Page 101 / 199 Scroll up to view Page 96 - 100
Firewall
Configuring the General Firewall Settings
Cisco Small Business RV0xx Series Routers Administration Guide
101
7
default
Port
setting, 80, or enter another port number (8080 is usually used
for this purpose).
NOTE:
When remote management is enabled, you can use a web browser
to access the configuration utility from anywhere on the Internet. In a web
browser, enter
http://<WAN IP address of the router>:port
, or enter
https://<WAN IP address of the router>:port
if you have enabled the
HTTPS feature.
HTTPS:
When enabled, this feature allows secured HTTP sessions. This
feature is enabled by default.
NOTE:
If you disable the HTTPS feature, then users cannot connect by
using QuickVPN.
Multicast Pass Through:
When enabled, this feature allows IP multicast
packets to be forwarded to the appropriate LAN devices. Multicast Pass
Through is used for Internet games, videoconferencing, and multimedia
applications. This option is disabled by default.
IMPORTANT:
This router does not support passing multicast traffic over an
IPSec tunnel. The multicast passthrough option determines whether the
router allows the multicast traffic originating from the Internet to pass
through the firewall to the LAN.
Restrict Web Features
Java:
Check the box if you want to block Java applets at the firewall. Java is
a common programming language for websites. If you deny Java applets,
you run the risk of losing access to Internet sites created with this
programming language. As a compromise, you can check this box to block
Java on untrusted or unknown sites, while allowing Java on trusted sites
(see
Don’t block Java/Java/ActiveX/Cookies/Proxy to Trusted Domains
below). By default, Java is not blocked.
Cookies:
Check this box if you want to block all cookies at the firewall. A
cookie is data that a web site stores on a user’s PC. If you block cookies, a
web site may not function as expected. As a compromise, you can check
this box to block cookies on untrusted or unknown sites, while allowing
them on trusted sites (see
Don’t block Java/Java/ActiveX/Cookies/Proxy
to Trusted Domains
below). By default, cookies are not blocked.
ActiveX:
Check the box if you want to block ActiveX controls at the firewall.
ActiveX is a programming language for websites. If you deny ActiveX, you
run the risk of losing access to Internet sites created using this
programming language. As a compromise, you can check this box to block
ActiveX on untrusted or unknown sites, while allowing ActiveX on trusted
Page 102 / 199
Firewall
Configuring the General Firewall Settings
Cisco Small Business RV0xx Series Routers Administration Guide
102
7
sites (see
Don’t block Java/Java/ActiveX/Cookies/Proxy to Trusted
Domains
below). By default, ActiveX is not blocked.
Access to HTTP Proxy Servers:
Check this box if you want to block
access to HTTP proxy servers. Use of WAN proxy servers may
compromise the router’s security. If you enable this feature, you block
access to proxy servers using port 80 or 8080. As a compromise, you can
check this box to block access to untrusted or unknown servers, while
allowing access to trusted servers (see
Don’t block Java/Java/ActiveX/
Cookies/Proxy to Trusted Domains
below). By default, access to HTTP
proxy servers is not blocked.
Don’t block Java/ActiveX/Cookies/Proxy to Trusted Domains:
If you
blocked any of the web features, you can check this box to allow these
features for the domains that you enter on the trusted list. (This area of the
page is available only if you checked one of the other boxes to disable a
web feature.) If you leave the box unchecked, then the selected web
features are blocked for all websites.
-
To add a domain to the trusted list:
Enter the domain that you want to
add to the trusted list. Then click
Add to list
.
-
To add another domain to the trusted list:
Enter the domain, and then
click
Add to list
.
-
To modify a domain in the trusted list:
Click the domain. The
information appears in the text field. Make changes, and then click
Update
.
-
To remove a domain from the trusted list:
Click the domain, and then
click
Delete
.
