Page 76 / 298 Scroll up to view Page 71 - 75
Vigor2930 Series User’s Guide
68
PCs with subnet “172.16.x.x” connected under Vigor router will
be protected by security settings enabled and configured on the
web pages of Vigor router. When the transparent mode has been
checked, hackers from Internet do not sense the existence of
vigor router, therefore they cannot attack the router.
3.4.3 Filter Setup
Click
Firewall
and click
Filter Setup
to open the setup page.
To edit or add a filter, click on the set number to edit the individual set. The following page
will be shown. Each filter set contains up to 7 rules. Click on the rule number button to edit
each rule. Check
Active
to enable the rule.
Page 77 / 298
igor2930 Series User’s Guide
69
Filter Rule
Click a button numbered (1 ~ 7) to edit the filter rule. Click the
button will open Edit Filter Rule web page. For the detailed
information, refer to the following page.
Active
Enable or disable the filter rule.
Comment
Enter filter set comments/description. Maximum length is
23–character long.
Move Up/Down
Use
Up
or
Down
link to move the order of the filter rules.
Next Filter Set
Set the link to the next filter set to be executed after the current
filter run. Do not make a loop with many filter sets.
To edit
Filter Rule
, click the
Filter Rule
index button to enter the
Filter Rule
setup page.
Check to enable the
Filter Rule
Check this box to enable the filter rule.
Comments
Enter filter set comments/description. Maximum length is 14-
character long.
Index(1-15)
Set PCs on LAN to work at certain time interval only. You may
choose up to 4 schedules out of the 15 schedules pre-defined in
Applications >> Schedule
setup. The default setting of this filed is
blank and the function will always work.
Direction
Set the direction of packet flow (LAN->WAN/WAN->LAN). It is
for
Data Filter
only. For the
Call Filter
, this setting is not
available since
Call Filter
is only applied to outgoing traffic.
Source/Destination IP
Click
Edit
to access into the following dialog to choose the
source/destination IP or IP ranges.
Page 78 / 298
Vigor2930 Series User’s Guide
70
To set the IP address manually, please choose
Any Address/Single
Address/Range Address/Subnet Address
as the Address Type
and type them in this dialog. In addition, if you want to use the IP
range from defined groups or objects, please choose
Group and
Objects
as the Address Type.
From the
IP Group
drop down list, choose the one that you want
to apply. Or use the
IP Object
drop down list to choose the object
that you want.
Service Type
Click
Edit
to access into the following dialog to choose a suitable
service type.
To set the service type manually, please choose
User defined
as
the Service Type and type them in this dialog. In addition, if you
want to use the service type from defined groups or objects, please
Page 79 / 298
igor2930 Series User’s Guide
71
choose
Group and Objects
as the Service Type.
Protocol -
Specify the protocol(s) which this filter rule will apply to.
Source/Destination Port -
(=)
– when the first and last value are the same, it indicates one
port; when the first and last values are different, it indicates a range
for the port and available for this service type.
(!=)
– when the first and last value are the same,
it indicates all
the ports except the port defined here; when the first and
last
values are different, it indicates that all the ports except the range
defined here are available for this service type.
(>)
the port number greater than this value is available.
(<)
the port number less than this value is available for this
profile.
Service Group/Object
- Use the drop down list to choose the one
that you want.
Fragments
Specify the action for fragmented packets. And it is used for
Data
Filter
only.
Don’t care -
No action will be taken towards fragmented packets.
Unfragmented -
Apply the rule to unfragmented packets.
Fragmented -
Apply the rule to fragmented packets.
Too Short -
Apply the rule only to packets that are too short to
contain a complete header.
Filter
Specifies the action to be taken when packets match the rule.
Block Immediately -
Packets matching the rule will be dropped
immediately.
Pass Immediately -
Packets matching the rule will be passed
immediately.
Block If No Further Match -
A packet matching the rule, and that
does not match further rules, will be dropped.
Pass If No Further Match -
A packet matching the rule, and that
does not match further rules, will be passed through.
Branch to other Filter
Set
If the packet matches the filter rule, the next filter rule will branch
to the specified filter set. Select next filter rule to branch from the
drop-down menu. Be aware that the router will apply the
specified filter rule for ever and will not return to previous filter
rule any more.
APP Enforcement
All the packets/connections within the range configured in the
above conditions must follow the standard configured in the
APP
Enforcement
profile selected here. For detailed information, refer
to the section of
APP Enforcement
profile setup.
URL Content Filter
Select one of the
URL Content Filter
profile settings (created in
CSM>> URL Content Filter
) for applying with this router.
Please set at least one profile for choosing in
CSM>> URL
Content Filter
web page first. For troubleshooting needs, you can
specify to record information for
URL Content Filter
by
checking the Log box. It will be sent to Syslog server. Please refer
to section
Syslog/Mail Alert
for more detailed information.
Page 80 / 298
Vigor2930 Series User’s Guide
72
SysLog
For troubleshooting needs you can specify the filter log and/or
CSM log here. Check the corresponding box to enable the log
function. Then, the filter log and/or CSM log will be shown on
Draytek Syslog window.
Advance Setting
Click
Edit
to open the following window. However, it is
strongly
recommended
to use the default settings here.
Codepage
- This function is used to compare the characters
among different languages. Choose correct codepage can help the
system obtaining correct ASCII after decoding data from URL
and enhance the correctness of URL Content Filter. The default
value for this setting is ANSI 1252 Latin I. If you do not choose
any codepage, no decoding job of URL will be processed. Please
use the drop-down list to choose a codepage.
If you do not have any idea of choosing suitable codepage, please
open Syslog. From Codepage Information of Setup dialog, you
will see the recommended codepage listed on the dialog box.
Window size
– It determines the size of TCP protocol (0~65535).
The more the value is, the better the performance will be.
However, if the network is not stable, small value will be proper.
Session timeout
–Setting timeout for sessions can make the best
utilization of network resources. However, Queue timeout is
configured for TCP protocol only; session timeout is configured
for the data flow which matched with the firewall rule.

Rate

4 / 5 based on 3 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top