage136of180

TECHNICALREFERENCEMANUAL

Youmaychooseanyoftheprotocolsavailableinthedropdownlist,oraddanewonebyselecting Other.Whenselectingaprotocolfromthedropdownlist,thescreenwillrefresh,presentingthe appropriatefieldstoenterforthatprotocol.Selectaprotocolandentertherelevantinformation. Thefollowingfieldsshouldbeentered: Protocol:choosefromthedropdownlist: TCP,thenenter SourcePorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues DestinationPorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues UDP,thenenter SourcePorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues DestinationPorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues ICMP,thenenter ICMPMessagebychoosingfromthedropdownlist: EchoReply NetworkUnreachable HostUnreachable ProtocolUnreachable PortUnreachable DestinationNetworkUnknown DestinationHostUnknown RedirectforNetwork

GlobeSurferIIIPage137of180

TECHNICALREFERENCEMANUAL

RedirectforHost EchoRequest Other

GRE ESP AH Other,thenenter ProtocolNumber

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

Youmaychooseanyoftheprotocolsavailableinthedropdownlist,oraddanewonebyselecting Other.Whenselectingaprotocolfromthedropdownlist,thescreenwillrefresh,presentingthe appropriatefieldstoenterforthatprotocol.Selectaprotocolandentertherelevantinformation. Thefollowingfieldsshouldbeentered: Protocol:choosefromthedropdownlist: TCP,thenenter SourcePorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues DestinationPorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues SameasInitiatingPorts UDP,thenenter SourcePorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues

GlobeSurferIIIPage138of180

TECHNICALREFERENCEMANUAL

DestinationPorts,thenchoosefromthedropdownlist: Any Single,thenenterportnumber Range,thenenterrangevalues SameasInitiatingPorts ICMP,thenenter ICMPMessagebychoosingfromthedropdownlist: EchoReply NetworkUnreachable HostUnreachable ProtocolUnreachable PortUnreachable DestinationNetworkUnknown DestinationHostUnknown RedirectforNetwork RedirectforHost EchoRequest Other GRE ESP AH Other,thenenter ProtocolNumber

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.
9.9.2. NetworkObjects

ToaccesstheNetworkObjectsscreen,clicktheNetworkObjectstabatthetoprighthandsideofthe ObjectsandRulesscreenintheSystemarea.

NetworkObjectsisamethodusedtoabstractlydefineasetofLANhosts,accordingtooneormore

GlobeSurferIIIPage139of180

TECHNICALREFERENCEMANUAL

MACaddress,IPaddressandhostname.Definingsuchagroupcanassistwhenconfiguringsystem rules.Forexample,networkobjectscanbeusedwhenconfiguringGlobeSurferIII'ssecurityfiltering settingssuchasIPaddressfiltering,hostnamefilteringorMACaddressfiltering. YoucanusenetworkobjectsinordertoapplysecurityrulesbasedonhostnamesinsteadofIP addresses.Thismaybeuseful,sinceIPaddresseschangefromtimetotime.Moreover,itispossibleto definenetworkobjectsaccordingtoMACaddresses,makingruleapplicationmorepersistentagainst networkconfigurationsettings. Foreachnetworkobjectthefollowingdataisdisplayed: NetworkObject Items Action:add,modifyordelete ClickontheNewEntryhyperlinkortheaddicontoaddanentry.YouwillberoutedtotheEditNetwork Objectscreen(seebelow). PresstheClosebuttontogotothepreviousscreen

Enterthefollowingdata: Description:nameofthenetworkobject ClickontheNewEntryhyperlinkortheaddicontoaddanentry.YouwillberoutedtotheEditItem screen(seebelow). PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage140of180

TECHNICALREFERENCEMANUAL

Youmaychooseanyoftheobjecttypesavailableinthedropdownlist.Whenselectinganobjecttype fromthedropdownlist,thescreenwillrefresh,presentingtheappropriatefieldstoenterforthat objecttype.Selectanobjecttypeandentertherelevantinformation. Thesourceaddressshouldbeenteredinoneofthefollowing: NetworkObjectType:choosefromthedropdownlist: IPAddress,thenenter IPaddress IPSubnet,thenenter SubnetIPAddress SubnetMask IPRange,thenenter FromIPAddress ToIPAddress MACAddress,thenenter MACAddress MACMask HostName,thenenter HostName DHCPOption,thenchoosefromthedropdownlist: 60:VendorClassID 61:ClientID 77:UserClassID thenentertheappropriateID PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage141of180

TECHNICALREFERENCEMANUAL


9.9.3. SchedulerRules

ToaccesstheSchedulerRulesscreen,clicktheSchedulerRulestabatthetoprighthandsideofthe ObjectsandRulesscreenintheSystemarea.

Scheduler rules are used for limiting the activation of settings, such as firewall rules, to specific time periods,specifiedindaysoftheweek,andhours. Foreachschedulerrulethefollowingdataisdisplayed: Name Settings Status Action:add,modifyordelete Click on the New Entry hyperlink or the add icon to add an entry. You will be routed to the Edit SchedulerRulescreen(seebelow). PresstheClosebuttontogotothepreviousscreen. PresstheRefreshbuttontorefreshthescreen.

GlobeSurferIIIPage142of180

TECHNICALREFERENCEMANUAL

Enterthefollowingdata: Name:namefortherule RuleActivitysettings:choosefromthefollowingradiobuttonstospecifyiftherulewillbe active/inactiveduringthedesignatedtimeperiod: RulewillbeActiveattheScheduledTime RulewillbeInactiveattheScheduledTime ClickontheNewTimeSegmenthyperlinkortheaddicontoaddanentry.Youwillberoutedtothe EditTimeSegmentscreen(seebelow). PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

Enterthefollowingdata: DaysofWeek:selectdaysoftheweekwhentheruleshouldapply

GlobeSurferIIIPage143of180

TECHNICALREFERENCEMANUAL

ClickontheNewHoursRangehyperlinkortheaddicontoaddanentry.YouwillberoutedtotheEdit HourRangescreen(seebelow). PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

Thisscreenallowstheentryofthehoursduringthedaywhentheruleswillapply.Thefollowingfields shouldbeentered: StartTimeinhoursandminutes EndTimeinhoursandminutes PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

9.9.4. Certificates

9.9.4.1.

Overview

Publickeycryptographyusesapairofkeys:apublickeyandacorrespondingprivatekey.Thesekeys canplayoppositeroles,eitherencryptingordecryptingdata.Yourpublickeyismadeknowntothe world,whileyourprivatekeyiskeptsecret. Thepublicandprivatekeysaremathematicallyassociated;howeveritiscomputationallyinfeasibleto deducetheprivatekeyfromthepublickey.Anyonewhohasthepublickeycanencryptinformation thatcanonlybedecryptedwiththematchingprivatekey.Similarly,thepersonwiththeprivatekeycan encryptinformationthatcanonlybedecryptedwiththematchingpublickey. Technically,bothpublicandprivatekeysarelargenumbersthatworkwithcryptographicalgorithmsto produceencryptedmaterial.Theprimarybenetofpublickeycryptographyisthatitallowspeople whohavenopreexistingsecurityarrangementtoauthenticateeachotherandexchangemessages securely.

GlobeSurferIIIPage144of180

TECHNICALREFERENCEMANUAL

GlobeSurferIIImakesuseofpublickeycryptographytoencryptandauthenticatekeysforthe encryptionofWirelessandVPNdatacommunication,theWebBasedManagement(WBM)utility,and securedtelnet.

