Cisco RV-120W Router Manual PDF (Setup & Configuration Guide)

Page 91 / 163 Scroll up to view Page 86 - 90

Configuring the Firewall

Configuring Advanced Firewall Settings

Cisco RV120W Administration Guide

82

4

To enable MAC address filtering:

STEP 1

Choose

Firewall

> Advanced Settings > MAC Filtering.

STEP

2

Check the Enable box to enable MAC Address Filtering for this device. Uncheck

the box to disable this feature.

If you enable MAC filtering, in the Policy for MAC Address listed below field,

choose one of the following options:

•

Block and Allow the Rest—Choose this option to block the traffic from the

specified MAC addresses and to allow traffic from all other addresses.

•

Allow and Block the Rest—Choose this option to allow the traffic from the

specified MAC addresses and to block traffic from all other machines on

the LAN side of the router.

For example, two computers are on the LAN with MAC addresses of

00:01:02:03:04:05 (host1), and 00:01:02:03:04:11 (host2). If the host1 MAC address

is added to the MAC filtering list and the “block and allow the rest” policy is

chosen, when this computer tries to connect to a website, the router will not allow

it to connect. However, host2 is able to connect because its MAC address is not in

the list. If the policy is “allow and block the rest,” then host1 is able to connect to a

website, but host2 is blocked because its URL is not in the list. The MAC filtering

policy does not override a firewall rule that directs incoming traffic to a host.

STEP

3

In the MAC Addresses table, click Add.

STEP

4

Enter the MAC address and description to add to the table and click Save. Repeat

for each address to allow or block.

STEP

5

Click Save.

Configuring IP/MAC Address Binding

IP/MAC Binding allows you to bind IP addresses to MAC address. Some machines

are configured with static addresses. To prevent users from changing static IP

addresses, IP/MAC Binding should be enabled. If the Cisco RV120W sees packets

with matching IP address but inconsistent MAC addresses, it drops those packets.

Page 92 / 163

Configuring the Firewall

Configuring Advanced Firewall Settings

Cisco RV120W Administration Guide

83

4

To configure IP/MAC Address binding:

STEP 1

Choose

Firewall

> Advanced Settings > IP/MAC Binding. The table lists all the

currently defined IP/MAC binding rules and allows several operations on the rules.

STEP

2

Click Add to add a new rule.

STEP

3

In the name field, enter the name for this rule.

STEP

4

In the MAC Addresses field, enter the MAC Addresses (the physical address of

the piece of hardware) for this rule.

STEP

5

In the IP Addresses field, enter the IP Addresses to assign to the piece of

hardware.

STEP

6

Click Save.

Creating Custom Services

When you create a firewall rule, you can specify a service that is controlled by the

rule. Common types of services are available for selection, and you can create

your own custom services. This page allows creation of custom services against

which firewall rules can be defined. Once defined, the new service will appear in

the List of Available Custom Services table.

To create a custom service:

STEP 1

Choose

Firewall

> Advanced Settings > Custom Services.

STEP

2

Click Add.

STEP

3

Enter a service name for identification and management purposes.

STEP

4

Enter the service type, or layer 4 protocol that the service uses (TCP, UDP, ICMP,

ICMPv6, or other).

If you chose ICMP or ICMPv6 as the service type, enter the ICMP type. This is a

numeric value from 0 through 40 for ICMP and from 0 through 255 for ICMPv6.

STEP

5

If you chose TCP or UDP, in the Start Port field, enter the first TCP or UDP port of

the range that the service uses. In the Finish Port field, enter the last TCP or UDP

port of the range that the service uses.

Page 93 / 163

Configuring the Firewall

Configuring Advanced Firewall Settings

Cisco RV120W Administration Guide

84

4

If you chose Other, enter the number of the protocol in the Protocol Number field.

(For example, if you are using RDP, enter 27 in the protocol number field.)

STEP

6

Click Save.

Creating Firewall Schedules

You can create firewall schedules to apply firewall rules on specific days or at

specific times of the day.

To create a schedule:

STEP 1

Choose

Firewall

> Advanced Settings > Schedules.

STEP

2

Click Add.

STEP

3

Enter a unique name to identify the schedule. This name is then available when you

create access or port forwarding rules.

STEP

4

Under Time, check All Day if you want the schedule to apply to the entire day.

