37

Chapter 6: Set Up and Configure the Router

Firewall Tab - Access Rules

10/100 4-Port VPN Router

Firewall Tab - Access Rules

Network Access Rules evaluate the network traffic's Source IP address, Destination IP address, and IP protocol

type to decide if the IP traffic is allowed to pass through the firewall. See Figure 6-37.

The ability to define Network Access Rules is a very powerful tool. Using custom rules, it is possible to disable all

firewall protection or block all access to the Internet. Use extreme caution when creating or deleting Network

Access Rules.The Router has the following Default Rules.

* All traffic from the LAN to the WAN is allowed.

* All traffic from the WAN to the LAN is denied.

* All traffic from the LAN to the DMZ is allowed.

* All traffic from the DMZ to the LAN is denied.

* All traffic from the WAN to the DMZ is allowed.

* All traffic from the DMZ to the WAN is allowed.

Custom rules can be created to override the above Default Rules, but there are four additional default rules that

will be always active, and custom rules cannot override these four rules. Besides the Default Rules, all configured

Network Access Rules are listed in the table, and you can choose the Priority for each custom rule.

* HTTP service from LAN side to RV042 is always allowed.

* DHCP service from LAN side is always allowed.

* DNS service from LAN side is always allowed.

* Ping service from LAN side to RV042 is always allowed.

Click the

Edit

button to Edit the Policy, and click the

Trash Can

icon to delete the rule. Click

Add New Rule

button

to add new Access Rules and the screen in Figure 6-38 will appear. Click the

Restore to Default Rule

button to

change the Access Rules back to the default rules.

Add a new Policy

Services: Click

Wizard

to run the Access Rule Setup Wizard. To view the figures for the Access Rule Setup

Wizard, see the Wizard Tab section.

Action: Select the

Allow

or

Deny

radio button depending on the intent of the rule.

Service: Select the service from the Service pull-down menu. If the service you need is not listed in the menu,

click the

Service Management

button to add a new Service. See Figure 6-39. Enter the Service Name, Protocol

and Port Range, and then click

Add to list

.

Figure 6-35: Access Rules

Figure 6-36: Add a New Access Rule

Figure 6-37: Service Management

Downloaded from

www.Manualslib.com

manuals search engine

38

Chapter 6: Set Up and Configure the Router

Firewall Tab - Content Filter

10/100 4-Port VPN Router

Click the

Save Settings

button to save the Service Management settings or click the

Cancel Changes

button to

undo your changes. The screen in Figure 6-40 will appear when your settings are correct.

Log

User can select Log packet match this rule or Not log.

Source Interface

Select the Source Interface (LAN, WAN1, WAN2, Any) from the pull-down menu. Once DMZ is enabled, the options

will be LAN, WAN1, DMZ, Any.

Source IP

Select Any, Single or Range, and enter IP Address for single and range.

Destination IP

Select Any, Single or Range, and enter IP Address for single and range.

Scheduling

Apply this rule (time parameter)

Select the time range and the day of the week for this rule to be enforced.

The default condition for any new rule

is to always enforce.

Firewall Tab - Content Filter

Forbidden Domains

When the Block Forbidden Domains check box is selected, the Router will forbid web access to sites on the

Forbidden Domains list. See Figure 6-41.

Scheduling

The Time of Day feature allows you to define specific times when Content Filtering is enforced. For example, you

could configure the Router to filter employee Internet access during normal business hours, but allow

unrestricted access at night and on weekends.

Figure 6-38: Settings are Successful

Figure 6-39: Content Filter

Downloaded from

www.Manualslib.com

manuals search engine

39

Chapter 6: Set Up and Configure the Router

VPN Tab - Summary

10/100 4-Port VPN Router

Apply this rule

Always: When selected, Content Filtering is enforced at all times.

From: When selected, Content Filtering is enforced during the time and days specified. Enter the time period, in

24-hour format, and select the day of the week that Content Filtering is enforced.

Click the

Save Settings

button when you finish the Content Filter settings, or click the

Cancel Changes

button to

undo your changes.

VPN Tab - Summary

Summary

The VPN Summary displays the Summary, Tunnel Status and GroupVPN Status. See Figure 6-42.

Summary: It shows the number of Tunnel(s) Used and Tunnel(s) Available. The 10/100 4-Port VPN Router supports

30 tunnels.

Detail: Click the

Detail

button to see detail of the VPN Summary. The user can save, export, or print the file.