9.9.4.2.

DigitalCerticates

Whenworkingwithpublickeycryptography,youshouldbecarefulandmakesurethatyouareusing thecorrectpersonspublickey.Maninthemiddleattacksposeapotentialthreat,whereanill intending3rdpartypostsaphoneykeywiththenameanduserIDofanintendedrecipient.Data transferthatisinterceptedbytheownerofthecounterfeitkeycanfallinthewronghands.Digital certicatesprovideameansforestablishingwhetherapublickeytrulybelongstothesupposedowner. Itisadigitalformofcredential.Ithasinformationonitthatidentiesyou,andanauthorisedstatement totheeffectthatsomeoneelsehasconrmedyouridentity. Digitalcerticatesareusedtofoilattemptsbyanillintendingpartytouseanunauthorizedpublickey. Adigitalcerticateconsistsofthefollowing: Apublickey Certicateinformation:theidentityoftheuser,suchasname,userIDandsoon. Digitalsignatures:astatementstatingthattheinformationenclosedinthecerticatehasbeen vouchedforbyaCerticateAuthority(CA). Bindingthisinformationtogether,acerticateisapublickeywithidenticationformsattached, coupledwithastampofapprovalbyatrustedparty.

9.9.4.3.

X.509CerticateFormat

GlobeSurferIIIsupportsX.509certicatesthatcomplywiththeITUTX.509internationalstandard.An X.509certicateisacollectionofastandardsetofeldscontaininginformationaboutauserordevice andtheircorrespondingpublickey.TheX.509standarddeneswhatinformationgoesintothe certicate,anddescribeshowtoencodeit(thedataformat).AllX.509certicateshavethefollowing data: Thecerticateholderspublickey,togetherwithanalgorithmidentierthatspecieswhich cryptosystemthekeybelongstoandanyassociatedkeyparameters. Theserialnumberofthecerticate:theentity(applicationorperson)thatcreatedthe certicateisresponsibleforassigningitauniqueserialnumbertodistinguishitfromother certicatesitissues.Thisinformationisusedinnumerousways;forexamplewhenacerticate isrevoked,itsserialnumberisplacedonaCerticateRevocationList(CRL). Thecerticateholdersuniqueidentier:thisnameisintendedtobeuniqueacrosstheInternet. ADNconsistsofmultiplesubsectionsandmaylooksomethinglikethis:CN=OptionWireless SwedenAB,EMAIL=info@option.com,OU=DevelopmentDepartment,O=OptionWireless

GlobeSurferIIIPage145of180

TECHNICALREFERENCEMANUAL

SwedenAB,C=SE.(TheserefertothesubjectsCommonName,OrganizationalUnit, OrganizationandCountry.) Thecerticatesvalidityperiod:thecerticatesstartdate/timeandexpirationdate/time indicateswhenthecerticatewillexpire. Theuniquenameofthecerticateissuer:theuniquenameoftheentitythatsignedthe certicate.ThisisnormallyaCA.Usingthecerticateimpliestrustingtheentitythatsignedthis certicate.(Notethatinsomecases,suchasrootortoplevelCAcerticates,theissuersignsits owncerticate.) Thedigitalsignatureoftheissuer:thesignatureusingtheprivatekeyoftheentitythatissued thecerticate. Thesignaturealgorithmidentier:identiesthealgorithmusedbytheCAtosignthecerticate.

GlobeSurfer III Certicate Stores


GlobeSurferIIImaintainstwocerticatestores: GlobeSurferIIILocalStore:thisstorecontainsalistofapprovedcerticatesthatareusedto identifyGlobeSurferIIItoitsclients.Thelistalsoincludescerticaterequeststhatarependinga CAsendorsement.YoucanobtaincerticatesforGlobeSurferIIIusingthefollowingmethods: RequestinganX509Certicate:thismethodcreatesbothaprivateandamatchingpublickey. ThepublickeyisthensenttotheCAtobecertied. CreatingaSelfSignedCerticate:thismethodisthesameasrequestingacerticate,onlythe authenticationofthepublickeydoesnotrequireaCA.Thisismainlyintendedforusewithin smallorganizations. LoadingaPKCS#12FormatCerticate:thismethodloadsacerticateusinganalreadyavailable andcertiedsetofprivateandpublickeys. CerticateAuthority(CA)Store:thisstorecontainsalistofthetrustedcerticateauthorities,which isusedtocheckcerticatespresentedbyGlobeSurferIIIclients.

9.9.4.4.

RequestinganX509Certicate

ToobtainanX509certicate,youmustaskaCAtoissueyouone.Youprovideyourpublickey,proof thatyoupossessthecorrespondingprivatekey,andsomespecicinformationaboutyourself.Youthen digitallysigntheinformationandsendthewholepackagethecerticaterequesttotheCA.TheCA thenperformssomeduediligenceinverifyingthattheinformationyouprovidediscorrectand,ifso, generatesthecerticateandreturnsit.

GlobeSurferIIIPage146of180

TECHNICALREFERENCEMANUAL

You might think of an X509 certicate as looking like a standard paper certicate with a public key tapedtoit.Ithasyournameandsomeinformationaboutyouonit,plusthesignatureoftheperson whoissuedittoyou. ClicktheCerticatestabinthetoprighthandcorneroftheObjectsandRulesscreenintheSystem area.TheGlobeSurferIIIsLocalscreenwillappear.

ClicktheCreateCerticateRequestbutton.TheCreateX509Requestscreenwillappear.

Enterthefollowingcerticationrequestparameters: CerticateName Subject Organization State Country ClicktheGeneratebutton.Ascreenwillappearstatingthatthecerticationrequestisbeinggenerated.

GlobeSurferIIIPage147of180

TECHNICALREFERENCEMANUAL

Afterashortwhile,presstheRefreshbutton,untiltheSaveCerticateRequestscreenappears. ClicktheSaveCerticateRequestbuttonandsavetherequesttoale. ClicktheClosebutton.ThemainGlobeSurferIIIsLocalscreenwillreappear,listingyourcerticateas Unsigned. Inthisstate,therequestlemaybeopenedatanytimebypressingtheSaveiconundertheAction columnandthenOpeninthedialoguebox(Windowsonly). AfterreceivingareplyfromtheCAinformofa.pemle,clicktheUploadCerticatelink.TheLoad GlobeSurferIIIsLocalCerticatescreenwillappear.

UsetheBrowsebuttontobrowsetothesignedcerticate.pemle.Leavethepasswordentryempty andpressLoadtoloadthesignedcerticate.TheGlobeSurferIIIsLocalscreenwillappear,displaying thecerticatenameandissuer.

GlobeSurferIIIPage148of180

TECHNICALREFERENCEMANUAL

YoucanclicktheSaveiconundertheActioncolumn,andthenOpeninthedialogueboxtoviewthe Certicatewindow(Windowsonly)boxtosavethecerticatetoale.

YoucanalsoclicktheEditiconundertheActioncolumntoviewtheCerticateDetailsscreen.

GlobeSurferIIIPage149of180

TECHNICALREFERENCEMANUAL

9.9.4.5.

