1. Home
    2. /
  2. Manuals
    3. /
  3. Cisco
    4. /
  4. RV-120W
    5. /
  5. 17
Page 81 / 163 Scroll up to view Page 76 - 80
Configuring the Firewall
Configuring Content Filtering
Cisco RV120W Administration Guide
72
4
LAN (Local Network) Security Checks
Block UDP Flood—If this option is enabled, the router will not accept more
than 25 simultaneous, active UDP connections from a single computer on
the LAN. Enabled by default.
ICSA (International Computer Security Association) Settings
Block Anonymous ICMP Messages—ICSA requires the firewall to silently
block without sending an ICMP notification to the sender. Some protocols,
such as MTU Path Discovery, require ICMP notifications. Enable this setting
to operate in “stealth” mode. Enabled by default.
Block Fragmented Packets—ICSA requires the firewall to block fragmented
packets from ANY to ANY. Enabled by default.
Block Multicast Packets—ICSA requires the firewall to block multicast
packets. Enabled by default.
STEP
3
Click Save.
Configuring Content Filtering
The Cisco RV120W supports several content filtering options. You can block
certain web applications or components (such as ActiveX or Java). You can set up
trusted domains from which to always allow content. You can block access to
Internet sites by specifying keywords to block. If these keywords are found in the
site's name (for example, web site URL or newsgroup name), the site is blocked.
You also need to turn on content filtering to set up trusted domains.
Enabling Content Filtering
To enable content filtering:
STEP 1
Choose Firewall > Content Filtering.
STEP
2
Check the Enable box.
STEP
3
Click Save.
Page 82 / 163
Configuring the Firewall
Configuring Content Filtering
Cisco RV120W Administration Guide
73
4
Blocking Web Components
Certain commonly-used web components can be blocked for increased security.
Some of these components can be used by malicious websites to infect
computers that access them.
STEP 1
Choose
Firewall
> Content Filtering.
STEP
2
With content filtering enabled, under Web Components, select the check box for
each component you wish to block:
Proxy—A proxy server (or simply, proxy) allows computers to route
connections to other computers through the proxy, thus circumventing
certain firewall rules. For example, if connections to a specific IP address
are blocked by a firewall rule, the requests can be routed through a proxy
that is not blocked by the rule, rendering the restriction ineffective. Enabling
this feature blocks proxy servers.
Java—Blocks java applets from being downloaded from pages that contain
them. Java applets are small programs embedded in web pages that
enable dynamic functionality of the page. A malicious applet can be used to
compromise or infect computers. Enabling this setting blocks Java applets
from being downloaded.
ActiveX—Similar to Java applets, ActiveX controls are installed on a
Windows computer while running Internet Explorer. A malicious ActiveX
control can be used to compromise or infect computers. Enabling this
setting blocks ActiveX applets from being downloaded.
Cookies—Cookies are used to store session information by websites that
usually require login. However, several websites use cookies to store
tracking information and browsing habits. Enabling this option filters out
cookies from being created by a website.
NOTE
Many websites require that cookies be accepted in order for the site to be
accessed properly. Blocking cookies can cause many websites to not function
properly.
STEP
3
Click Save.
Page 83 / 163
Configuring the Firewall
Configuring URL Blocking
Cisco RV120W Administration Guide
74
4
Adding Trusted Domains
You can add a list of trusted domains. These domains are bypassed during
keyword filtering. For example, if “yahoo” is added to the blocked keywords list
and www.yahoo.com is added to the trusted domain list, then www.yahoo.com
will be allowed, but mail.yahoo.com will not be allowed.
NOTE
Before adding trusted domains, you must enable content filtering. See
Enabling
Content Filtering, page 72
.
To add trusted domains:
STEP 1
Choose
Firewall
> Content Filtering. The Trusted Domain Table displays a list of
currently configured trusted domains.
STEP
2
Click Add and enter the name of the trusted domain.
STEP
3
Click Save.
Configuring URL Blocking
You can block access to websites that contain specific keywords in the URL or
page contents. To configure URL blocking:
