Tag: huawei B618 Firewall settings

Huawei B618 Security Settings

  • Enabling or Disabling the Firewall
    The Huawei B618 4G Router supports the firewall function to control the transmission of data streams and protect your local area network from unauthorized access.

 

  • Setting LAN IP Filtering
    The LAN IP address filtering function is used to block specified clients in the LAN from accessing specified Internet services.

 

  • Configuring a Virtual Server
    The Huawei B618 4G Router supports the virtual server to enable external users to use the services provided in the local area network (LAN) using the Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and other protocols.

 

  • Configuring a Special Application
    The Huawei B618 4G Router supports the function to use a special application to configure dynamic port forwarding. Certain applications in the local area network (LAN) must use a specified port of the firewall to access remote applications. To set up a Transmission Control Protocol and User Datagram Protocol (TCP/UDP) connection between an application in the LAN and a remote application, the firewall uses this port forwarding function to open the required port.

 

  • Setting the DMZ
    If external users cannot access certain network services provided by the local area network (LAN), use the DMZ function provided by the Huawei B618 4G Router to set the client that provides the required network services as the DMZ host; external users can then access these services properly. DMZ is an acronym for the demilitarized zone in networks.

 

  • Setting the SIP ALG
    The Session Initiation Protocol (SIP) is a control protocol at the Application Layer. It is used to initiate, change, or end a session. An application-level gateway (ALG) is a specific application of SIP and is used to check the status of data packages. To complete a SIP application, enable the SIP ALG.

 

  • Setting the UPnP
    The Universal Plug and Play (UPnP) service realizes intelligent connection between two UPnP devices using port forwarding. UPnP devices can obtain IP addresses automatically and access the Internet dynamically.

 

  • Configuring NAT
    Network address translation is the process of modifying source and destination IP addresses when IP packets are transmitted across a router or firewall. The purpose of this process is to translate internal (private) IP addresses into external (public) IP addresses to provide a solution to the impending exhaustion of IP addresses. Huawei B618 4G Router supports port-restricted cone NAT and symmetric NAT. You can configure the NAT settings as required.

 

  • Filtering Specified Websites
    The Huawei B618 4G Router enables you to specify and filter websites.

 

  • Setting the DDNS
    The Dynamic Domain Name Server (DDNS) is a system that associates a network address with a dynamic IP address. After you configure the DDNS, the Huawei B618 4G Router sends the dynamic IP address of a computer to the DDNS. The DDNS then associates the updated IP address with the specified network address so that Internet users can use this network address to access the resources that you provide.

 

  • Filtering Specified Devices
    The MAC filtering function of the Huawei B618 4G Router can filter specified devices on the Huawei B618 4G Router local area network (LAN) so these devices are prevented from accessing the Internet or other devices on the same LAN.

 

——————————————————————————————————————–

 

Enabling or Disabling the Firewall

The Huawei B618 LTE Router supports the firewall function to control the transmission of data streams and protect your local area network from unauthorized access.

Procedure

  1. Choose SettingsSecurity > Firewall.
  2. Select Enable firewall to enable the firewall or clear it to disable the firewall.

 NOTE:

Other parameters are available only if you select Enable firewall.

  1. Select Enable IP address filter to enable the function of filtering IP addresses.
  2. Select Disable WAN port ping to disable the ping function.
  3. Select Enable domain name filter to enable the function of filtering URLs.
  4. Select Enable MAC filter to enable the MAC filtering function.
  5. Click Apply.

 

———————————————————-

Setting LAN IP Filtering

The LAN IP address filtering function is used to block specified clients in the LAN from accessing specified Internet services.

Prerequisite

The IP address filtering function is enabled. For details, see Enabling or Disabling the Firewall.

Context

The following table lists common protocols at the application layer of TCP/IP.

Protocol Default Port Service Provided
HTTP 80 Browse web pages.
SMTP 25 Send emails.
POP3 110 Receive emails.
FTP 21 Transfer files.
TELNET 23 Log in to a remote computer.

 NOTE:

For details about the port used for a service, contact your service provider.

Procedure

  1. Choose SettingsSecurity > LAN IP Filter .
  2. Choose one of the following options:
    • Blacklist: Set the websites that you do not want users to access.
    • Whitelist: Set the websites that users are allowed to access.
  3. Click Add and set the parameters.
  4. Click OK to save the settings.

 NOTE:

  • Click Edit to edit a selected item in the list.
  • Click Delete to delete a selected item from the list.
  1. Click Apply for the settings to take effect.