CreatingaSelfSignedCerticate

AdefaultselfsignedcertificateisincludedinGlobeSurferIII,inordertoenablecertificatedemanding servicessuchasHTTPS.Notethatifdeleted,thiscertificateisrestoredwhenGlobeSurferIII'sRestore FactorySettingsoperationisrun(seesection9.8.4). Tocreateaselfsignedcerticate,clicktheCerticatestabinthetoprighthandcorneroftheObjects andRulesscreenintheSystemarea.TheGlobeSurferIIIsLocalscreenwillappear.

ClicktheCreateSelfSignedCerticatebutton.TheCreateSelfSignedX509Certicatescreenwill appear.

GlobeSurferIIIPage150of180

TECHNICALREFERENCEMANUAL

Enterthefollowingcerticationrequestparameters: CerticateName Subject Organization State Country ClicktheGeneratebutton.Ascreenwillappearstatingthatthecerticationrequestisbeinggenerated.

Afterashortwhile,presstheRefreshbutton,untiltheCerticateDetailsscreenappears.

GlobeSurferIIIPage151of180

TECHNICALREFERENCEMANUAL

ClicktheOK.ThemainGlobeSurferIIIsLocalscreenwillreappear,displayingthecerticatenameand issuer.

9.9.4.6.

LoadingaPKCS#12FormatCerticate

YoucanalsoloadcerticatesinPKCS#12format(usuallystoredin.p12les)toGlobeSurferIIIs certicatestore.Youmustrstobtainthe.p12le,containingtheprivateandpublickeysandoptional CAcerticates. ClicktheCerticatestabinthetoprighthandcorneroftheObjectsandRulesscreenintheSystem area.TheGlobeSurferIIIsLocalscreenwillappear.

GlobeSurferIIIPage152of180

TECHNICALREFERENCEMANUAL

ClicktheUploadCerticatelink.TheLoadGlobeSurferIIIsLocalCerticatescreenwillappear.

UsetheBrowsebuttontobrowsetothe.p12file.Iftheprivatekeyisencryptedusingapassword,type itinthepasswordentry(otherwiseleavetheentryempty)andpressLoadtoloadthecertificate.The GlobeSurferIIIsLocalscreenwillappear,displayingthecertificatenameandissuer.

Ifthe.p12filecontainedanyCAcertificates,theywillbedisplayedintheCAstore(clicktheCAstabto viewtheCAcertificates.

GlobeSurferIIIPage153of180

TECHNICALREFERENCEMANUAL

10. Shortcuts
This page displays icon shortcuts in alphabetical order for many of the GlobeSurfer III functions to enablequickandeasyaccesstoallareas.

Clickontheshortcutyourequire,andyouwillberoutedimmediatelytothecorrectpage. Shortcutsavailableare: About BGPOSPF BackupandRestore Certificates ConfigurationFile DNSServer

GlobeSurferIIIPage154of180

TECHNICALREFERENCEMANUAL

Diagnostics FileServer Firewall FirmwareUpgrade IPAddressDistribution IPSec L2TPServer NetworkConnections NetworkMonitor NetworkObjects PPPoERelay PPTPServer PersonalDomainName(DynamicDNS) PrintServer Protocols Reboot RemoteAdministration RestoreFactorySettings Routing SIMsetup Scheduler SharedStorage SimpleNetworkManagementProtocol(SNMP) SystemLog SystemSettings TimeSettings Unlockdevice Users WINSServer

GlobeSurferIIIPage155of180

TECHNICALREFERENCEMANUAL

11. Telephone
GlobeSurfer III is equipped with a telephony connector and can replace a regular fixed line service (POTS). In order to setup fixed line telephony to make phone calls through GlobeSurfer III, connect GlobeSurfer III to the first telephony plug. Note that you should configure your country in the GlobeSurferIIIInstallationwizard,seesection4.3. Fromthisscreenyoucanclickonthetabsatthetoplefthandsidetoroutetothefollowingdetailed screens: Missedcallslistofcallsreceivedbutnotanswered(seesection11.1) Incomingcallslistofcallsreceivedandanswered(seesection11.2) Outgoingcallscallsinitiatedfromyourphones(seesection11.3) Telephonesettingscontrolsbehaviouroffixedlinetelephony(seesection11.4) CallForwardingallowsyoutoforwardcallstoothernumbers(seesection11.5) CallWaitingallowsyoutoactivateordeactivatecallwaiting(seesection11.6) CallerIDallowsyoutoidentifythetelephonenumberofcaller(seesection11.7) SIMsetupallowsyoutochangeorenabletheSIMPINnumber(seesection11.8)

11.1. Missedcalls
TheMissedcallsscreenshowsalistofcalls,withCallerIDifreceived,thatwerenotansweredincluding atimestampoftheevent.ByclickingClearLogyouwillerasethehistoryofmissedcalls.

11.2. Incomingcalls
The Incoming calls screen shows calls, with Caller ID if received, that were received and answered including a time stamp and duration of the event. By clicking Clear Log you will erase the history of incomingcalls.

GlobeSurferIIIPage156of180

TECHNICALREFERENCEMANUAL

11.3. Outgoingcalls
The Outgoing calls screen shows calls, with Caller ID, that have been initiated from your telephones usingGlobeSurferIIIincludingatimestampanddurationoftheevent.ByclickingClearLogyouwill erasethehistoryofoutgoingcalls.

11.4. Telephonesettings
TheTelephonesettingsscreencontrolsthebehaviourofthefixedlinetelephonysupport ofGlobeSurferIII.

UsetheTelephonesettingsscreentomakethefollowingsettings: CallerID:selectfromthefollowingoptions: o ETSIDTMF o ETSIFSKringpulse o ETSIFSKdualtone o ETSIFSKLinereversal+dualtone o ETSIFSKduringring o Bellcore o Australia

GlobeSurferIIIPage157of180

TECHNICALREFERENCEMANUAL

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheApplybuttontoapplychangesandstayonthisscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

InternationalDialingCode:entertheprefixforthecountry Diallingtimeout(seconds):typeinthenumberofsecondstosetthedelaybetweenpressingadial keyonphoneandwhenthecallisplaced Use#toenddialling:clickingthischeckboxallowsyoutopressthe#keyinsteadofwaitingforthe timeout Calllog:clickingthischeckboxkeepsalogofincoming,outgoingandmissedcalls

11.5. CallForwarding
TheCallForwardingscreenallowsyoutoforwardcallstoothernumberswhenthereisnoanswer,or thenumberisunreachableorbusy.

UsetheCallForwardingscreentomakethefollowingsettings: Deactivateall:clickingthisbuttonwilldeactivateallthecallforwardingsetuponthepage,forall calls,noanswer,unreachableandbusycalls Clearallnumbers:clickingthisbuttonwilldeleteallthetelephonenumberssetuponthepagefor allcalls,noanswer,unreachableandbusycalls Checkall:clickingthisbuttonwillcheckallthestatusesonthepageforallcalls,noanswer, unreachableandbusycalls