Page 103 / 199
Firewall
Configuring Firewall Access Rules
Cisco Small Business RV0xx Series Routers Administration Guide
103
7
Configuring Firewall Access Rules
The default access rules should be sufficient for most small businesses. However,
you can use the
Firewall > Access Rules
page to modify or add new access rules
for your network. Access rules determine which traffic is allowed to pass through
the router’s firewall. Optionally, you can set a schedule to activate or deactivate
each access rule for specified days and times.
To open this page:
Click
Firewall > Access Rules
in the navigation tree.
NOTE
Before navigating away from this page, click
Save
to save your settings, or click
Cancel
to undo them. Any unsaved changes are abandoned.
Refer to these topics:
About Access Rules, page103
Managing Access Rules, page 104
Configuring Access Rules, page 106
About Access Rules
The router has the following default rules:
All traffic from the LAN to the WAN is allowed.
All traffic from the WAN to the LAN is denied.
All traffic from the LAN to the DMZ is allowed.
All traffic from the DMZ to the LAN is denied.
Page 104 / 199
Firewall
Configuring Firewall Access Rules
Cisco Small Business RV0xx Series Routers Administration Guide
104
7
All traffic from the WAN to the DMZ is allowed.
All traffic from the DMZ to the WAN is allowed.
!
CAUTION
With the use of custom rules, it is possible to disable all firewall protection or block
all access to the Internet, so use extreme caution when creating or deleting access
rules.
There are four additional default rules that will be always active and cannot be
overridden by any custom rules:
HTTP service from the LAN to the router is always allowed.
DHCP service from the LAN is always allowed.
DNS service from the LAN is always allowed.
Ping service from the LAN to the router is always allowed.
Managing Access Rules
Except for the default rules, all configured access rules are listed in the Access
Rules table, and you can set the priority for each custom rule.
Click the
IPv4
tab to set rules for traffic with IPv4 addressing, or click the
IPv6
tab
to set rules for traffic with IPv6 addressing.
Note: The IPv6 tab is available only if you enabled Dual-Stack IP on the
Network >
Setup
page.
NOTE
As an alternative to this procedure, you can use the Access Rule Wizard. For more
information, see
Chapter 11, “Wizard.”
If you have numerous rules, you can adjust the display. Use the
Rows per page list
at the top right corner of the table to choose the number of rules to display on each
page. Use the
Page
list below the table to choose a particular page. Use the
navigation buttons to view the first page, previous page, next page, or final page.
Some buttons may be unavailable, depending on the number of pages and the
current selection.
Priority:
The priority of the access rule, with 1 indicating the highest
priority. To change the priority for a rule, select an option from the drop-
down list. If there is a conflict between two access rules, then the higher
Page 105 / 199
Firewall
Configuring Firewall Access Rules
Cisco Small Business RV0xx Series Routers Administration Guide
105
7
priority rule takes precedence. The default access rules have the lowest
priority.
When an access rule is created, the router automatically assigns a priority;
however, you can change the priority after the rule is created.
Enable:
To enable a rule, check the
Enable
box. To disable a rule, uncheck
the box. You cannot change the default rules.
Additional information appears that cannot be changed on this page:
Action:
The action that the rule performs, to Allow or Deny access
Service:
The service that is affected by this rule
Source Interface:
The source interface that is affected by this rule
Source:
The IP address for the source of the traffic, or Any
Destination:
The IP address for the destination of the traffic, or Any
Time:
A specific time interval when the access rule is active, or Always
Day:
Specific days when the access rule is active, or Always
Add or edit rules as needed.
To add a rule:
Click
Add New Rule
. Enter the settings, as described in
Configuring Access Rules, page 106
.
To modify a custom rule:
Click the
Edit
icon. Enter the settings, as
described in
Configuring Access Rules, page106
.
To delete an access rule:
Click the
Delete
icon. When the confirmation
message appears, click
OK
to continue, or click
Cancel
to close the
message without deleting the rule.
To delete all custom rules:
Click
Restore to Default Rules
.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top