Westell G90 6100 firewall configuration
jltympanum
Enthusiast - Level 1

This is a lengthy question regarding configuration of the dsl modem.  Only those technically sophisticated should bother to read this.

My modem is a Westell G90-610015-20. Its web interface is the "red and black" version. The Modem Status page shows the following information:

Software Version: VER:5.01.00.04
Transceiver Revision: 3.3.6.10.0.1
Model Name: G90-610015-20
Serial Number: {edited for privacy}
Broadband Connection Status: Connected
Broadband Connection Type: PPPoE
Active Status: 1:17:44:15
Configuration: 096-900207-00 A

I have several wired computers on the network attached to the modem, but none wireless. The computers run Windows 7, Windows XP, and Linux. Some of the computers are running software firewalls, some are not. There is no router in the picture.

I am very concerned about security, and I would like to take advantage of every possible security feature provided by the modem. To this end, as a first step I want to take a close look at the firewall built in to the modem, and perhaps set up a customized firewall configuration.

The Firewall Setting page accessible via the modem''s web interface shows 5 security options: High, Medium, Low, None and Custom. My plan was to print out the built-in security configurations for High, Medium and Low to provide a baseline; make some adjustments for the particular kinds of internet traffic we need; and implement the result as a Custom configuration.

In order to do this I need a few things which I have so for been unable to find either in the Users Guide for this modem or by surfing the web. Thus:

1. How can I see the built-in security configurations, and, if possible, download them to a file?
2. What are the specs of the language in which the configuration is written?
3. How do I install a Custom configuration into the modem?
4. How can I print out or download to a file the Custom configuration?

Perhaps someone can also suggest other security features I should be looking at.

0 Likes
1 Solution

Correct answers
Re: Westell G90 6100 firewall configuration
dslr595148
Community Leader
Community Leader

@jltympanum wrote:

Thanks for taking the time to reply.  However, there must be something funny about the model of modem I have because when I follow the procedure you outlined as #2 all I get in reponse to Edit is a form to fill out to add single rule.  I don't get any kind of display showing the complete set of rules.  Nor does it even allow for deleting a rule.  Bummer!

Just to clarify a bit of the mystery, the multiple computers in my network are connected to a switch which then feeds into the modem.  And of course, the computers have software firewalls as well.  But we want "security-in-depth".


After I see your screen shot(s), I see you are right.

That would drive me nuts.

To make my network more secure, one of these options I would do.

** Opton one **

#1 Get a RJ-45 WAN port router.

#2 Put the modem combo into bridge mode.

REF

a) http://www.dslreports.com/faq/13600

b) If not that FAQ, then http://www.dslreports.com/forum/r24425118-

#3 Reconfigure the RJ-45 WAN port router for the type of connection that is used.

If Bridge - routed bridge - DHCP Client enabled, in the RJ-45 WAN router I would have to use DHCP and spoof/clone the MAC Address of the Westell.

** Opton two **

#1 Get a RJ-45 WAN port router.

#2 Get a different DSL Modem from Verizon. Like one covered in that FAQ (Westell 6100F, Westell 7500)

#3 Put the modem combo into bridge mode.

#4 Reconfigure the RJ-45 WAN port router for the type of connection that is used.

If Bridge - routed bridge - DHCP Client enabled, in the RJ-45 WAN router I would have to use DHCP and spoof/clone the MAC Address of the Westell.

** Option three **

#1 Get a different DSL Modem from Verizon. Like one covered in that FAQ (Westell 6100F, Westell 7500)

#2 Configure that modem combo to handle the Public IP.

** Option four **

#1 Get a different DSL Modem but not from Verizon (or one provided that can only be used on Verizon).

For example the NETGEAR DG834G.

#2 Configure that modem combo to handle the Public IP.

--

With some notes about that...

#1 If you use your own DSL Modem combo and if you need support, you can only get it from:

a) The Vender who made that device.

b) Verizon Premium Tech Support.

c) OR from other peers. For example on this website with message board.

#2 If you use the Verizon dsl modem combo, Verizon can help you with certain issues. Anything outside of their support box, you can only get help from:

a) The Vender who made that device. For example Xbox OR your own RJ-45 WAN port router.

b) Verizon Premium Tech Support.

c) OR from other peers. For example on this website with message board.

--

If there an option five, I would believe it is getting another ISP.

If another DSL ISP, there be downtime. You need to research ahead of time, to see how long that downtime will be and if they provide at least dial-up access so when you are switching from Verizon DSL to DSL Extreme DSL (for example) you can still access the net..

^^^

View solution in original post

Re: Westell G90 6100 firewall configuration
dslr595148
Community Leader
Community Leader

While I don't know all of the answers, I can answer as many as I know. 😉

#1 To backup or restore the settings of the router (including the firewall config), in the router go to Advanced -> Configuration File

#2 To view each of the rules, let me give to you an example.

Let us say you want to view the rules for Medium.

a) First you select Medium.

b) Then you select Custom.

c) Then you select Edit, next to Custom

---

So, the only answer I don't of those 4 questions is


@jltympanum wrote:

2. What are the specs of the language in which the configuration is written?


Why aren't you running a software firewall on each of those computers, behind the modem combo?

I don't see how your computers could be directly connected to that modem, since it only has one RJ-45 LAN port.

For more than one computer to be connected, one of these has to be true:

#1 A hub/switch is connected to the modem combo.

#2 A RJ-45 WAN port router is setup as a hub/switch and with one of it's RJ-45 LAN ports is connected to the modem combo,

#3 OR a RJ-45 WAN port router's WAN port is connected to the modem combo.