GlobeSurferIIIPage158of180

TECHNICALREFERENCEMANUAL

Allcalls:thefollowingoptionsapplytoallcalls: o Activate:clickingthisbuttonwillforwardallcallstothenumberprovided o Deactivate:clickingthisbuttonwillstoptheforwardingofallcalls o Clearnumber:clickingthisbuttonwilldeletethenumberprovided o Number:enterthephonenumbertoforwardallcallsto o Status:displaysthestatusofallcallforwardingasActivatedorDeactivated Noanswer:thefollowingoptionsapplytounansweredcalls: o Activate:clickingthisbuttonwillforwardunansweredcallstothenumberprovided o Deactivate:clickingthisbuttonwillstoptheforwardingofunansweredcalls o Clearnumber:clickingthisbuttonwilldeletethephonenumberprovided o Number:enterthephonenumbertoforwardunansweredcallsto o Status:displaysthestatusofunansweredcallforwardingasActivatedorDeactivated Unreachable:thefollowingoptionsapplytocallswhenthenumberisunreachable: o Activate:clickingthisbuttonwillforwardunreachablecallstothephonenumber provided o Deactivate:clickingthisbuttonwillstoptheforwardingofunreachablecalls o Clearnumber:clickingthisbuttonwilldeletethephonenumberprovided o Number:enterthephonenumbertoforwardcallstowhenthenumberisunreachable o Status:displaysthestatusofunreachablecallforwardingasActivatedorDeactivated Busy:thefollowingoptionsapplytocallswhenthenumberisbusy: o Activate:clickingthisbuttonwillforwardbusycallstothephonenumberprovided o Deactivate:clickingthisbuttonwillstoptheforwardingofbusycalls o Clearnumber:clickingthisbuttonwilldeletethephonenumberprovided o Number:enterthephonenumbertoforwardcallstowhenthenumberisbusy o Status:displaysthestatusofbusycallforwardingasActivatedorDeactivated

PresstheRefreshbuttontorefreshthescreen.

11.6. CallWaiting
TheCallWaitingscreenallowsyoutoactivateordeactivatecallwaitingfunctionality.

GlobeSurferIIIPage159of180

TECHNICALREFERENCEMANUAL

UsetheCallWaitingscreentomakethefollowingsettings: CallWaiting:displaysthestatusofthecallwaitingfunctionalityasActivatedorDeactivated Activate:clickingthisbuttonwillactivatecallwaiting Deactivate:clickingthisbuttonwilldeactivatecallwaiting PresstheRefreshbuttontorefreshthescreen.

11.7. CallerID
TheCallerIDscreenallowsthesystemtoidentifythetelephonenumberofthecalleroneitherinbound oroutboundcalls.

UsetheCallerIDscreentomakethefollowingsettings: Incomingidentification:thefollowingoptionsapplytoincomingtelephonecalls: o Status:displaysOnorOff o Activate:clickingthisbuttonwillactivateidentificationofcallerforincomingcalls o Deactivate:clickingthisbuttonwilldeactivateidentificationofcallerforincomingcalls Outgoingidentification:thefollowingoptionsapplytooutgoingtelephonecalls: o Status:displaysOnorOff o Activate:clickingthisbuttonwillactivateidentificationofcallerforoutgoingcalls o Deactivate:clickingthisbuttonwilldeactivateidentificationofcallerforoutgoingcalls PresstheRefreshbuttontorefreshthescreen.

11.8. SIMsetup
TheSIMcardintheGlobeSurferIIIrequiresaPINcodetobeenteredbeforeitcanbeused.ThePIN codeyoureceivefromyourISPcanbechangedtoaPINcodeofyourown.BydefaultthePINcodeis

GlobeSurferIIIPage160of180

TECHNICALREFERENCEMANUAL

requiredbutitcanbestoredintheGlobeSurferIIIafterthefirstusesothatyoudonthavetoenterit morethanonce.Thesesettingscanbechangedbutnotethatyoushoulddisconnectbeforedoingany changestotheSIMsetup. Fromthisscreenyoucanclickonthetabsatthetoprighthandsidetoroutetothefollowingdetailed screens: SIMPINchangechangethePINonyourSIMcard(seesection11.8.1) SIMPINenableactivatestheuseofaPINontheSIMcard(seesection1.1.1) SIMPIN2changechangethePIN2onyourSIMcard(seesection11.8.3) Unlockdeviceifyourdeviceislocked,itcanbeunlockedfromhere(seesection1.1.1)


11.8.1. SIMPINchange

TochangethePINofyourSIMcardorsavethePINonGlobeSurferIII,performthefollowing: EnterthePINcodeinthefirstfieldtobeabletochangeanysettings. TobeforcedtoenterthePINcodeeachtimetheGlobeSurferIIIisstarted,deselecttheEnabled checkboxatSavePIN. IfyouwanttochangethePINcode,enteranewPINcodeintheNewPINcodeandVerifynewPIN codefields.

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen.

GlobeSurferIIIPage161of180

TECHNICALREFERENCEMANUAL


11.8.2. SIMPINenable

UsetheSIMPINenablescreentomakethefollowingchanges: PINcode:enterthePINcodeyouwishtouse PINenabled:clickingthischeckboxenablesthePINonyourSIMcardtodisablethePIN,deselect thecheckbox PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

11.8.3. SIMPIN2change

UsetheSIMPIN2changescreentomakethefollowingchanges: NewPIN2code:enterthenewPINcodeyouwishtouse VerifynewPIN2code:enterthenewPINcodeagainexactlyasbeforetoconfirmtheentry PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage162of180

TECHNICALREFERENCEMANUAL


11.8.4. Unlockdevice

IncasetheGlobeSurferIIIislockedtoaspecificISP,itcanbeunlockedwithacodethatyoushouldbe able to get from your ISP. Normally there are certain conditions that must be fulfilled to be able to unlockthedevice.

TounlocktheGlobeSurferIII: ClicktheUnlockdevicetabiftheGlobeSurferIIIreallyislocked,theUnlockdevicescreenwill appear. Unlockcode:theunlockcodefromyourISP.

PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

12. SMS
TheGlobeSurferIIIcansendandreceiveSMStextmessages.Itsupportsbothincomingandoutgoing concatenatedmessages,anditcansendflashSMSs. WhentheGlobeSurferIIIreceivesanewSMStextmessage,thisisindicatedbyanenvelopesymbol shownontheGlobeSurferIIIdisplay. Fromthisscreenyoucanclickonthetabsatthetoplefthandsidetoroutetothefollowingdetailed screens:

SMScreateallowsyoutotypeinanewSMSmessage(seesection12.1) InboxSMSsreceived+abilitytoreply/delete/archive/forward(seesection12.2) OutboxlistofSMSsinoutbox(seesection12.3) SentlistofSMSssentout+abilitytodelete/forward/archive(seesection12.4) DraftslistofSMSssavedasdraftsandnotyetsentout(seesection12.5) TemplateslistofSMSsthatcanbeusedastemplateforfuture(seesection12.6) ArchivelistofarchivedinboundorsentSMSs(seesection12.7) SIMcardlistofSMSsstoredonSIMcardinGlobeSurferIII(seesection12.8) SettingssetSMSCnumbertosendSMSsfromGlobeSurferIII(seesection12.9)

GlobeSurferIIIPage163of180

TECHNICALREFERENCEMANUAL

12.1. SMSCreate
CreatingandsendingSMStextmessages: SelecttheSMSCreatetab. TypeyourmessagetextintheSMSmessagefield. TheCharactersleftfieldshowshowmuchspaceisleft. EnterthemobilenumberofthepersonyouwanttocontactinthePhonenumbersfield.Usethe standardmobilenumberformat:+4976123456forinternational,and076123456fornational numbers. Tip:Youcanenterseveralnumbersseparatedbycommas(nospacesallowed),uptoamaximumoften phonenumbers.