Restricting Clients in a WLAN from Accessing Specified Websites

For example, if you want to restrict a client (192.168.1.101) in a WLAN from accessing www.abc.com, perform the following steps:

  1. Choose SettingsSecurity > LAN IP Filter .
  2. Select Blacklist.
  3. Click Add and set the parameters.
LAN IP Address Enter 192.168.1.101.

NOTE:

You can view the IP addresses of the clients connected to the Huawei B618 under the Connected WLAN clients section on the Statistics page.
LAN Port Enter 80.
WAN IP Address a.       On your computer, choose Start > Run.

b.      Enter cmd and press Enter.

c.       In the displayed window, enter ping www.abc.com and press Enter.

d.      View the IP address of www.abc.com. For example, it is 1.2.3.4.

e.       In the text box for Huawei B618, enter 1.2.3.4.

NOTE:

The Windows 7 operating system is used in this example to describe how to obtain WAN IP addresses.
WAN Port Enter 80.
Protocol Select TCP/UDP.

NOTE:

If you do not know the protocol, select TCP/UDP. The Mobile Broadband will automatically select an appropriate protocol.
Status Select On.
Options Click OK.
  1. Click Apply for the settings to take effect.

 

———————————————————-

Configuring a Virtual Server

The Huawei B618 LTE CPE supports the virtual server to enable external users to use the services provided in the local area network (LAN) using the Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and other protocols.

Procedure

  1. Choose SettingsSecurity > Virtual Server .
  2. Click Add and set the parameters.
  3. Click OK to save the settings.

 NOTE:

  • Edit: to edit an item.
  • Delete: to delete an item.
  1. Click Apply for the settings to take effect.

Configuring an FTP Server

To enable a client whose IP address is 192.168.8.101 to provide FTP services and be accessed by external users, do the following:

  1. Configure a virtual server.
Name WAN Port LAN IP Address LAN Port Protocol Status
My FTP server 21-22 192.168.8.101 23-24 TCP On
  1. Choose SettingsSystem > Device Information , view the wide area network (WAN) IP address of the Huawei B618. For example 10.2.1.123.
  2. In the browser of an external user, enter the FTP server address (ftp://10.2.1.123) and access the FTP services provided by the client whose IP address is 192.168.8.101.

 NOTE:

If the default service port is 21-22, the external user should enter ftp://10.2.1.123:21 or ftp://10.2.1.123:22 to access the FTP server.

 

———————————————————-

Configuring a Special Application

The Huawei B618 LTE CPE supports the function to use a special application to configure dynamic port forwarding. Certain applications in the local area network (LAN) must use a specified port of the firewall to access remote applications. To set up a Transmission Control Protocol and User Datagram Protocol (TCP/UDP) connection between an application in the LAN and a remote application, the firewall uses this port forwarding function to open the required port.

Procedure

  1. Choose SettingsSecurity > Special Applications.
  2. Click Add and set the parameters.
  3. Click OK to save the settings.

 NOTE:

  • Edit: to edit an item.
  • Delete: to delete an item.
  1. Click Apply for the settings to take effect.

Example of the Configuration of a Special Application

A client in the LAN uses TCP to access the MSN game server through port 47624. When the game starts, the game server uses TCP and port 2400 to set up a connection to the client that tries to access the server. In this case, you must configure dynamic port forwarding, because the game conflicts with the following default firewall rules:

  • The firewall blocks external data input.
  • The game server can send a connection request to the external IP address of the Huawei B618 but cannot send the request to the LAN client that tries to access the game server, because the IP addresses of clients are not open to external devices.

To solve this problem, you must define a set of port forwarding rules. When the client in the LAN sends data to TCP port 47624, the rules allow data input from TCP port 2400. Then data from the game server can be received from and transmitted to the LAN client that sends data to TCP port 47624.

Name Status Trigger Port Trigger Protocol Open Protocol Open Port
MSN Gaming Zone On 47624 TCP TCP 2400

 NOTE:

For details about Trigger PortOpen PortTrigger Protocol, and Open Protocol, contact your service provider.

 

———————————————————-

Setting the DMZ

If external users cannot access certain network services provided by the local area network (LAN), use the DMZ function provided by the Huawei B618 to set the client that provides the required network services as the DMZ host; external users can then access these services properly. DMZ is an acronym for the demilitarized zone in networks.

Prerequisite

DMZ users are not protected by the firewall and may be easily attacked. In addition, the security of other users in the LAN is compromised.

