Cisco RV042G Router Manual PDF (Setup & Configuration Guide)

Page 101 / 199 Scroll up to view Page 96 - 100

Firewall

Configuring the General Firewall Settings

Cisco Small Business RV0xx Series Routers Administration Guide

101

7

default

Port

setting, 80, or enter another port number (8080 is usually used

for this purpose).

NOTE:

When remote management is enabled, you can use a web browser

to access the configuration utility from anywhere on the Internet. In a web

browser, enter

http://<WAN IP address of the router>:port

, or enter

https://<WAN IP address of the router>:port

if you have enabled the

HTTPS feature.

•

HTTPS:

When enabled, this feature allows secured HTTP sessions. This

feature is enabled by default.

NOTE:

If you disable the HTTPS feature, then users cannot connect by

using QuickVPN.

•

Multicast Pass Through:

When enabled, this feature allows IP multicast

packets to be forwarded to the appropriate LAN devices. Multicast Pass

Through is used for Internet games, videoconferencing, and multimedia

applications. This option is disabled by default.

IMPORTANT:

This router does not support passing multicast traffic over an

IPSec tunnel. The multicast passthrough option determines whether the

router allows the multicast traffic originating from the Internet to pass

through the firewall to the LAN.

Restrict Web Features

•

Java:

Check the box if you want to block Java applets at the firewall. Java is

a common programming language for websites. If you deny Java applets,

you run the risk of losing access to Internet sites created with this

programming language. As a compromise, you can check this box to block

Java on untrusted or unknown sites, while allowing Java on trusted sites

(see

Don’t block Java/Java/ActiveX/Cookies/Proxy to Trusted Domains

below). By default, Java is not blocked.

•

Cookies:

Check this box if you want to block all cookies at the firewall. A

cookie is data that a web site stores on a user’s PC. If you block cookies, a

web site may not function as expected. As a compromise, you can check

this box to block cookies on untrusted or unknown sites, while allowing

them on trusted sites (see

Don’t block Java/Java/ActiveX/Cookies/Proxy

to Trusted Domains

below). By default, cookies are not blocked.

•

ActiveX:

Check the box if you want to block ActiveX controls at the firewall.

ActiveX is a programming language for websites. If you deny ActiveX, you

run the risk of losing access to Internet sites created using this

programming language. As a compromise, you can check this box to block

ActiveX on untrusted or unknown sites, while allowing ActiveX on trusted

Page 102 / 199

Firewall

Configuring the General Firewall Settings

Cisco Small Business RV0xx Series Routers Administration Guide

102

7

sites (see

Don’t block Java/Java/ActiveX/Cookies/Proxy to Trusted

Domains

below). By default, ActiveX is not blocked.

•

Access to HTTP Proxy Servers:

Check this box if you want to block

access to HTTP proxy servers. Use of WAN proxy servers may

compromise the router’s security. If you enable this feature, you block

access to proxy servers using port 80 or 8080. As a compromise, you can

check this box to block access to untrusted or unknown servers, while

allowing access to trusted servers (see

Don’t block Java/Java/ActiveX/

Cookies/Proxy to Trusted Domains

below). By default, access to HTTP

proxy servers is not blocked.

•

Don’t block Java/ActiveX/Cookies/Proxy to Trusted Domains:

If you

blocked any of the web features, you can check this box to allow these

features for the domains that you enter on the trusted list. (This area of the

page is available only if you checked one of the other boxes to disable a

web feature.) If you leave the box unchecked, then the selected web

features are blocked for all websites.

-

To add a domain to the trusted list:

Enter the domain that you want to

add to the trusted list. Then click

Add to list

.

-

To add another domain to the trusted list:

Enter the domain, and then

click

Add to list

.

-

To modify a domain in the trusted list:

Click the domain. The

information appears in the text field. Make changes, and then click

Update

.

-

To remove a domain from the trusted list:

Click the domain, and then

click

Delete

.

