DrayTek Vigor-2920 Router Manual PDF (Setup & Configuration Guide)

Page 111 / 251 Scroll up to view Page 106 - 110

Vigor2920 Series User’s Guide

101

Window size

– It determines the size of TCP protocol (0~65535).

The more the value is, the better the performance will be.

However, if the network is not stable, small value will be proper.

Session timeout

–Setting timeout for sessions can make the best

utilization of network resources. However, Queue timeout is

configured for TCP protocol only; session timeout is configured

for the data flow which matched with the firewall rule.

Some on-line games (for example: Half Life) will use lots of fragmented UDP packets to

transfer game data. Instinctively as a secure firewall, Vigor router will reject these fragmented

packets to prevent attack unless you enable “

Accept large incoming fragmented UDP or

ICMP Packets

”. By checking this box, you can play these kinds of on-line games. If security

concern is in higher priority, you cannot enable “

Accept large incoming fragmented UDP or

ICMP Packets

”.

4.4.3 Filter Setup

Click

Firewall

and click

Filter Setup

to open the setup page.

To edit or add a filter, click on the set number to edit the individual set. The following page

will be shown. Each filter set contains up to 7 rules. Click on the rule number button to edit

each rule. Check

Active

to enable the rule.

VoIPon

www.voipon.co.uk

[email protected]

Tel: +44 (0)1245 808195

Fax: +44 (0)1245 808299

Page 112 / 251

Vigor2920 Series User’s Guide

102

Filter Rule

Click a button numbered (1 ~ 7) to edit the filter rule. Click the button

will open Edit Filter Rule web page. For the detailed information,

refer to the following page.

Active

Enable or disable the filter rule.

Comment

Enter filter set comments/description. Maximum length is

23–character long.

Move Up/Down

Use

Up

or

Down

link to move the order of the filter rules.

Next Filter Set

Set the link to the next filter set to be executed after the current filter

run. Do not make a loop with many filter sets.

To edit

Filter Rule

, click the

Filter Rule

index button to enter the

Filter Rule

setup page.

VoIPon

www.voipon.co.uk

[email protected]

Tel: +44 (0)1245 808195

Fax: +44 (0)1245 808299

Page 113 / 251

Vigor2920 Series User’s Guide

103

Check to enable the

Filter Rule

Check this box to enable the filter rule.

Comments

Enter filter set comments/description. Maximum length is 14-

character long.

Index(1-15)

Set PCs on LAN to work at certain time interval only. You may

choose up to 4 schedules out of the 15 schedules pre-defined in

Applications >> Schedule

setup. The default setting of this field is

blank and the function will always work.

Direction

Set the direction of packet flow (LAN->WAN/WAN->LAN). It is for

Data Filter

only. For the

Call Filter

, this setting is not available

since

Call Filter

is only applied to outgoing traffic.

Source/Destination IP

Click

Edit

to access into the following dialog to choose the

source/destination IP or IP ranges.

VoIPon

www.voipon.co.uk

[email protected]

Tel: +44 (0)1245 808195

Fax: +44 (0)1245 808299

Page 114 / 251

Vigor2920 Series User’s Guide

104

To set the IP address manually, please choose

Any Address/Single

Address/Range Address/Subnet Address

as the Address Type and

type them in this dialog. In addition, if you want to use the IP range

from defined groups or objects, please choose

Group and Objects

as the Address Type.

From the

IP Group

drop down list, choose the one that you want to

apply. Or use the

IP Object

drop down list to choose the object that

you want.

Service Type

Click

Edit

to access into the following dialog to choose a suitable

service type.

To set the service type manually, please choose

User defined

as the

Service Type and type them in this dialog. In addition, if you want to

VoIPon

www.voipon.co.uk

[email protected]

Tel: +44 (0)1245 808195

Fax: +44 (0)1245 808299

Page 115 / 251

Vigor2920 Series User’s Guide

105

use the service type from defined groups or objects, please choose

Group and Objects

as the Service Type.

Protocol -

Specify the protocol(s) which this filter rule will apply to.

Source/Destination Port -

(=)

– when the first and last value are the same, it indicates one port;

when the first and last values are different, it indicates a range for the

port and available for this service type.

(!=)

– when the first and last value are the same,

it indicates all the

ports except the port defined here; when the first and

last values

are different, it indicates that all the ports except the range defined

here are available for this service type.

(>)

–

the port number greater than this value is available.

(<)

–

the port number less than this value is available for this profile.

Service Group/Object

- Use the drop down list to choose the one

that you want.

Fragments

Specify the action for fragmented packets. And it is used for

Data

Filter

only.

Don’t care -

No action will be taken towards fragmented packets.

Unfragmented -

Apply the rule to unfragmented packets.

Fragmented -

Apply the rule to fragmented packets.

Too Short -

Apply the rule only to packets that are too short to contain

a complete header.

Filter

Specifies the action to be taken when packets match the rule.

Block Immediately -

Packets matching the rule will be dropped

immediately.

Pass Immediately -

Packets matching the rule will be passed

immediately.

Block If No Further Match -

A packet matching the rule, and that

does not match further rules, will be dropped.

Pass If No Further Match -

A packet matching the rule, and that

does not match further rules, will be passed through.

Branch to other Filter

Set

If the packet matches the filter rule, the next filter rule will branch

to the specified filter set. Select next filter rule to branch from the

drop-down menu. Be aware that the router will apply the specified

filter rule for ever and will not return to previous filter rule any

more.

IM/P2P Filter /

URL Content Filter /

Web Content Filter

All the packets/connections within the range configured in the

above conditions must follow the standard configured in the CSM

profile selected here. For detailed information, refer to the section

of CSM profile setup.

SysLog

For troubleshooting needs you can specify the filter log and/or CSM

log here. Check the corresponding box to enable the log function.

Then, the filter log and/or CSM log will be shown on DrayTek

Syslog window.

VoIPon

www.voipon.co.uk

[email protected]

Tel: +44 (0)1245 808195

Fax: +44 (0)1245 808299

Rate

Popular DrayTek Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share