Cisco RV-120W Router Manual PDF (Setup & Configuration Guide)

Page 76 / 163 Scroll up to view Page 71 - 75

Configuring the Firewall

Configuring Access Rules

Cisco RV120W Administration Guide

67

4

Configuring Access Rules

Configure access rules to control traffic to and from your network. To configure

access rules, choose Firewall > Access Rules. All configured firewall rules on the

Cisco RV120W are displayed in the Access Rule Table.

Configuring the Default Outbound Policy

You can configure the default outbound policy for the traffic that is directed from

your secure network (LAN) to the Internet. The default

inbound

policy for traffic

flowing from the Internet to your LAN is always blocked and cannot be changed.

The

default outbound policy

applies to traffic that is not covered by the specific

firewall rules that you have configured. For example, you may have specific

firewall rules restricting outbound instant messaging and video traffic, but all other

traffic would be permitted if you choose allow as the default outbound policy.

To configure the default outbound policy:

STEP 1

Choose

Firewall

> Access Rules.

STEP

2

Under Default Outbound Policy, choose Allow or Block. Allow permits traffic from

your LAN to the Internet. Block does not permit traffic from your LAN to the

Internet.

STEP

3

Click Save.

Creating an Access Rule

Access rules specify the type of traffic that is allowed into and out of your

network. To create access rules:

STEP 1

Choose

Firewall

> Access Rules.

STEP

2

Click Add Rule.

STEP

3

Under Connection Type, choose the destination of traffic covered by this rule:

•

Inbound—Traffic from the Internet (WAN) to your network (LAN)

•

Outbound—Traffic from your network (LAN) to the Internet (WAN)

Page 77 / 163

Configuring the Firewall

Configuring Access Rules

Cisco RV120W Administration Guide

68

4

STEP

4

Choose the action:

•

Always Block—Always block the selected type of traffic.

•

Always Allow—Never block the selected type of traffic.

•

Block by schedule, otherwise allow—Blocks the selected type of traffic

according to a schedule. Choose the schedule from the drop-down list. See

Creating Firewall Schedules, page 84

.

•

Allow by schedule, otherwise block—Allows the selected type of traffic

according to a schedule. Choose the schedule from the drop-down list. See

Creating Firewall Schedules, page 84

.

STEP

5

Choose the service to allow or block for this rule. Choose Any Traffic to allow the

rule to apply to all applications and services, or you can choose a single

application to block:

•

AIM (AOL Instant Messenger)

•

BGP (Border Gateway Control)

•

BOOTP_CLIENT (Bootstrap Protocol client)

•

BOOTP_SERVER (Bootstrap Protocol server)

•

CU-SEEME (videoconferencing) UDP or TCP

•

DNS (Domain Name System), UDP or TCP

•

FINGER

•

FTP (File Transfer Protocol)

•

HTTP (Hyptertext Transfer Protocol)

•

HTTPS (Secure Hypertext Transfer Protocol)

•

ICMP (Internet Control Message Protocol) type 3 through 11 or 13

•

ICQ (chat)

•

IMAP (Internet Message Access Protocol) 2 or 3

•

IRC (Internet Relay Chat)

•

NEWS

•

NFS (Network File System)

•

NNTP (Network News Transfer Protocol)

Page 78 / 163

Configuring the Firewall

Configuring Access Rules

Cisco RV120W Administration Guide

69

4

•

PING

•

POP3 (Post Office Protocol)

•

PPTP (Point-to-Point Tunneling Protocol)

•

RCMD (command)

•

REAL-AUDIO

•

REXEC (Remote execution command)

•

RLOGIN (Remote login)

•

RTELNET (Remote telnet)

•

RTSP (Real-Time Streaming Protocol) TCP or UDP

•

SFTP (Secure Shell File Transfer Protocol)

•

SMTP (Simple Mail Transfer Protocol)

•

SNMP (Simple Network Management Protocol) TCP or UDP

•

SNMP-TRAPS (TCP or UDP)

•

SQL-NET (Structured Query Language)

•

SSH (TCP or UDP)

•

STRMWORKS

•

TACACS (Terminal Access Controller Access-Control System)

•

TELNET (command)