YoucanselecttheFlashSMSEnabledcheckboxifyouwantthemessagetextdisplayedimmediately whenreceived(notsupportedbyallphones). ClickSendSMSwhenreadytosend.Youwillberedirectedtoanintermediatepagethatgivesyou informationaboutthesendprogress.AftertheSMStextmessagehasbeensuccessfullysent,itwill bestoredintheSentfolder,seesection12.4.Alternativelyyoucan: ClickSaveasdrafttosaveintheDraftsfolderforcompletionlater,seesection12.5. ClickSaveastemplatetosavethemessageasatemplateforfutureuse,seesection12.6.

Tip:GlobeSurferIIIsupportsconcatenatedSMS,whichworksasfollows:ifyouwanttosendalonger thanstandardSMSof160charactersyoucantypealmosttheequivalentof4standardmessages(upto 609characters).Whenyousendthemessageitwillbecountedasseparatemessages. Note: When you send an SMS, you may incur a charge depending on your subscription with your mobileoperator. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage164of180

TECHNICALREFERENCEMANUAL

12.2. Inbox
HandlingSMStextmessagesintheInbox: SelecttheInboxtabtodisplaythemessages,withunreadmessageinbold.

ClicktheSMSthatyouwanttoread.Themessagetextisshown.

WhenyouhavereadtheSMSyoucanclickon: Reply:themessagetextisdisplayedintheSMScreatetabwiththephonenumberofthesender alreadyfilledin. Delete:theSMSispermanentlyremovedwithoutconfirmation. Savetoarchive:theSMSismovedtotheArchivetab,seesection12.7. Forward:themessagetextisdisplayedintheSMScreatetabreadyforyoutoenteraphone number.

PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen. TodeleteanSMSfromthelistofmessagesintheInboxtab: SelecttheInboxtab. ClicktheRemoveiconforthemessagethatyouwanttodelete;theSMSispermanentlyremoved withoutconfirmation.

GlobeSurferIIIPage165of180

TECHNICALREFERENCEMANUAL

12.3. Outbox
AfteraSMStextmessagehasbeensentfromyourGlobeSurferIIIitwillbestoredtemporarilyinthe Outboxfolderuntilitissent.

12.4. Sent
AfteraSMStextmessagehasbeensentfromyourGlobeSurferIIIitwillbestoredintheSentfolder. From here it is possible to open any sent message and choose to delete, forward or save it to the archive(seesection12.7).

12.5. Drafts
WhilecreatinganewSMStextmessagefromtheSMScreatetabitispossibletochoosetosaveitas draft instead of sending it directly. This SMS will then be accessible from the Drafts folder. When clickingonanSMSintheDraftsfolder,youwillbedirectedbacktotheSMScreatetabwhereitcanbe finalised. Note that when an SMS text message in the Drafts folder has been opened and then sent, it will be removedfromtheDraftsfolder.

GlobeSurferIIIPage166of180

TECHNICALREFERENCEMANUAL

12.6. Templates
From the SMS create tab it is possible to choose to save a text message as a template instead of sendingitdirectly.Whenamessageissavedasatemplate,itcanbeloadedfromtheTemplatesfolder. ThisisconvenientwhenSMSmessagesareoftensenttothesamerecipientorwithsimilarcontent. Toremoveatemplate,simplyclicktheremoveiconforthatspecifictemplate.

12.7. Archive
SMStextmessagesfromInboxorSentfolderscanbestoredinthearchive.WhenselectingtheArchive tab,storedmessagesarelistedanditispossibletoopenanymessageandchoosetodelete,forwardor replytothatmessage.

12.8. SIMcard
The SIM card tab shows SMS text messages that are stored on the SIM card inserted in the GlobeSurferIII.AfteropeninganSMSfromtheSIMcardfolderyoucanchoosetodeleteit,replytoit, forwarditorsaveittotheArchivefolder.

GlobeSurferIIIPage167of180

TECHNICALREFERENCEMANUAL

12.9. Settings
OntheSettingstabitispossibletodefinetheSMSCnumberwhichisthenumbertotheShortMessage ServiceCentrethatwillbeusedforsendingSMSmessagesfromyourGlobeSurferIIIunit.Thisnumber isusuallyalreadyfilledinbydefault,butifnecessaryyoucanusetheSettingstabtochangeit. PresstheOKbuttontoapplychangesandgobacktothepreviousscreen. PresstheCancelbuttontorejectchangesandgobacktothepreviousscreen.

GlobeSurferIIIPage168of180

TECHNICALREFERENCEMANUAL

ListofAcronyms
ALGApplicationLevelGateway APIApplicationProgrammingInterface CPECustomerPremiseEquipment DHCPDynamicHostCongurationProtocol DMZDemilitarizedZone DNSDomainNameSystem DOCSISDataOverCableServiceInterfaceSpecication DSLDigitalSubscriberLine FTPFileTransferProtocol HomePNAHomePhonelineNetworkAlliance HTTPHyperTextTransportProtocol IADIntegratedAccessDevice ICMPInternetControlMessageProtocol IGMPInternetGroupMulticastProtocol IPInternetProtocol IPSecIPSecurity LANLocalAreaNetwork MACMediaAccessControl MTUMaximumTransmissionUnit NAPTNetworkAddressPortTranslation OAMOperationsandMaintenance OEMOriginalEquipmentManufacturer

GlobeSurferIIIPage169of180

TECHNICALREFERENCEMANUAL

PDAPersonalDigitalAssistant POP3PostOfceProtocol3 POTSPlainOldTelephonyService PPPPointtoPointProtocol PPTPPointtoPointTunnellingProtocol RGResidentialGateway RIPRoutingInformationProtocol SNMPSimpleNetworkManagementProtocol SPIStatefulPacketInspection TCPTransmissionControlProtocol TFTPTrivialFileTransferProtocol UDPUserDatagramProtocol UPnPUniversalPlugandPlay URLUniversalResourceLocator USBUniversalSerialBus VPNVirtualPrivateNetwork WANWideAreaNetwork

GlobeSurferIIIPage170of180

TECHNICALREFERENCEMANUAL

Glossary
100BaseTAlsoknownasFastEthernet,anEthernetcablestandardwithadatatransferrateofupto 100Mbps. 10BaseTAnolderEthernetcablestandardwithadatatransferrateofupto10Mbps. 802.11,802.11bAfamilyofIEEE(InstituteofElectricalandElectronicsEngineers)denedspecications for wireless networks. Includes the 802.11b standard, which supports highspeed (up to 11 Mbps) wirelessdatatransmission. 802.3 The IEEE (Institute of Electrical and Electronics Engineers dened specication that describes thecharacteristicsofEthernet(wired)connections. AccesspointAdevicethatexchangesdatabetweencomputersonanetwork.Anaccesspointtypically doesnothaveanyFirewallorNATcapabilities. AdhocnetworkAsolelywirelesscomputertocomputernetwork.Unlikeaninfrastructurenetwork,an adhocnetworkdoesnotincludeagatewayrouter. Adapter Also known as a network interface card (NIC). An expansion card or other device used to providenetworkaccesstoacomputer,printer,orotherdevice. AdministratorApersonresponsibleforplanning,conguring,andmanagingthedaytodayoperation ofacomputernetwork.Thedutiesofanadministratorincludeinstallingnewworkstationsandother devices, adding and removing individuals from the list of authorized users, archiving les, overseeing passwordprotectionandothersecuritymeasures,monitoringusageofsharedresources,andhandling malfunctioningequipment. AuthenticationTheprocessofidentifyinganindividual,usuallybasedonausernameandpassword.In securitysystems,authenticationisdistinctfromauthorization,whichistheprocessofgivingindividuals accesstosystemobjectsbasedontheiridentity.Authenticationmerelyensuresthattheindividualis whoheorsheclaimstobe,butsaysnothingabouttheaccessrightsoftheindividual. BandwidthTheamountofinformation,orsizeofle,thatcanbesentthroughanetworkconnectionat onetime.Aconnectionwithmorebandwidthcantransferinformationmorequickly. Bridge A device that forwards packets of information from one segment of a network to another. A bridgeforwardsonlythosepacketsnecessaryforcommunicationbetweenthesegments. Broadband connection A highspeed connection, typically 256 Kbps or faster. Broadband services includecablemodemsandDSL. Broadband modem A device that enables a broadband connection to access the Internet. The two most common types of broadband modems are cable modems, which rely on cable television infrastructure,andDSLmodems,whichrelyontelephonelinesoperatingatDSLspeeds.

