Page 191 / 794 Scroll up to view Page 186 - 190
Vigor2860 Series User’s Guide
177
3.5.2 General Setup
General Setup allows you to adjust settings of IP Filter and common options.
Here you can
enable or disable the
Call Filter
or
Data Filter
. Under some circumstance, your filter set can
be linked to work in a serial manner. So here you assign the
Start Filter Set
only. Also you
can configure the
Log Flag
settings,
Apply IP filter to VPN incoming packets
, and
Accept
incoming fragmented UDP packets
.
Click
Firewall
and click
General Setup
to open the general setup page.
General Setup Page
Such page allows you to enable / disable Call Filter and Data Filter, determine general rule for
filtering the incoming and outgoing data.
Available settings are explained as follows:
Item
Description
Call Filter
Check
Enable
to activate the Call Filter function. Assign a
start filter set for the Call Filter.
Data Filter
Check
Enable
to activate the Data Filter function. Assign a
start filter set for the Data Filter.
Page 192 / 794
Vigor2860 Series User’s Guide
178
Accept large incoming…
Some on-line games (for example: Half Life) will use lots
of fragmented UDP packets to transfer game data.
Instinctively as a secure firewall, Vigor router will reject
these fragmented packets to prevent attack unless you
enable “
Accept large incoming fragmented UDP or
ICMP Packets
”. By checking this box, you can play these
kinds of on-line games. If security concern is in higher
priority, you cannot enable “
Accept large incoming
fragmented UDP or ICMP Packets
”.
Enable Strict Security
Firewall
For the sake of security, the router will execute strict
security checking for data transmission.
Such feature is enabled in default. All the packets, while
transmitting through Vigor router, will be filtered by
firewall. If the firewall system (e.g., content filter server)
does not make any response (pass or block) for these
packets, then the router’s firewall will block the packets
directly.
Block routing packet
from WAN
Usually, IPv6 network sessions/traffic from WAN to LAN
will be accepted by IPv6 firewall in default.
IPv6
- To prevent remote client accessing into the PCs on
LAN, check the box to make the packets (routed from WAN
to LAN) via IPv6 being blocked by such router. It is
effective only for the packets routed but not for packets
translated by NAT.
IPv4
- To prevent remote client accessing into the PCs on
LAN, check the box to make the incoming packets via IPv4
being blocked by such router. It is effective only for the
packets routed but not for packets translated by NAT.
Page 193 / 794
Vigor2860 Series User’s Guide
179
Default Rule Page
Such page allows you to choose filtering profiles including QoS, Load-Balance policy, WCF,
APP Enforcement, URL Content Filter, for data transmission via Vigor router.
Available settings are explained as follows:
Item
Description
Filter
Select
Pass
or
Block
for the packets that do not match with
the filter rules.
Sessions Control
The number typed here is the total sessions of the packets
that do not match the filter rule configured in this page. The
default setting is 60000.
Quality of Service
Choose one of the QoS rules to be applied as firewall rule.
For detailed information of setting QoS, please refer to the
related section later.
Load-Balance Policy
Choose the WAN interface for applying Load-Balance
Policy.
Page 194 / 794
Vigor2860 Series User’s Guide
180
User Management
Such item is available only when
Rule-Based
is selected in
User Management>>General Setup
. The general firewall
rule will be applied to the user/user group/all users specified
here.
Note:
When there is no user profile or group profile existed,
Create New User
or
Create New Group
item will appear
for you to click to create a new one.
APP Enforcement
Select an
APP Enforcement
profile for global IM/P2P
application blocking. If there is no profile for you to select,
please choose
[Create New]
from the drop down list in this
page to create a new profile. All the hosts in LAN must
follow the standard configured in the
APP Enforcement
profile selected here. For detailed information, refer to the
section of
APP Enforcement
profile setup. For
troubleshooting needs, you can specify to record information
for IM/P2P by checking the Log box. It will be sent to
Syslog server. Please refer to section
Syslog/Mail Alert
for
more detailed information.
URL Content Filter
Select one of the
URL Content Filter
profile settings
(created in
CSM>> URL Content Filter
) for applying with
this router. Please set at least one profile for choosing in
CSM>> URL Content Filter
web page first. Or choose
[Create New]
from the drop down list in this page to create
a new profile. For troubleshooting needs, you can specify to
record information for
URL Content Filter
by checking
the Log box. It will be sent to Syslog server. Please refer to
section
Syslog/Mail Alert
for more detailed information.
Web Content Filter
Select one of the
Web Content Filter
profile settings
(created in
CSM>> Web Content Filter
) for applying with
this router. Please set at least one profile for anti-virus in
CSM>> Web Content Filter
web page first. Or choose
[Create New]
from the drop down list in this page to create
a new profile. For troubleshooting needs, you can specify to
record information for
Web Content Filter
by checking the
Log box. It will be sent to Syslog server. Please refer to
section
Syslog/Mail Alert
for more detailed information.
DNS Filter
Select one of the DNS Filter profile settings (created in
CSM>>DNS Filter) for applying with this router. Please set
Page 195 / 794
Vigor2860 Series User’s Guide
181
at least one profile in
CSM>> Web Content Filter
web
page first. Or click the DNS Filter link in this page to create
a new profile.
Advance Setting
Click
Edit
to open the following window. However, it is
strongly recommended
to use the default settings here.
Codepage
- This function is used to compare the characters
among different languages. Choose correct codepage can
help the system obtain correct ASCII after decoding data
from URL and enhance the correctness of URL Content
Filter. The default value for this setting is ANSI 1252 Latin
I. If you do not choose any codepage, no decoding job of
URL will be processed. Please use the drop-down list to
choose a codepage.
If you do not have any idea of choosing suitable codepage,
please open Syslog. From Codepage Information of Setup
dialog, you will see the recommended codepage listed on
the dialog box.
Window size
– It determines the size of TCP protocol
(0~65535). The more the value is, the better the
performance will be. However, if the network is not stable,
small value will be proper.
Session timeout
– Setting timeout for sessions can make
the best utilization of network resources.
After finishing all the settings here, please click
OK
to save the configuration.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top