1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DSR-500N
    5. /
  5. 18
Page 86 / 270 Scroll up to view Page 81 - 85
Page 87 / 270
Chapter
5.
Securing the Private
Network
You can secure your network by creating and applying rules that your router uses to
selectively block and allow inbound and outbound Internet traffic. You then specify
how and to whom the rules apply. To do so, you must define the following:
Services or traffic types (examples: web browsing, VoIP, other standard services
and also custom services that you define)
Direction for the traffic by specifying the source and destination of t raffic; this is
done by specifying the “From Zone” (LAN/WAN/DMZ) and “To Zone”
(LAN/WAN/DMZ)
Schedules as to when the router should apply rules
Any Keywords (in a domain name or on a URL of a web page) that the router
should allow or block
Rules for allowing or blocking inbound and outbound Internet traffic for specified
services on specified schedules
MAC addresses of devices that should not access the internet
Port triggers that signal the router to allow or block access to specified services as
defined by port number
Reports and alerts that you want the router to send to you
You can, for example, establish restricted -access policies based on time-of-day, web
addresses, and web address keywords. You can block Internet access by applications
and services on the LAN, such as chat rooms or games. You can block just certain
groups of PCs on your network from being accessed by the WAN or public DMZ
network.
5.1 Firewall Rules
Advanced > Firewall Settings > Firewall Rules
Inbound (WAN to LAN/DMZ) rules restrict access to traffic entering your network,
selectively allowing only specific outside users to access specific local resources. By
default all access from the insecure WAN side are blocked from accessing the secure
LAN, except in response to requests from the LAN or DMZ. To allow outside devices
to access services on the secure LAN, you must create an inbound firewall rule for
each service.
If you want to allow incoming traffic, you must make the router’s WAN port IP
address known to the publ
ic. This is called “exposing your host.” How you make your
address known depends on how the WAN ports are configured; for this router you
Page 88 / 270
Unified Services Router
User Manual
86
may use the IP address if a static address is assigned to the WAN port, or if your
WAN address is dynamic a DDNS (Dyna mic DNS) name can be used.
Outbound (LAN/DMZ to WAN) rules restrict access to traffic leaving your network,
selectively allowing only specific local users to access specific outside resources . The
default outbound rule is to allow access from the secure zone (LAN) to either the
public DMZ or insecure WAN. On other hand the default outbound rule is to deny
access from DMZ to insecure WAN. You can change this default behaviour in the
Firewall Settings > Default Outbound Policy
page. When the default outbound
policy is allow always , you can to block hosts on the LAN from accessing internet
services by creating an outbound firewall rule for each service.
Figure 52: List of Available Fire wall Rule s
5.2
Defining Rule Schedules
Tools > Schedules
Firewall rules can be enabled or disabled automatically if they are associated with a
configured schedule. The schedule configuration page allows you to define days of
the week and the time of day for a new schedule, and then this schedule can be
selected in the firewall rule configuration page.
All schedules will follow the time in the routers configured time zone. Refer to the
section on choosing your Time Zone and configuring NTP servers for more
information.
Page 89 / 270
Unified Services Router
User Manual
87
Figure 53: List of Available Sche dule s to bind to a fire wall rule
5.3
Configuring Firewall Rules
Advanced > Firewall Settings > Firewall Rules
All configured firewall rules on the router are displayed in the Firewall Rules list.
This list also indicates whether the rule is enabled (active) or not, and gives a
summary of the From/To zone as well as the services or users that the rule affects.
To create a new firewall rules, follow the steps below:
1.
View the existing rules in the List of Available Firewall Rules table.
2.
To edit or add an outbound or inbound services rule, do the following:
To edit a rule, click the checkbox next to the rule and click Edit
to reach that rule’s
configuration page.
To add a new rule, click Add to be
taken to a new rule’s configuration page.
Once
created, the new rule is automatically added to the original table.
3.
Chose the From Zone to be the source of originating traffic: either the secure LAN, public
DMZ, or insecure WAN. For an inbound rule WAN should be selected as the From Zone.
4.
Choose the To Zone to be the destination of traffic covered by this rule. If the From Zone
is the WAN, the to Zone can be the public DMZ or secure LAN. Similarly if the From
Zone is the LAN, then the To Zone can be the public DMZ or insecure WAN.
5.
Parameters that define the firewall rule include the following:
Page 90 / 270
Unified Services Router
User Manual
88
Service: ANY means all traffic is affected by this rule. For a specific
service the drop down list has common services, or you can select a
custom defined service.
Action & Schedule: Select one of the 4 actions that this rule defines :
BLOCK always, ALLOW always, BLOCK b y schedule otherwise
ALLOW, or ALLOW by schedule otherwise BLOCK. A schedule must
be preconfigured in order for it to be available in the dropdown lis t to
assign to this rule.
Source & Destination users: For each relevant category, select the users
to which the rule applies:
Any (all users)
Single Address (enter an IP address)
Address Range (enter the appropriate IP address range)
Log: traffic that is filtered by this rule can be logged; this requires
configuring
the router’s logging feature separately.
QoS Priority: Outbound rules (where To Zone = insecure WAN only)
can have the traffic marked with a QoS priority tag. Select a priority
level:
Normal-Service: ToS=0 (lowest QoS)
Minimize-Cost: ToS=1
Maximize-Reliability: ToS=2
Maximize-Throughput: ToS=4
Minimize-Delay: ToS=8 (highest QoS)
6.
Inbound rules can use Destination NAT (DNAT) for managing traffic from the WAN.
Destination NAT is available when the To Zone = DMZ or secure LAN.
With an inbound allow rule you can enter the internal server address
that is hosting the selected service.
You can enable port forwarding for an incoming service specific rule
(From Zone = WAN) by selecting the appropriate ch eckbox. This will
allow the selected service traffic from the internet to reach the
appropriate LAN port via a port forwarding rule.
Translate Port Number: With port forwarding, the incoming traffic to
be forwarded to the port number entered here.

Rate

4.5 / 5 based on 2 votes.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top