GlobeSurferIIIPage171of180

TECHNICALREFERENCEMANUAL

Broadcast Broadcasting sends a message to everyone on the network whereas multicasting sends a messagetoaselectlistofrecipients. BusAsetofhardwarelinesusedfordatatransferamongthecomponentsofacomputersystem.Abus essentially allows different parts of the system to share data. For example, a bus connects the disk drivecontroller,memoryandinput/outputportstothemicroprocessor. CablemodemAdevicethatenablesabroadbandconnectiontoaccesstheInternet.Cablemodemsrely on cable television infrastructure, in other words, the data travels on the same lines as your cable television. Caller ID A service within telephony networks that enables the receiver of a call to see the number calling. CAT5cableAbbreviationforCategory5cable.AtypeofEthernetcablethathasamaximumdatarate of100Mbps. ChannelApathorlinkthroughwhichinformationpassesbetweentwodevices. CHAP Challenge Handshake Authentication Protocol, a type of authentication in which the authenticationagent(typicallyanetworkserver)sendstheclientprogramarandomvaluethatisused onlyonceandanIDvalue.Thesenderandpeermustshareapredenedsecret. Client Any computer or program that connects to, or requests the services of, another computer or programonanetwork.ForalocalareanetworkortheInternet,aclientisacomputerthatusesshared networkresourcesprovidedbyaserver. Client/servernetworkAnetworkoftwoormorecomputersthatrelyonacentralservertomediate theconnectionsorprovideadditionalsystemresources.Thisdependenceonaserverdifferentiatinga client/servernetworkfromapeertopeernetwork. Computer name A name that uniquely identies a computer on the network so that all its shared resources can be accessed by other computers on the network. One computer name cannot be the sameasanyothercomputerordomainnameonthenetwork. CrossovercableAtypeofcablethatfacilitatesnetworkcommunications.Acrossovercableisacable thatisusedtointerconnecttwocomputersbycrossingover(reversing)theirrespectivepincontacts. DHCPAcronymforDynamicHostCongurationProtocol.ATCP/IPprotocolthatautomaticallyassigns temporaryIPaddressestocomputersonalocalareanetwork(LAN).GlobeSurferIIIsupportstheuse ofDHCP.YoucanuseDHCPtoshareoneInternetconnectionwithmultiplecomputersonanetwork. Dialup connection An Internet connection of limited duration that uses a public telephone network ratherthanadedicatedcircuitorsomeothertypeofprivatenetwork. DMZ Acronym for demilitarized zone. A collection of devices and subnets placed between a private

GlobeSurferIIIPage172of180

TECHNICALREFERENCEMANUAL

networkandtheInternettohelpprotecttheprivatenetworkfromunauthorizedInternetusers. DNS Acronym for Domain Name System. A data query service chiey used on the Internet for translating host names into Internet addresses. The DNS database maps DNS domain names to IP addresses,sothatuserscanlocatecomputersandservicesthroughuserfriendlynames. Domain In a networked computer environment, a collection of computers that share a common domain database and security policy. A domain is administered as a unit with common rules and procedures,andeachdomainhasauniquename. Domain name An address of a network connection that identies the owner of that address in a hierarchical format: server.organization.type. For example, www.whitehouse.gov identies the Web serverattheWhiteHouse,whichispartoftheU.S.government. DriveAnareaofstoragethatisformattedwithalesystemandhasadriveletter.Thestoragecanbea oppy disk (which is often represented by drive A), a hard disk (usually drive C), a CDROM (usually drive D), or another type of disk. You can view the contents of a drive by clicking the drives icon in Windows Explorer or My Computer. Drive C (also known as the hard disk), contains the computers operatingsystemandtheprogramsthathavebeeninstalledonthecomputer.Italsohasthecapacity tostoremanyofthelesandfoldersthatyoucreate. DriverWithinanetworkingcontext,adevicethatmediatescommunicationbetweenacomputeranda networkadapterinstalledonthatcomputer. DSLAcronymforDigitalSubscriberLine.Aconstant,highspeeddigitalconnectiontotheInternetthat usesstandardcoppertelephonewires. DSLmodemAdevicethatenablesabroadbandconnectiontoaccesstheInternet.DSLmodemsrelyon telephonelinesthatoperateatDSLspeeds. Duplex A mode of connection. Fullduplex transmission allows for the simultaneous transfer of informationbetweenthesenderandthereceiver.Halfduplextransmissionallowsforthetransferof informationinonlyonedirectionatatime. DynamicIPaddressTheIPaddressassigned(usingtheDHCPprotocol)toadevicethatrequiresit.A dynamicIPaddresscanalsobeassignedtoagatewayorrouterbyanISP. EdgecomputerThecomputeronanetworkthatconnectsthenetworktotheInternet.Otherdevices onthenetworkconnecttothiscomputer.Thecomputerrunningthemostcurrent,reliableoperating systemisthebestchoicetodesignateastheedgecomputer. EncryptionThetranslationofdataintoasecretcode.Encryptionisthemosteffectivewaytoachieve datasecurity.Toreadanencryptedle,youmusthaveaccesstoasecretkeyorpasswordthatenables youtodecryptit.

GlobeSurferIIIPage173of180

TECHNICALREFERENCEMANUAL

Ethernet A networking standard that uses cables to provide network access. Ethernet is the most widelyinstalledtechnologytoconnectcomputerstogether. EthernetcableAtypeofcablethatfacilitatesnetworkcommunications.AnEthernetcablecomesina coupleofavors.thereistwistedpair,andcoaxEthernetcables.Eachoftheseallowdatatotravelat 10Mbitpersecond. FirewallAsecuritysystemthathelpsprotectanetworkfromexternalthreats,suchashackerattacks, originating outside the network. A hardware Firewall is a connection routing device that has specic datacheckingsettingsandthathelpsprotectallofthedevicesconnectedtoit. FirmwareSoftwareinformationstoredinnonvolatilememoryonadevice. Flash memory A type of memory that does not lose data when power is removed from it. Flash memoryiscommonlyusedasasupplementtoorreplacementforharddisksinportablecomputers.In thiscontext,ashmemoryeitherisbuiltintotheunitor,morecommonly,isavailableasaPCCardthat canbepluggedintoaPCMCIAslot. FTP Acronym for File Transfer Protocol. The standard Internet protocol for downloading, or transferring,lesfromonecomputertoanother. GatewayAdevicethatactsasacentralpointfornetworkeddevices,receivestransmittedmessages, and forwards them. GlobeSurfer III can link manycomputers on a single network, andcan sharean encryptedInternetconnectionwithwiredandwirelessdevices. Gateway address The IP address you use when you make a connection outside your immediate network. HexadecimalAnumberingsystemthatuses16ratherthan10asthebaseforrepresentingnumbers.It is therefore referred to as a base16 numbering system. The hexadecimal system uses the digits 0 through 9 and the letters A through F (uppercase or lowercase) to represent the decimal numbers 0 through 15. For example, the hexadecimal letter D represents the decimal number 13. One hexadecimaldigitisequivalentto4bits,and1bytecanbeexpressedbytwohexadecimaldigits. HomePNA An industry standard that ensures that through existing telephone lines and a registered jack,computerusersonahomenetworkcanshareresources(suchasanInternetconnection,les,and printers) without interfering with regular telephone service. HomePNA currently offers data transmissionspeedsofupto10Mbps. HomeRF An industry standard that combines 802.11b and portable phone standards for home networking. It uses frequency hopping (switching of radio frequencies within a given bandwidth to reducetheriskofunauthorizedsignalinterception).HomeRFoffersdatatransmissionspeedsofupto 1.6Mbpsatdistancesofupto150feet. HostnameTheDNSnameofadeviceonanetwork,usedtosimplifytheprocessoflocatingcomputers onanetwork.

