1. Home
    2. /
  2. Manuals
    3. /
  3. Cisco
    4. /
  4. RV130
    5. /
  5. 19
Page 91 / 141 Scroll up to view Page 86 - 90
Configuring the Firewall
Configuring Services Management
Cisco RV130/130W Wireless Multifunction VPN Router Administration Guide
88
5
Configuring Services Management
When you create a firewall rule, you can specify a service that is controlled by the
rule. Common types of services are available for selection, and you can create
your own custom services.
The
Services Management
page allows you to create custom services against
which firewall rules can be defined. Once defined, the new service appears in the
List of
Available Custom Services
table.
To create a custom service:
STEP 1
Choose
Firewall
>
Service Management
.
STEP
2
Click
Add Row
.
STEP
3
In the
Service
Name
field, enter the service name for identification and
management purposes.
STEP
4
In the
Protocol
field, choose the Layer 4 protocol that the service uses from the
drop-down menu:
TCP
UDP
TCP & UDP
ICMP
STEP
5
In the
Start Port
field, enter the first TCP or UDP port of the range that the service
uses.
STEP
6
In the
End Port
field, enter the last TCP or UDP port of the range that the service
uses.
STEP
7
Click
Save
.
To edit an entry, select the entry and click
Edit
. Make your changes, then click
Save
.
Page 92 / 141
Configuring the Firewall
Configuring Access Rules
Cisco RV130/130W Wireless Multifunction VPN Router Administration Guide
89
5
Configuring Access Rules
Configuring the Default Outbound Policy
The
Access Rules
page allows you to configure the default outbound policy for
the traffic that is directed from the secure network (LAN) to the non-secure
network (dedicated WAN/optional).
The default inbound policy for traffic flowing from the non-secure zone to the
secure zone is always blocked and cannot be changed.
NOTE
Internet access policies override access rules, when both are configured on the
device.
To configure the default outbound policy:
STEP 1
Choose
Firewall
>
Access Rules
.
STEP
2
Choose
Allow
or
Deny
.
Note
: Ensure that IPv6 support is enabled on the device to configure an IPv6
firewall. See
Configuring IPv6
.
STEP
3
Click
Save
.
Reordering Access Rules
The order in which access rules are displayed in the access rules table indicates
the order in which the rules are applied. You may want to reorder the table to have
certain rules applied before other rules. For example, you may want to apply a rule
allowing certain types of traffic before blocking other types of traffic.
To reorder access rules:
STEP 1
Choose
Firewall
>
Access Rules
.
STEP
2
Click
Reorder
.
STEP
3
Check the box in the row of the rule that you want to move up or down and click
the up or down arrow to move the rule up or down one line, or select the desired
position of the rule in the drop-down list and click
Move to
.
STEP
4
Click
Save
.
Page 93 / 141
Configuring the Firewall
Configuring Access Rules
Cisco RV130/130W Wireless Multifunction VPN Router Administration Guide
90
5
Adding Access Rules
All configured firewall rules on the device are displayed in the
Access Rules
Table
. This list also indicates whether the rule is enabled (active) and gives a
summary of the From/To zone as well as the services and users the rule affects.
To create an access rule:
STEP 1
Choose
Firewall
>
Access Rules
.
STEP
2
Click
Add Row
.
STEP
3
In the
Connection Type
field, choose the source of originating traffic:
Outbound (LAN > WAN)
—Choose this option to create an outbound rule.
Inbound (WAN > LAN)
—Choose this option to create an inbound rule.
Inbound (WAN > DMZ)
—Choose this option to create an inbound rule.
STEP
4
From the
Action
drop-down menu, choose the action:
Always Block
—Always block the selected type of traffic.
Always Allow
—Never block the selected type of traffic.
Block by schedule
—Blocks the selected type of traffic according to a
schedule.
Allow by schedule
—Allows the selected type of traffic according to a
schedule.
STEP
5
From the
Services
drop-down menu, choose the service to allow or block for this
rule. Choose
All Traffic
to allow the rule to apply to all applications and services,
or choose a single application to block:
Domain Name System (DNS), UDP or TCP
File Transfer Protocol (FTP)
Hyptertext Transfer Protocol (HTTP)
Secure Hypertext Transfer Protocol (HTTPS)
Trivial File Transfer Protocol (TFTP)
Internet Message Access Protocol (IMAP)
Network News Transport Protocol (NNTP)
Page 94 / 141
Configuring the Firewall
Configuring Access Rules
Cisco RV130/130W Wireless Multifunction VPN Router Administration Guide
91
5
Post Office Protocol (POP3)
Simple Network Management Protocol (SNMP)
Simple Mail Transfer Protocol (SMTP)
Telnet
STRMWORKS
Terminal Access Controller Access-Control System (TACACS)
Telnet (command)
Telnet Secondary
Telnet SSL
Voice (SIP)
STEP
6
In the
Source IP
field, select the users to which the firewall rule applies:
Any
—The rule applies to traffic originating on any host in the local network.
Single Address
—The rule applies to traffic originating on a single IP address
in the local network. Enter the address in the
Start
field.
Address Range
—The rule applies to traffic originating from an IP address
located in a range of addresses. Enter the starting IP address in the
Start
field, and the ending IP address in the
Finish
field.
STEP
7
In the
Log
field, specify whether the packets for this rule should be logged.
To log details for all packets that match this rule, choose
Always
from the drop-
down menu. For example, if an outbound rule for a schedule is selected as
Block
Always
, for every packet that tries to make an outbound connection for that
service, a message with the packet's source address and destination address
(and other information) is recorded in the log.
Enabling logging may generate a significant volume of log messages and is
recommended for debugging purposes only.
Choose
Never
to disable logging.
Note: When traffic is going from the LAN or DMZ to the WAN, the system requires
rewriting the source or destination IP address of incoming IP packets as they pass
through the firewall.
STEP
8
Check the
Rule Status Enable
check box, to enable the new access rule.
Page 95 / 141
Configuring the Firewall
Creating an Internet Access Policy
Cisco RV130/130W Wireless Multifunction VPN Router Administration Guide
92
5
STEP
9
Click
Save
.
Creating an Internet Access Policy
The device supports several options for blocking Internet access. You can block
all Internet traffic, block Internet traffic to certain PCs or endpoints, or block
access to Internet sites by specifying keywords to block. If these keywords are
found in the site's name (for example, web site URL or newsgroup name), the site is
blocked.
Adding or Editing an Internet Access Policy
To create a Internet access policy:
STEP 1
Choose
Firewall
>
Internet Access Policy
.
STEP
2
Click
Add Row
.
STEP
3
Check the
Status
Enable
check box.
STEP
4
Enter a policy name for identification and management purposes.
STEP
5
From the Action drop-down menu, choose the type of access restriction you need:
Always block
—Always block Internet traffic. This blocks Internet traffic to
and from all endpoints. If you want to block all traffic but allow certain
endpoints to receive Internet traffic, see Step 7.
Always allow
—Always allow Internet traffic. You can refine this to block
specified endpoints from Internet traffic; see Step 7. You can also allow all
Internet traffic except for certain websites; see Step 8.
Block by schedule
—Blocks Internet traffic according to a schedule (for
example, if you wanted to block Internet traffic during the weekday business
hours, but allow it after hours and on weekends).
Allow by schedule
—Allows Internet traffic according to a schedule.
If you chose
Block by schedule
or
Allow by schedule
, click
Configure Schedules
to create a schedule. See
Managing Firewall Schedules
.
STEP
6
Choose a schedule from the drop-down menu.

Rate

3.5 / 5 based on 2 votes.

Popular Cisco Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top