DrayTek Vigor-2710 Router Manual PDF (Setup & Configuration Guide)

Page 156 / 335 Scroll up to view Page 151 - 155

Vigor2710 Series User’s Guide

144

Protocol -

Specify the protocol(s) which this filter rule will

apply to.

Source/Destination Port –

(=)

– when the first and last value are the same, it indicates one

port; when the first and last values are different, it indicates a

range for the port and available for this service type.

(!=)

– when the first and last value are the same,

it indicates

all the ports except the port defined here; when the first

and

last values are different, it indicates that all the ports

except the range defined here are available for this service

type.

(>)

–

the port number greater than this value is available.

(<)

–

the port number less than this value is available for this

profile.

Service Group/Object

- Use the drop down list to choose the

one that you want.

Fragments

Specify the action for fragmented packets. And it is used for

Data Filter

only.

Don’t care -

No action will be taken towards fragmented

packets.

Unfragmented -

Apply the rule to unfragmented packets.

Fragmented -

Apply the rule to fragmented packets.

Too Short -

Apply the rule only to packets that are too short to

contain a complete header.

Filter

Specifies the action to be taken when packets match the rule.

Block Immediately -

Packets matching the rule will be

dropped immediately.

Pass Immediately -

Packets matching the rule will be passed

immediately.

Block If No Further Match -

A packet matching the rule, and

that does not match further rules, will be dropped.

Pass If No Further Match -

A packet matching the rule, and

that does not match further rules, will be passed through.

Branch to other Filter Set

If the packet matches the filter rule, the next filter rule will

branch to the specified filter set. Select next filter rule to

branch from the drop-down menu. Be aware that the router

will apply the specified filter rule for ever and will not return

to previous filter rule any more.

Sessions Control

The number typed here is the total sessions of the packets that

do not match the filter rule configured in this page. The default

setting is 12000.

Page 157 / 335

Vigor2710 Series User’s Guide

145

MAC Bind IP

Strict

–

Make the MAC address and IP address settings

configured in

IP Object

for

Source IP

and

Destination IP

be

bound for applying such filter rule.

No-Strict -

no limitation.

Quality of Service

Choose one of the QoS rules to be applied as firewall rule. For

detailed information of setting QoS, please refer to the related

section later.

Load-Balance policy

Choose the WAN interface for applying Load-Balance Policy.

APP Enforcement

Select an

APP Enforcement

profile for global IM/P2P

application blocking. If there is no profile for you to selelct,

please choose

[Create New]

from the drop down list in this

page to create a new profile. All the hosts in LAN must follow

the standard configured in the

APP Enforcement

profile

selected here. For detailed information, refer to the section of

APP Enforcement

profile setup. For troubleshooting needs,

you can specify to record information for IM/P2P by checking

the Log box. It will be sent to Syslog server. Please refer to

section

Syslog/Mail Alert

for more detailed information.

URL Content Filter

Select one of the

URL Content Filter

profile settings (created

in

CSM>> URL Content Filter

) for applying with this router.

Please set at least one profile for choosing in

CSM>> URL

Content Filter

web page first. Or choose

[Create New]

from

the drop down list in this page to create a new profile. For

troubleshooting needs, you can specify to record information

for

URL Content Filter

by checking the Log box. It will be

sent to Syslog server. Please refer to section

Syslog/Mail

Alert

for more detailed information.

Web Content Filter

Select one of the

Web Content Filter

profile settings (created

in

CSM>> Web Content Filter

) for applying with this router.

Please set at least one profile for anti-virus in

CSM>> Web

Content Filter

web page first. Or choose

[Create New]

from

the drop down list in this page to create a new profile. For

troubleshooting needs, you can specify to record information

for

Web Content Filter

by checking the Log box. It will be

sent to Syslog server. Please refer to section

Syslog/Mail

Alert

for more detailed information.

SysLog

For troubleshooting needs you can specify the filter log and/or

CSM log here. Check the corresponding box to enable the log

function. Then, the filter log and/or CSM log will be shown on

Draytek Syslog window.

Advance Setting

Click

Edit

to open the following window. However, it is

strongly recommended

to use the default settings here.

Page 158 / 335

Vigor2710 Series User’s Guide

146

Codepage

- This function is used to compare the characters

among different languages. Choose correct codepage can help

the system obtaining correct ASCII after decoding data from

URL and enhance the correctness of URL Content Filter. The

default value for this setting is ANSI 1252 Latin I. If you do

not choose any codepage, no decoding job of URL will be

processed. Please use the drop-down list to choose a

codepage.

If you do not have any idea of choosing suitable codepage,

please open Syslog. From Codepage Information of Setup

dialog, you will see the recommended codepage listed on the

dialog box.

Window size

– It determines the size of TCP protocol

(0~65535). The more the value is, the better the performance

will be. However, if the network is not stable, small value will

be proper.

Session timeout

–Setting timeout for sessions can make the

best utilization of network resources. However, Queue timeout

is configured for TCP protocol only; session timeout is

configured for the data flow which matched with the firewall

rule.

DrayTek Banner

– Please uncheck this box and the following

screen will not be shown for the unreachable web page. The

default setting is Enabled.

Page 159 / 335

Vigor2710 Series User’s Guide

147

Strict Security Checking

- All the packets, while transmitting

through Vigor router, will be filtered by firewall settings

configured by Vigor router if Strict Security Firewall is

enabled. If the firewall system does not have any response

(pass or block) for these packets, such as no response coming

from Anti-Spam server, then the router’s firewall will block

the packets directly.

In addition, you can restrict the strict security checking just be

done by specified server and conditions such as Anti-Virus,

Anti-Spam, In-Sequence and APP Enforcement. Thus, the

packets not only must be filtered by general rules by Firewall,

but also must be filtered by the items selected in Strict

Security Checking. Such work can ensure the data security

transferring via network.

APP Enforcement

– Check this box to execute the critical

checking for all the files transferred via IM/P2P.

Page 160 / 335

Vigor2710 Series User’s Guide

148

Example

As stated before, all the traffic will be separated and arbitrated using on of two IP filters: call

filter or data filter. You may preset 12 call filters and data filters in

Filter Setup

and even

link them in a serial manner. Each filter set is composed by 7 filter rules, which can be

further defined. After that, in

General Setup

you may specify one set for call filter and one

set for data filter to execute first.

Rate

Popular DrayTek Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share