GlobeSurferIIIPage174of180

TECHNICALREFERENCEMANUAL

HubAdevicethathasmultipleportsandthatservesasacentralconnectionpointforcommunication linesfromalldevicesonanetwork.Whendataarrivesatoneport,itiscopiedtotheotherports. IEEE Acronym for Institute of Electrical and Electronics Engineers. A society of engineering and electronicsprofessionalsthatdevelopsstandardsfortheelectrical,electronics,computerengineering, andsciencerelatedindustries.TheIEEE(EyetripleE)isanonprot,technicalprofessionalassociation ofmorethan377,000individualmembersin150countries.ThefullnameistheInstituteofElectrical andElectronicsEngineers,Inc.,althoughtheorganizationismostpopularlyknownandreferredtoby thelettersIEEE. InfrastructurenetworkAnetworkcongurationinwhichwirelessdevicesconnecttoawirelessaccess point(suchasGlobeSurferIII)insteadofconnectingtoeachotherdirectly. Internet domain In a networked computer environment, a collection of computers that share a commondomaindatabaseandsecuritypolicy.Adomainisadministeredasaunitwithcommonrules andprocedures,andeachdomainhasauniquename. Intranet A network within an organization that uses Internet technologies (such a Web browser for viewing information) and protocols (such as TCP/IP), but is available only to certain people, such as employeesofacompany.Alsocalledaprivatenetwork.SomeintranetsofferaccesstotheInternet,but suchconnectionsaredirectedthroughaFirewall. IP Acronym for Internet Protocol. The protocol within TCP/IP that is used to send data between computers over the Internet. More specically, this protocol governs the routing of data messages, whicharetransmittedinsmallercomponentscalledpackets. IPaddressAcronymforInternetProtocoladdress.IPistheprotocolwithinTCP/IPthatisusedtosend data between computers over the Internet. An IP address is an assigned number used to identify a computerthatisconnectedtoanetworkthroughTCP/IP.AnIPaddressconsistsoffournumbers(each ofwhichcanbenogreaterthan255)separatedbyperiods,suchas192.168.1.1. ISO/OSIreferencemodelAbbreviationforInternationalOrganizationforStandardizationOpenSystems Interconnection reference model. An architecture that standardizes levels of service and types of interactionforcomputersthatexchangeinformationthroughacommunicationsnetwork.TheISO/OSI reference model separates computertocomputer communications into seven protocol layers, or levels;each builds on and relies on the standards contained in the levels below it. The lowest of the seven layers deals solely with hardware links; the highest deals with software interactions at the program level. It is a fundamental blueprint designed to help guide the creation of hardware and softwarefornetworks. ISPAcronymforInternetserviceprovider.Acompanythatprovidesindividualsorcompaniesaccessto theInternet. KbpsAbbreviationofkilobitspersecond.Datatransferspeed,asthroughamodemoronanetwork, measuredinmultiplesof1,000bitspersecond.

GlobeSurferIIIPage175of180

TECHNICALREFERENCEMANUAL

LAN Acronym for local area network. A group of computers and other devices dispersed over a relativelylimitedarea(forexample,abuilding)andconnectedbyacommunicationslinkthatenables anydevicetointeractwithanyotheronthenetwork. MAC address Abbreviation for media access control address. The address that is used for communicationbetweennetworkadaptersonthesamesubnet.Eachnetworkadapterismanufactured withitsownuniqueMACaddress. MAClayerAbbreviationformediaaccesscontrollayer.Theloweroftwosublayersthatmakeupthe datalinklayerintheISO/OSIreferencemodel.TheMAClayermanagesaccesstothephysicalnetwork, soaprotocollikeEthernetworksatthislayer. Mapping A process that allows one computer to communicate with a resource located on another computer on the network. For example, if you want to access a folder that resides on another computer,youmaptothatfolder,aslongasthecomputerthatholdsthefolderhasbeenconguredto shareit. MbpsAbbreviationofmegabitspersecond.Aunitofbandwidthmeasurementthatdenesthespeed atwhichinformationcanbetransferredthroughanetworkorEthernetcable.Onemegabyteisroughly equivalenttoeightmegabits. ModemAdevicethattransmitsandreceivesinformationbetweencomputers. MPPE Microsoft Point to Point Encryption (MPPE) is a means of representing Point to Point Protocol (PPP)packetsinanencryptedform. MulticastTotransmitasinglemessagetoaselectgroupofrecipients.Asimpleexampleofmulticasting is sending an email message to a mailing list. Teleconferencing and videoconferencing also use multicasting,butrequiremorerobustprotocolsandnetworks. NATAcronymfornetworkaddresstranslation.TheprocessofconvertingbetweenIPaddressesused withinaprivatenetworkandInternetIPaddresses.NATenablesallofthecomputersonanetworkto shareoneIPaddress. Network A collection of two or more computers that are connected to each other through wired or wireless means. These computers can share access to the Internet and the use of les, printers, and otherequipment. Network adapter Also known as a network interface card (NIC). An expansion card or other device usedtoprovidenetworkaccesstoacomputer,printer,orotherdevice. NetworknameThesinglenameofagroupingofcomputersthatarelinkedtogethertoformanetwork. Network printer A printer that is not connected directly to a computer, but is instead connected directlytoanetworkthroughawiredorwirelessconnection. PacketAunitofinformationtransmittedasawholefromonedevicetoanotheronanetwork.

