how-to block ads
|
|
5. Firewalls and NAT·Where are the monitors? IP addresses?
·How do I setup Zone Alarm?
·How to make SonicWALL pingable
·Can you monitor a firewall?
·Linksys, DLink and other routers
·How should NIS2K be setup?
| | | The machines that (currently) do the monitoring are
ny-monitor.dslreports.com
sjc-monitor.dslreports.com no longer available
64.81.79.40 & 64.81.79.41(sfo-monitor.dslreports.com)
These hosts should be be added to your firewall if ICMP ping is being blocked. The IP addresses do change from time to time, so if you must enter IP address and not DNS name, then please do an NSLOOKUP or PING to make sure of the current IP address.
 show feedback form
 close
edited by KeysCapt 
last modified: 2008-03-31 08:04:17 | | | Zone Alarm has two zones. Local Zone and Internet Zone. It is normal to set Local Zone security to medium or lower. You must then place our monitoring stations into the list of "local hosts". Please check this screenshot to see an example of the properties screen of Local Zone setup correctly to except our monitoring systems. Please note that the IP's in that screenshot are not the current IP's.
The machines that (currently) do the monitoring are
ny-monitor.dslreports.com
sjc-monitor.dslreports.com
dslreports-west2.speakeasy.net (64.81.79.40 AND 64.81.79.41)
These hosts should be be added to your firewall if ICMP ping is being blocked. The IP addresses do change from time to time, so if you must enter IP address and not DNS name, then please do an NSLOOKUP or PING to make sure of the current IP address.
Important: if you PADLOCK your zonealarm, no matter what, you are disconnected from the net. This will break monitoring. If you wish fulltime line monitoring, the PADLOCK function should not be used.
show feedback form
close
| | | If you have a SonicWALL hardware firewall there are two methods you can use to setup your system to respond to pings:
Method 1: You can pass incoming pings through the SonicWALL to a PC on the LAN and then have the PC respond to the pings.
Method 2: You can have the SonicWALL respond to pings directly.
To use Method 1 (your PC responds to pings) follow these steps:
(1a) Open the SonicWALL web admin by entering the SonicWALL's LAN IP address into a web browser on a PC on the LAN side of the SonicWALL.
(1b) Go to Access, Services and make sure Ping shows up in the list of services. If not, add the Ping service.
(1c) Go to Access, Rules, Add New Rule and add two rules
Rule 1
- Action=allow
- Service=ping
- Source=WAN, 216.200.176.6 <= DSLR WC server “sjc-monitor.dslreports.com”
- Destination=LAN, 192.x.x.x <= LAN address of PC to respond to pings
Rule 2
- Action=allow
- Service=ping
- Source=WAN, 206.65.191.129 <= DSLR EC server “ny-monitor.dslreports.com”
- Destination=LAN, 192.x.x.x <= LAN address of PC to respond to pings
(1d) If you have a software firewall on the LAN PC be sure to allow pings there as well.
To use Method 2 (SonicWALL responds to pings) follow these steps:
(2a) Open the SonicWALL web admin by entering the SonicWALL's LAN IP address into a web browser on a PC on the LAN side of the SonicWALL.
(2b) Go to Access, Services and make sure Ping shows up in the list of services. If not, add the Ping service.
(2c) Go to Access, Rules, Add New Rule and add two rules
Rule 1
- Action=allow
- Service=ping
- Source=WAN, 216.200.176.6 <= DSLR WC server “sjc-monitor.dslreports.com”
- Destination=LAN, 192.x.x.x <= LAN address of SonicWALL
Rule 2
- Action=allow
- Service=ping
- Source=WAN, 206.65.191.129 <= DSLR EC server “ny-monitor.dslreports.com”
- Destination=LAN, 192.x.x.x <= LAN address of SonicWALL
General notes:
You can have the SonicWALL “stealth mode” enabled (Access, Services, Stealth Mode) and both methods will still work.
You can use “*” for the WAN address in the SonicWALL rules to allow pings from anyone, but the nice thing about using explicit rules for each DSLR server is that you don't make yourself visible to the general public. I don't think it's a security risk to leave the server-specific rules in place. Of course, if DSLR changes their server IP addresses you need to change your rules.
show feedback form
close
by wingman8 edited by KeysCapt
last modified: 2002-07-23 14:07:27 | | | If your firewall responds to ICMP ping packets, as many do, then we can monitor your connection. Instructions for specific firewalls and network share devices follow.
show feedback form
close
| | | Recent Linksys, DLink and other routers' firmware allows you to configure the router to be unpingable from outside. "Block WAN Requests" for older devices and "Block Anonymous Internet Requests" for newer 'Cisco' branded devices. DLink uses "Discard PING from WAN side". Enabling these router features will break monitoring.
We recommend if you wish to be monitored, do not select the "Block WAN Requests"/"Block Anonymous Internet Requests"/"Discard PING from WAN side" option on the router configuration screen. Your router can still be password protected, and will be secure.
Also try disabling "SPI" , as this also may block external pings.
show feedback form
close
edited by mjf
last modified: 2006-05-02 08:48:35 | | | Configure to allow incoming icmp request and outgoing icmp reply to/from our two monitoring stations. move these rules to be 1st rules just to be sure that they wont' be blocked by any other rules.
show feedback form
close
|
|