Procedure

  1. Choose SettingsSecurity > DMZ Settings.
  2. Select:
    • Enable: to enable the DMZ function.
    • Disable: to disable the DMZ function.
  3. In DMZ IP address:, enter the IP address of the client to be set as the DMZ host.

 NOTE:

One client can be set as the DMZ host at a time.

  1. Click Apply.

 

———————————————————-

Setting the SIP ALG

The Session Initiation Protocol (SIP) is a control protocol at the Application Layer. It is used to initiate, change, or end a session. An application-level gateway (ALG) is a specific application of SIP and is used to check the status of data packages. To complete a SIP application, enable the SIP ALG.

Procedure

  1. Choose SettingsSecurity > SIP ALG Settings.
  2. Select Enable SIP ALG to enable the SIP ALG.
  3. In SIP port, enter the SIP port number provided by your service provider.
  4. Click Apply.

 

———————————————————-

Setting the UPnP

The Universal Plug and Play (UPnP) service realizes intelligent connection between two UPnP devices using port forwarding. UPnP devices can obtain IP addresses automatically and access the Internet dynamically.

Procedure

  1. Choose SettingsSecurity > UPnP Settings.
  2. Select:
    • Enable: to enable the UPnP service.
    • Disable: to disable the UPnP service.
  3. Click Apply.

 

———————————————————-

Configuring NAT

Network address translation is the process of modifying source and destination IP addresses when IP packets are transmitted across a router or firewall. The purpose of this process is to translate internal (private) IP addresses into external (public) IP addresses to provide a solution to the impending exhaustion of IP addresses. Huawei B618 LTE CPE supports port-restricted cone NAT and symmetric NAT. You can configure the NAT settings as required.

Procedure

  1. Choose SettingsSecurity > NAT Settings.
  2. Select from the following options:
    • Cone: to enable port-restricted cone NAT. This type of NAT are more compatible with applications (including applications on game devices), although it provides lower security.
    • Symmetric: to enable symmetric NAT. This type of NAT are generally adopted by gateways with higher security.
  3. Click Apply.

 

———————————————————-

Filtering Specified Websites

The Huawei B618 LTE Gateway enables you to specify and filter websites.

Procedure

  1. Choose SettingsSecurity > Domain Name Filter.
  2. Choose one of the following options:
    • Blacklist: Set the websites that you do not want users to access.
    • Whitelist: Set the websites that users are allowed to access.
  3. Click Add.
  4. In Domain Name, enter the address of the website you want to filter.
  5. From the Status drop-down list, select On.
  6. Click OK.
  7. Click Applyfor the settings to take effect.

 

 

———————————————————-

Setting the DDNS

The Dynamic Domain Name Server (DDNS) is a system that associates a network address with a dynamic IP address. After you configure the DDNS, the Huawei B618 sends the dynamic IP address of a computer to the DDNS. The DDNS then associates the updated IP address with the specified network address so that Internet users can use this network address to access the resources that you provide.

Procedure

  1. Choose SettingsSecurity > DDNS.
  2. Click Add.
  3. Set DDNS parameters.

 NOTE:

The user name and password must be registered on the website of the DDNS service provider.

  1. Click OK.

Example

To share large files or videos with Internet users:

  1. Register a DDNS user name and password on a DDNS service provider. For example, register an account with both the user name and password as admin on http://www.dyndns.org/.
  2. Choose SettingsSecurity > DDNS.
Service Provider Status Domain Name User name Password
DynDNS.org On www.abc.com admin admin
  1. Click OK.
  2. Internet users will then be able to access your resources by accessing abc.comfrom their browsers.

 

———————————————————-

Filtering Specified Devices

The MAC filtering function of the Huawei B618 4G Router can filter specified devices on the Huawei B618 4G Router local area network (LAN) so these devices are prevented from accessing the Internet or other devices on the same LAN.

Procedure

  1. Choose SettingsSecurity > MAC Filter.
  2. Select an MAC filtering mode from the Filtering mode: drop-down list box.
    • Disable: Disable the MAC filtering function.
    • Allow: If the MAC address of a client is in the MAC Address list, the client is allowed to connect to the Huawei B618 4G Router.
    • Deny: If the MAC address of a client is in the MAC Address list, the client is not allowed to connect to the Huawei B618 4G Router.
  3. In the MAC Address text box, enter the MAC address of the client you want to filter.
  4. Click Apply.

 

 

Check more details about Huawei B618 4G Router here: https://www.4gltemall.com/huawei-b618-lte-cat11-router.html