GlobeSurferIIIPage176of180

TECHNICALREFERENCEMANUAL

PAPPasswordAuthenticationProtocol,themostbasicformofauthentication,inwhichausersname and password are transmitted over a network and compared to a table of namepassword pairs. Typically,thepasswordsstoredinthetableareencrypted.TheBasicAuthenticationfeaturebuiltinto theHTTPprotocolusesPAP. PCCardAperipheraldevicethataddsmemory,massstorage,modemcapability,orothernetworking servicestoportablecomputers. PCI Acronym for Peripheral Component Interconnect. A specic bus type designed to be used with devicesthathavehighbandwidthrequirements. PCI card A card designed to t into a PCI expansion slot in a personal computer. PCI cards provide additionalfunctionality;forexample,twotypesofPCIcardsarevideoadaptersandnetworkinterface cards.SeePCI. PCIexpansionslotAconnectionsocketdesignedtoaccommodatePCIcards. PCMCIA Acronym for Personal Computer Memory Card International Association. A nonprot organization of manufacturers and vendors formed to promote a common technical standard for PC Cardbased peripherals and the slot designed to hold them, primarily on portable computers and intelligentelectronicdevices. PeertopeernetworkAnetworkoftwoormorecomputersthatcommunicatewithoutusingacentral server. This lack of reliance on a server differentiates a peertopeer network from a client/server network. PINGAprotocolfortestingwhetheraparticularcomputerisconnectedtothe Internetbysending a packettothecomputersIPaddressandwaitingforaresponse. Plug and Play A set of specications that allows a computer to automatically detect and congure variousperipheraldevices,suchasmonitors,modems,andprinters. PortAphysicalconnectionthroughwhichdataistransferredbetweenacomputerandotherdevices (suchasamonitor,modem,orprinter),anetwork,oranothercomputer.Also,asoftwarechannelfor networkcommunications. PPPoEAcronymforPointtoPointProtocoloverEthernet.Aspecicationforconnectingusersonan EthernetnetworktotheInternetbyusingabroadbandconnection(typicallythroughaDSLmodem). PPTPIPSecurity,asetofprotocolsdevelopedtosupportsecureexchangeofpacketsattheIPlayer. IPsechasbeendeployedwidelytoimplementVirtualPrivateNetworks(VPNs). PPTP PointtoPoint Tunneling Protocol, a technology for creating Virtual Private Networks (VPNs). Because the Internet is essentially an open network, the PointtoPoint Tunneling Protocol (PPTP) is usedtoensurethatmessagestransmittedfromoneVPNnodetoanotheraresecure.WithPPTP,users candialintotheircorporatenetworkviatheInternet.

GlobeSurferIIIPage177of180

TECHNICALREFERENCEMANUAL

Prole A computerbased record that contains an individual networks software settings and identicationinformation. ProtocolAsetofrulesthatcomputersusetocommunicatewitheachotheroveranetwork. ResourceAnytypeofhardware(suchasamodemorprinter)orsoftware(suchasanapplication,le, orgame)thatuserscanshareonanetwork. RestorefactorydefaultsThetermusedtodescribetheprocessoferasingyourbasestationscurrent settingstorestorefactorysettings.YouaccomplishthisbypressingtheResetbuttonandholdingitfor veormoreseconds.Notethatthisisdifferentfromresettingthebasestation. RJ11 connector An attachment used to join a telephone line to a device such as a modem or the externaltelephonelines. RJ45connectorAnattachmentfoundontheendsofallEthernetcablesthatconnectsEthernet(wired) cablestootherdevicesandcomputers Server A computer that provides shared resources, such as storage space or processing power, to networkusers. Shared folder A folder (on a computer) that has been made available for other people to use on a network. SharedprinterAprinter(connectedtoacomputer)thathasbeenmadeavailableforotherpeopleto useonanetwork. SharingTomaketheresourcesassociatedwithonecomputeravailabletousersofothercomputerson anetwork. SNTP Acronym for Simple Network Time Protocol. A protocol that enables client computers to synchronizetheirclockswithatimeserverovertheInternet. SSID Acronym for Service Set Identier, also known as a wireless network name. An SSID value uniquelyidentiesyournetworkandiscasesensitive. StaticIPaddressApermanentInternetaddressofacomputer(assignedbyanISP). Straightthrough cable A type of cable that facilitates network communications. An Ethernet cable comesinacoupleofavors.Thereistwistedpair,andcoaxEthernetcables.Eachoftheseallowdatato travelat10Mbitpersecond.UnliketheCrossovercable,straightthroughcablehasthesameorderof pincontactsoneachendplugofthecable. Subnet A distinct network that forms part of a larger computer network. Subnets are connected throughroutersandcanuseasharednetworkaddresstoconnecttotheInternet. Subnet mask Typically, a subnet may represent all the machines at one geographic location, in one

GlobeSurferIIIPage178of180

TECHNICALREFERENCEMANUAL

building,oronthesamelocalareanetwork(LAN).Havinganorganizationsnetworkdividedintosub netsallowsittobeconnectedtotheInternetwithasinglesharednetworkaddress.Similarinformto anIPaddressandtypicallyprovidedbyanISP.Anexampleofasubnetmaskvalueis255.255.0.0. Switch A central device that functions similarly to a hub, forwarding packets to specic ports rather thanbroadcastingeverypackettoeveryport.Aswitchismoreefcientwhenusedonahighvolume network. SwitchednetworkAcommunicationsnetworkthatusesswitchingtoestablishaconnectionbetween parties. Switching A communications method that uses temporary rather than permanent connections to establishalinkortorouteinformationbetweentwoparties.Incomputernetworks,messageswitching andpacketswitchingallowanytwopartiestoexchangeinformation.Messagesarerouted(switched) throughintermediarystationsthattogetherservetoconnectthesenderandthereceiver. TCP/IP Acronym for Transmission Control Protocol/Internet Protocol. A networking protocol that allowscomputerstocommunicateacrossinterconnectednetworksandtheInternet.Everycomputer ontheInternetcommunicatesbyusingTCP/IP. Throughput The data transfer rate of a network, measured as the number of kilobytes per second transmitted. USBAcronymforuniversalserialbus.USB(UniversalSerialBus)isaplugandplayinterfacebetweena computer and addon devices (such as audio players, joysticks, keyboards, telephones, scanners, and printers). With USB, a new device can beadded to your computer without having to add an adapter cardorevenhavingtoturnthecomputeroff. USBadapterAdevicethatconnectstoaUSBport. USBconnectorTheplugendoftheUSBcablethatisconnectedtoaUSBport.Itisabouthalfaninch wide,rectangularandsomewhatat. USBportArectangularslotinacomputerintowhichaUSBconnectorisinserted. UTP Acronym for unshielded twisted pair. A cable that contains one or more twisted pairs of wires withoutadditionalshielding.Itsmoreexibleandtakeslessspacethanashieldedtwistedpair(STP) cable,buthaslessbandwidth. VirtualserverOneofmultipleWebsitesrunningonthesameserver,eachwithauniquedomainname andIPaddress. VPN A Virtual Private Network (VPN) is a private Network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling Protocol and securityprocedures.

GlobeSurferIIIPage179of180

TECHNICALREFERENCEMANUAL

WANAcronymforwideareanetwork.Ageographicallywidespreadnetworkthatmightincludemany linkedlocalareanetworks. WiFiAtermcommonlyusedtomeanthewireless802.11bstandard. WirelessReferstotechnologythatconnectscomputerswithouttheuseofwiresandcables.Wireless devicesuseradiotransmissiontoconnectcomputersonanetworktooneanother.Radiosignalscanbe transmitted through walls, ceilings, and oors, so you can connect computers that are in different roomsinthehousewithoutphysicallyattachingthemtooneanother. WirelessaccesspointAdevicethatexchangesdatabetweenwirelesscomputersorbetweenwireless computersandwiredcomputersonanetwork. WirelessnetworknameThesinglenameofagroupingofcomputersthatarelinkedtogethertoforma network. Wireless security A wireless network encryption mechanism that helps to protect data transmitted overwirelessnetworks. WLAN Acronym for wireless local area network. A network that exclusively relies on wireless technologyfordeviceconnections.

GlobeSurferIIIPage180of180

TECHNICALREFERENCEMANUAL