Page 103 / 199

Firewall

Configuring Firewall Access Rules

Cisco Small Business RV0xx Series Routers Administration Guide

103

7

Configuring Firewall Access Rules

The default access rules should be sufficient for most small businesses. However,

you can use the

Firewall > Access Rules

page to modify or add new access rules

for your network. Access rules determine which traffic is allowed to pass through

the router’s firewall. Optionally, you can set a schedule to activate or deactivate

each access rule for specified days and times.

To open this page:

Click

Firewall > Access Rules

in the navigation tree.

NOTE

Before navigating away from this page, click

Save

to save your settings, or click

Cancel

to undo them. Any unsaved changes are abandoned.

Refer to these topics:

•

About Access Rules, page103

•

Managing Access Rules, page 104

•

Configuring Access Rules, page 106

About Access Rules

The router has the following default rules:

•

All traffic from the LAN to the WAN is allowed.

•

All traffic from the WAN to the LAN is denied.

•

All traffic from the LAN to the DMZ is allowed.

•

All traffic from the DMZ to the LAN is denied.

Page 104 / 199

Firewall

Configuring Firewall Access Rules

Cisco Small Business RV0xx Series Routers Administration Guide

104

7

•

All traffic from the WAN to the DMZ is allowed.

•

All traffic from the DMZ to the WAN is allowed.

!

CAUTION

With the use of custom rules, it is possible to disable all firewall protection or block

all access to the Internet, so use extreme caution when creating or deleting access

rules.

There are four additional default rules that will be always active and cannot be

overridden by any custom rules:

•

HTTP service from the LAN to the router is always allowed.

•

DHCP service from the LAN is always allowed.

•

DNS service from the LAN is always allowed.

•

Ping service from the LAN to the router is always allowed.

Managing Access Rules

Except for the default rules, all configured access rules are listed in the Access

Rules table, and you can set the priority for each custom rule.

Click the

IPv4

tab to set rules for traffic with IPv4 addressing, or click the

IPv6

tab

to set rules for traffic with IPv6 addressing.

Note: The IPv6 tab is available only if you enabled Dual-Stack IP on the

Network >

Setup

page.

NOTE

As an alternative to this procedure, you can use the Access Rule Wizard. For more

information, see

Chapter 11, “Wizard.”

If you have numerous rules, you can adjust the display. Use the

Rows per page list

at the top right corner of the table to choose the number of rules to display on each

page. Use the

Page

list below the table to choose a particular page. Use the

navigation buttons to view the first page, previous page, next page, or final page.

Some buttons may be unavailable, depending on the number of pages and the

current selection.

•

Priority:

The priority of the access rule, with 1 indicating the highest

priority. To change the priority for a rule, select an option from the drop-

down list. If there is a conflict between two access rules, then the higher

Page 105 / 199

Firewall

Configuring Firewall Access Rules

Cisco Small Business RV0xx Series Routers Administration Guide

105

7

priority rule takes precedence. The default access rules have the lowest

priority.

When an access rule is created, the router automatically assigns a priority;

however, you can change the priority after the rule is created.

•

Enable:

To enable a rule, check the

Enable

box. To disable a rule, uncheck

the box. You cannot change the default rules.

Additional information appears that cannot be changed on this page:

•

Action:

The action that the rule performs, to Allow or Deny access

•

Service:

The service that is affected by this rule

•

Source Interface:

The source interface that is affected by this rule

•

Source:

The IP address for the source of the traffic, or Any

•

Destination:

The IP address for the destination of the traffic, or Any

•

Time:

A specific time interval when the access rule is active, or Always

•

Day:

Specific days when the access rule is active, or Always

Add or edit rules as needed.

•

To add a rule:

Click

Add New Rule

. Enter the settings, as described in

Configuring Access Rules, page 106

.

•

To modify a custom rule:

Click the

Edit

icon. Enter the settings, as

described in

Configuring Access Rules, page106

.

•

To delete an access rule:

Click the

Delete

icon. When the confirmation

message appears, click

OK

to continue, or click

Cancel

to close the

message without deleting the rule.

•

To delete all custom rules:

Click

Restore to Default Rules

.

Rate

Popular Cisco Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share