STEP 1
Choose
Firewall
>
URL Blocking
. The table displays currently blocked keywords.
STEP
2
Click Add Row.
STEP
3
Under Status, check the box to enable blocking for the new keyword.
STEP
4
Select the group to which to apply the keyword blocking. If you need to configure
a new group, click Configure LAN Groups. (See
Configuring LAN (Local
Network) Groups, page 86
.)
STEP
5
Enter the keyword to block.
STEP
6
Click Save.
Page 84 / 163
Configuring the Firewall
Configuring Port Triggering
Cisco RV120W Administration Guide
75
4
Configuring Port Triggering
Port triggering allows devices on the LAN to request one or more ports to be
forwarded to them. Port triggering waits for an outbound request from the LAN on
one of the defined outgoing ports, and then opens an incoming port for that
specified type of traffic. Port triggering is a form of dynamic port forwarding while
an application is transmitting data over the opened outgoing or incoming ports.
Port triggering opens an incoming port for a specific type of traffic on a defined
outgoing port.
Port triggering is more flexible than static port forwarding (available when
configuring firewall rules) because a rule does not have to reference a specific
LAN IP or IP range. Ports are also not left open when not in use, thereby providing
a level of security that port forwarding does not offer.
NOTE
Port triggering is not appropriate for servers on the LAN, since there is a
dependency on the LAN device making an outgoing connection before incoming
ports are opened.
Some applications require that, when external devices connect to them, they
receive data on a specific port or range of ports in order to function properly. The
router must send all incoming data for that application only on the required port or
range of ports. The gateway has a list of common applications and games with
corresponding outbound and inbound ports to open. You can also specify a port
triggering rule by defining the type of traffic (TCP or UDP) and the range of
incoming and outgoing ports to open when enabled.
To add a port triggering rule:
STEP 1
Choose
Firewall
> Port Triggering.
STEP
2
Click Add.
STEP
3
Specify an easily-identifiable name for this rule.
STEP
4
Check the Enable box to enable the rule.
STEP
5
Select whether the port uses TCP, UDP, or both protocols.
STEP
6
In the Outgoing (Trigger) Port Range section, specify the port number or range of
port numbers that will trigger this rule when a connection request from outgoing
Page 85 / 163
Configuring the Firewall
Configuring Port Forwarding
Cisco RV120W Administration Guide
76
4
traffic is made. If the outgoing connection uses only one port, then specify the
same port number in the Start Port and End Port fields.
STEP
7
In the Incoming (Response) Port Range section, specify the port number or range
of port numbers used by the remote system to respond to the request it receives.
If the incoming connection uses only one port, then specify the same port number
in the Start Port and End Port fields.
STEP
8
Click Save.
Configuring Port Forwarding
Port forwarding is used to redirect traffic from the Internet from one port on the
WAN to another port on the LAN. The port forwarding rules menu allows selection
of a service. Common services are available or you can define a custom service
and associated ports to forward.
The Port Forwarding Rule Table lists all the available port forwarding rules for this
device and allows you to configure port forwarding rules. The table contains the
following information:
Action—Whether to block or allow traffic (always or by schedule) that
meets these filter rules, and when the rule is applicable.
Service—Service for which this port forwarding rule is applicable.
Status—A port forwarding rule can be disabled if not in use and enabled
when needed. The port forwarding rule is disabled if the status is disabled
and it is enabled if the status is enabled. Disabling a port forwarding rule
does not delete the configuration.
Source IP—The source IP address for traffic from which traffic is forwarded
(Any, Single Address or Address Range).
Destination IP—The IP address of the server to which traffic is forwarded.
Forward From Port—From which port traffic will be forwarded.
Forward To Port—To which port traffic will be forwarded.

Rate

4 / 5 based on 1 vote.

Popular Cisco Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top