Page 196 / 794 Scroll up to view Page 191 - 195
Vigor2860 Series User’s Guide
182
3.5.3 Filter Setup
Click
Firewall
and click
Filter Setup
to open the setup page.
To edit or add a filter, click on the set number to edit the individual set. The following page
will be shown. Each filter set contains up to 7 rules. Click on the rule number button to edit
each rule. Check
Active
to enable the rule.
Available settings are explained as follows:
Item
Description
Filter Rule
Click a button numbered (1 ~ 7) to edit the filter rule. Click
the button will open Edit Filter Rule web page. For the
detailed information, refer to the following page.
Active
Enable or disable the filter rule.
Comment
Enter filter set comments/description. Maximum length is
23–character long.
Move Up/Down
Use
Up
or
Down
link to move the order of the filter rules.
Next Filter Set
Set the link to the next filter set to be executed after the
current filter run. Do not make a loop with many filter sets.
To edit
Filter Rule
, click the
Filter Rule
index button to enter the
Filter Rule
setup page.
Page 197 / 794
Vigor2860 Series User’s Guide
183
Available settings are explained as follows:
Item
Description
Check to enable the Filter
Rule
Check this box to enable the filter rule.
Comments
Enter filter set comments/description. Maximum length is
14- character long.
Index(1-15)
Set PCs on LAN to work at certain time interval only. You
may choose up to 4 schedules out of the 15 schedules
pre-defined in
Applications >> Schedule
setup. The
default setting of this field is blank and the function will
always work.
Clear sessions when
schedule ON
Check this box to clear the sessions when the above
schedule profiles are applied.
Direction
Set the direction of packet flow. It is for
Data Filter
only.
For the
Call Filter
, this setting is not available since
Call
Filter
is only applied to outgoing traffic.
Page 198 / 794
Vigor2860 Series User’s Guide
184
Note:
RT means routing
domain for 2nd subnet or other
LAN.
Source/Destination IP
Click
Edit
to access into the following dialog to choose the
source/destination IP or IP ranges.
To set the IP address manually, please choose
Any
Address/Single Address/Range Address/Subnet Address
as the Address Type and type them in this dialog. In
addition, if you want to use the IP range from defined
groups or objects, please choose
Group and Objects
as the
Address Type.
From the
IP Group
drop down list, choose the one that you
want to apply. Or use the
IP Object
drop down list to
choose the object that you want.
Service Type
Click
Edit
to access into the following dialog to choose a
suitable service type.
Page 199 / 794
Vigor2860 Series User’s Guide
185
To set the service type manually, please choose
User
defined
as the Service Type and type them in this dialog. In
addition, if you want to use the service type from defined
groups or objects, please choose
Group and Objects
as the
Service Type.
Protocol -
Specify the protocol(s) which this filter rule will
apply to.
Source/Destination Port –
(=)
– when the first and last value are the same, it indicates
one port; when the first and last values are different, it
indicates a range for the port and available for this service
type.
(!=)
– when the first and last value are the same,
it
indicates all the ports except the port defined here;
when the first and
last values are different, it indicates that
all the ports except the range defined here are available for
this service type.
(>)
the port number greater than this value is available.
(<)
the port number less than this value is available for
this profile.
Service Group/Object
- Use the drop down list to choose
the one that you want.
Fragments
Specify the action for fragmented packets. And it is used for
Data Filter
only.
Don’t care -
No action will be taken towards fragmented
packets.
Unfragmented -
Apply the rule to unfragmented packets.
Fragmented -
Apply the rule to fragmented packets.
Too Short -
Apply the rule only to packets that are too short
to contain a complete header.
Filter
Specifies the action to be taken when packets match the rule.
Block Immediately -
Packets matching the rule will be
dropped immediately.
Pass Immediately -
Packets matching the rule will be
Page 200 / 794
Vigor2860 Series User’s Guide
186
passed immediately.
Block If No Further Match -
A packet matching the rule,
and that does not match further rules, will be dropped.
Pass If No Further Match -
A packet matching the rule,
and that does not match further rules, will be passed
through.
Branch to other Filter Set
If the packet matches the filter rule, the next filter rule will
branch to the specified filter set. Select next filter rule to
branch from the drop-down menu. Be aware that the router
will apply the specified filter rule for ever and will not
return to previous filter rule any more.
Sessions Control
The number typed here is the total sessions of the packets
that do not match the filter rule configured in this page. The
default setting is 60000.
MAC Bind IP
Strict
Make the MAC address and IP address settings
configured in
IP Object
for
Source IP
and
Destination IP
are bound for applying such filter rule.
No-Strict -
no limitation.
Quality of Service
Choose one of the QoS rules to be applied as firewall rule.
For detailed information of setting QoS, please refer to the
related section later.
Load-Balance policy
Choose the WAN interface for applying Load-Balance
Policy.
User Management
Such item is available only when
Rule-Based
is selected in
User
Management>>General Setup
. The general firewall
rule will be applied to the user/user group/all users specified
here.
Note:
When there is no user profile or group profile existed,
Create New User
or
Create New Group
item will appear
for you to click to create a new one.
APP Enforcement
Select an
APP Enforcement
profile for global IM/P2P
application blocking. If there is no profile for you to select,
please choose
[Create New]
from the drop down list in this
page to create a new profile. All the hosts in LAN must
follow the standard configured in the
APP Enforcement
profile selected here. For detailed information, refer to the

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top