•

TFTP (Trivial File Transfer Protocol)

•

RIP (Routing Information Protocol)

•

IKE

•

SHTTPD (Simple HTTPD web server)

•

IPSEC-UDP-ENCAP (UDP Encapsulation of IPsec packets)

•

IDENT protocol

•

VDOLIVE (live web video delivery)

•

SSH (secure shell)

•

SIP-TCP or SIP-UDP

Page 79 / 163

Configuring the Firewall

Configuring Access Rules

Cisco RV120W Administration Guide

70

4

STEP

6

In the Source IP field, configure the IP address to which the firewall rule applies:

•

Any—The rule applies to traffic originating from any IP address in the local

network.

•

Single Address—The rule applies to traffic originating from a single IP

address in the local network. Enter the address in the Start field.

•

Address Range—The rule applies to traffic originating from an IP address

located in a range of addresses. Enter the starting IP address in the Start

field, and the ending IP address in the Finish field.

STEP

7

If you are configuring an inbound firewall access rule:

a.

Destination Network Address Translation (DNAT) maps a public IP address

(your dedicated WAN address) to an IP address on your private network. In the

Send to Local Server (DNAT IP) field, specify an IP address of a machine on the

Local Network which is hosting the server.

b.

The router supports multi-NAT, so your Internet Destination IP address does not

have to be the address of your WAN. On a single WAN interface, multiple public

IP addresses are supported. If your ISP assigns you more than one public IP

address, one of these can be used as your primary IP address on the WAN

port, and the others can be assigned to servers on the LAN.

In this way, the

LAN can be accessed from the internet by its aliased public IP address. Check

the Enable box and enter the IP address you want to use.

c.

Under Rule Status, choose Enabled or Disabled. You may want to configure a

rule and choose Disabled if you want to enable it at a later time.

If you are configuring an outbound firewall access rule:

a.

In the Destination IP field, configure the IP address to which the firewall rule

applies:

•

Any—The rule applies to traffic going to any IP address.

•

Single Address—The rule applies to traffic going to a single IP address.

Enter the address in the Start field.

•

Address Range—The rule applies to traffic going to an IP address located

in a range of addresses. Enter the starting IP address in the Start field, and

the ending IP address in the Finish field.

b.

You can configure Secure Network Address Translation (SNAT) to map a public

IP address (your Dedicated WAN address, Optional WAN address, or another

address) to an IP address on your private network. Under Use This SNAT IP

Address, check Enable and enter the SNAT IP Address.

Page 80 / 163

Configuring the Firewall

Configuring Attack Prevention

Cisco RV120W Administration Guide

71

4

c.

Under Rule Status, choose Enabled or Disabled. You may want to configure a

rule and choose Disabled if you want to enable it at a later time.

Configuring Attack Prevention

Attacks are malicious security breaches or unintentional network issues that

render the Cisco RV120W unusable. Attack prevention allows you to manage WAN

security threats such as continual ping requests and discovery via ARP scans.

TCP and UDP flood attack prevention can be enabled to manage extreme usage

of WAN resources.

As well, certain Denial-of-Service (DoS) attacks can be blocked. These attacks, if

uninhibited, can use up processing power and bandwidth and prevent regular

network services from running normally. ICMP packet flooding, SYN traffic

flooding, and Echo storm thresholds can be configured to temporarily suspend

traffic from the offending source.

To configure attack prevention:

STEP 1

Choose

Firewall

> Attack Prevention.

STEP

2

Check the boxes to enable the following functions:

WAN (Internet) Security Checks

•

Respond to Ping on WAN (Internet)—To configure the Cisco RV120W to

allow a response to an Internet Control Message Protocol (ICMP) Echo

(ping) request on the WAN interface, check this box. This setting is used as

a diagnostic tool for connectivity problems. Not enabled by default.

•

Stealth Mode—If Stealth Mode is enabled, the router will not respond to

port scans from the WAN. This feature makes the network less susceptible

to discovery and attacks. Enabled by default.

•

Flood— If this option is enabled, the router will drop all invalid TCP packets.

This feature protects the network from a SYN flood attack. Enabled by

default.

Rate

Popular Cisco Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share