Which one of these is true, I don't know.

0 Likes
Re: Westell G90 6100 firewall configuration
jltympanum
Enthusiast - Level 1

Thanks for taking the time to reply.  However, there must be something funny about the model of modem I have because when I follow the procedure you outlined as #2 all I get in reponse to Edit is a form to fill out to add single rule.  I don't get any kind of display showing the complete set of rules.  Nor does it even allow for deleting a rule.  Bummer!

Just to clarify a bit of the mystery, the multiple computers in my network are connected to a switch which then feeds into the modem.  And of course, the computers have software firewalls as well.  But we want "security-in-depth".

0 Likes
Re: Westell G90 6100 firewall configuration
dslr595148
Community Leader
Community Leader

#1 You are welcome

#2 Slight correction, to that example

a) Need to select Medium

b) Need to press Apply.

c) Need to select Custom.

d) Then press Edit.

Sorrry.

#3


@jltympanum wrote:

However, there must be something funny about the model of modem I have because when I follow the procedure you outlined as #2 all I get in reponse to Edit is a form to fill out to add single rule.  I don't get any kind of display showing the complete set of rules.  Nor does it even allow for deleting a rule.  Bummer!




How about a screen shot from the router.

My screenshot is an example of what I get with my Westell 6100F

#4 I am just wondering, something..

a) Go to https://www.grc.com/x/ne.dll?bh0bkyd2

b) Read the web page there.

c) When done reading it, press Proceed.

d) Say ok to the alert that, says something about switching to non secure (SSL) mode.

e) Into the box/field provided, type in 4567.

f) Click on User Specified Custom Port Probe

g) The full results I don't care about, but I would love to know what that port status is. Open, Closed OR Stealth.


image
0 Likes
Re: Westell G90 6100 firewall configuration
jltympanum
Enthusiast - Level 1
Please don't think badly of me, by I don't see how to attach a file to a reply.
0 Likes
Re: Westell G90 6100 firewall configuration
smith6612
Community Leader
Community Leader

When creating a post you'll see an Attachments section below the post box. There's what you would use for attaching 🙂

0 Likes
Re: Westell G90 6100 firewall configuration
jltympanum
Enthusiast - Level 1

Somehow my post box doesn't have an attachment button so I'm posting the images inline.  The first is the window that appears when you click on Firewall Settings.  The second is what you get when you click on Edit, as per your instructions.

image

image

0 Likes
Re: Westell G90 6100 firewall configuration
dslr595148
Community Leader
Community Leader

@jltympanum wrote:

Thanks for taking the time to reply.  However, there must be something funny about the model of modem I have because when I follow the procedure you outlined as #2 all I get in reponse to Edit is a form to fill out to add single rule.  I don't get any kind of display showing the complete set of rules.  Nor does it even allow for deleting a rule.  Bummer!

Just to clarify a bit of the mystery, the multiple computers in my network are connected to a switch which then feeds into the modem.  And of course, the computers have software firewalls as well.  But we want "security-in-depth".


After I see your screen shot(s), I see you are right.

That would drive me nuts.

To make my network more secure, one of these options I would do.

** Opton one **

#1 Get a RJ-45 WAN port router.

#2 Put the modem combo into bridge mode.

REF

a) http://www.dslreports.com/faq/13600

b) If not that FAQ, then http://www.dslreports.com/forum/r24425118-

#3 Reconfigure the RJ-45 WAN port router for the type of connection that is used.

If Bridge - routed bridge - DHCP Client enabled, in the RJ-45 WAN router I would have to use DHCP and spoof/clone the MAC Address of the Westell.

** Opton two **

#1 Get a RJ-45 WAN port router.

#2 Get a different DSL Modem from Verizon. Like one covered in that FAQ (Westell 6100F, Westell 7500)

#3 Put the modem combo into bridge mode.

#4 Reconfigure the RJ-45 WAN port router for the type of connection that is used.

If Bridge - routed bridge - DHCP Client enabled, in the RJ-45 WAN router I would have to use DHCP and spoof/clone the MAC Address of the Westell.

** Option three **

#1 Get a different DSL Modem from Verizon. Like one covered in that FAQ (Westell 6100F, Westell 7500)

#2 Configure that modem combo to handle the Public IP.

** Option four **

#1 Get a different DSL Modem but not from Verizon (or one provided that can only be used on Verizon).

For example the NETGEAR DG834G.

#2 Configure that modem combo to handle the Public IP.

--

With some notes about that...

#1 If you use your own DSL Modem combo and if you need support, you can only get it from:

a) The Vender who made that device.

b) Verizon Premium Tech Support.

c) OR from other peers. For example on this website with message board.

#2 If you use the Verizon dsl modem combo, Verizon can help you with certain issues. Anything outside of their support box, you can only get help from:

a) The Vender who made that device. For example Xbox OR your own RJ-45 WAN port router.

b) Verizon Premium Tech Support.

c) OR from other peers. For example on this website with message board.

--

If there an option five, I would believe it is getting another ISP.

If another DSL ISP, there be downtime. You need to research ahead of time, to see how long that downtime will be and if they provide at least dial-up access so when you are switching from Verizon DSL to DSL Extreme DSL (for example) you can still access the net..

^^^

Re: Westell G90 6100 firewall configuration
jltympanum
Enthusiast - Level 1

Thanks very much for staying with me on this one.  You've given me some great ideas and I really appreciate it.

0 Likes