Leave the box unchecked if you want it to only apply to certain hours of the day,

and enter the specific start and end times, selecting a.m. or p.m.

STEP

5

Under Repeat, check Everyday to apply the schedule to all the days of the week.

Leave the box unchecked if you want it to only apply to certain days, and check

the boxes next to the days you want to include in the schedule.

STEP

6

Click Save.

Configuring Sessions

You can limit the maximum number of unidentified sessions and half-open

sessions on the Cisco RV120W. You can also introduce timeouts for TCP and UDP

sessions to ensure Internet traffic is not deviating from expectations in your private

network.

Page 94 / 163

Configuring the Firewall

Configuring Advanced Firewall Settings

Cisco RV120W Administration Guide

85

4

To configure session settings:

STEP 1

Choose

Firewall

> Advanced Settings > Session Settings.

STEP

2

In the Maximum Unidentified Sessions field, enter the maximum number of

unidentified sessions for the ALG identification process. This value can range from

2 through 128. The default is 32 sessions.

STEP

3

In the Maximum Half Open Sessions field, enter the maximum number of half-open

sessions. A half-open session is the session state between receipt of a SYN

packet and the SYN/ACK packet. Under normal circumstances, a session is

allowed to remain in the half-open state for 10 seconds. The maximum value

ranges from 0 through 3,000. The default is 128 sessions.

STEP

4

In the TCP Session Timeout Duration field, enter the time, in seconds, after which

inactive TCP sessions are removed from the session table. Most TCP sessions

terminate normally when the RST or FIN flags are detected. This value ranges from

0 through 4,294,967 seconds. The default is 1,800 seconds (30 minutes).

STEP

5

In the UDP Session Timeout Duration field, enter the time, in seconds, after which

inactive UDP sessions are removed from the session table. This value ranges from

0 through 4,294,967 seconds. The default is 120 seconds (2 minutes).

STEP

6

In the Other Session Timeout Duration (seconds) field, enter the time, in seconds,

after which inactive non-TCP/UDP sessions are removed from the session table.

This value ranges from 0 through 4,294,967 seconds. The default is 60 seconds.

STEP

7

In the TCP Session Cleanup Latency (seconds) field, enter the maximum time for a

session to remain in the session table after detecting both FIN flags. This value

ranges from 0 through 4,294,967 seconds. The default is 10 seconds.

STEP

8

Click Save.

Configuring Internet Group Management Protocol (IGMP)

Internet Group Management Protocol (IGMP) is an exchange protocol for routers.

Hosts that want to receive multicast messages need to inform their neighboring

routers of their status. In some networks, each node in a network becomes a

member of a multicast group and receives multicast packets. In these situations,

hosts exchange information with their local routers using IGMP. Routers use IGMP

periodically to check if the known group members are active. IGMP provides a

method called dynamic membership by which a host can join or leave a multicast

group at any time.

Page 95 / 163

Configuring the Firewall

Configuring Advanced Firewall Settings

Cisco RV120W Administration Guide

86

4

To configure IGMP:

STEP 1

Choose

Firewall

> Advanced Settings > IGMP Configuration.

STEP

2

Check the Enable box to allow IGMP communication between the router and other

nodes in the network.

STEP

3

Choose the Upstream Interface (WAN or LAN). Select the interface (LAN or WAN)

on which the IGMP proxy acts as a normal multicast client.

STEP

4

Click Save.

The Allowed Networks table lists all the allowed networks configured for the

device and allows several operations on the allowed networks:

•

Network Address—The network address from which the multicast packets

originate.

•

Mask Length— Mask Length for the network address.

In this table you can perform the following actions:

•

Check Box—Select all the allowed networks in the table.

•

Delete—Deletes the selected allowed network or allowed networks.

•

Add—Opens the Allowed Network Configuration page to add a new

network.

•

Edit—Opens the Allowed Network Configuration page to edit the selected

network.

NOTE

By default the device will forward multicast packets which are originating from its

immediate WAN network.

Configuring LAN (Local Network) Groups

You can create LAN groups, which are groups of endpoints that are identified by

their IP address. After creating a group, you can then configure actions, such as

blocked keywords in a firewall rule, that apply to the group. (See

Configuring URL

Blocking, page 74

.)

Rate

Popular Cisco Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share