Tunnel Status:

Add New Tunnel: Click the

Add New Tunnel

button to add a Gateway to Gateway tunnel or add a Client to

Gateway tunnel. See Figure 43.

Choose a Mode:

Gateway to Gateway: Figure 42 shows the Gateway to Gateway tunnel, which is a tunnel created between two

VPN Routers. Click the

Add Now

button to see the Gateway to Gateway screen, Figure 44.

Client to Gateway: Figure 43 shows the Client to Gateway tunnel. A tunnel created between the VPN Router

and the Client user which using VPN client software that supports IPSec. Click the

Add Now

button to see the

Client to Gateway screen, Figure 45.

Page: Previous page, Next page, Jump to page / 30 pages and entries per page. You can click Previous page and

Next page button to jump to the tunnel that you want to see. You also can enter the page number into Jump to

page directly and choose the item number that you want to see per page (3, 5, 10, 20, 30, All).

Tunnel No.: It shows the used Tunnel No. 1~30, and it includes the tunnels defined in GroupVPN.

Figure 6-40: VPN Summary

Figure 6-41: Mode Choose

Downloaded from

www.Manualslib.com

manuals search engine

40

Chapter 6: Set Up and Configure the Router

VPN Tab - Summary

10/100 4-Port VPN Router

Tunnel Name: It shows the Tunnel Name that you enter in the Gateway to Gateway page, Client to Gateway page

or Group ID Name.

Status: It shows Connected, Hostname Resolution Failed, Resolving Hostname or Waiting for Connection.

If users select Manual in IPSec Setup page, the Status will show Manual and no Tunnel Test function for Manual

Keying Mode.

Phase2 Encrypt/Auth/Group: It shows the Encryption (DES/3DES), Authentication (MD5/SHA1) and Group (1/2/5)

that you chose in IPSec Setup field.

If you chose Manual mode, there will be no Phase 2 DH Group, and it will show the Encryption and Authentication

method that you set up in Manual mode.

Local Group: It shows the IP and subnet of the Local Group.

Remote Group: It shows the IP and subnet of the Remote Group.

Remote Gateway: It shows the IP of the Remote Gateway.

Tunnel Test: Click the

Connect

button to verify the tunnel status. The test result will be updated in Status. If the

tunnel is connected, a

Disconnect

button will be available so you can disconnect the VPN connection.

Configure: Edit and Delete.

Click the

Edit

button to link to the original setup page where you can change the settings. If you click the Edit

button, all of your tunnel settings will be deleted, and this tunnel will be available.

Tunnel(s) Enable and Tunnel(s) Defined: It shows the amount of Tunnel(s) Enable and Tunnel(s) Defined. The

amount of Tunnel Enable may be fewer than the amount of Tunnel Defined once the Defined Tunnels are disabled.

GroupVPN Status:

If you did not enable GroupVPN, it will be blank in GroupVPN Status.

Group ID Name: It shows the name you enter in Add new client to gateway tunnel page.

Connected Tunnels: It shows the amount of connected tunnels.

Phase2 Encrypt/Auth/Group: It shows the Encryption (DES/3DES), Authentication (MD5/SHA1) and Group (1/2/5)

that you chose in IPSec Setup field.

Figure 6-42: Gateway to Gateway

Figure 6-43: Client to Gateway

Downloaded from

www.Manualslib.com

manuals search engine

41

Chapter 6: Set Up and Configure the Router

VPN Tab - Gateway to Gateway

10/100 4-Port VPN Router

Local Group: It shows the IP address and Subnet of Local Group you set up.

Remote Client: It shows the amount of Remote Client of this GroupVPN.

Remote Clients Status: If you click the

Detail

List button, it shows the details of Group Name, IP address and

Connection Time of this Group VPN.

Tunnel Test: Click the

Connect

button to verify the tunnel status. The test result will be updated in Status. If the

tunnel is connected, a

Disconnect

button will be available so you can disconnect the VPN connection.

Configure: Edit and Delete

Click the

Edit

button to link to the original setup page where you can change the settings. If you click the Edit

button, all of your tunnel settings will be deleted, and this tunnel will be available.

VPN Tab - Gateway to Gateway

Add a new Tunnel

By setting this page, users can add a new tunnel between two VPN devices.

See Figure 46.

Tunnel No.: The tunnel number will be generated automatically from 1~30.

Tunnel Name: Enter the Tunnel Name, such as LA Office, Branch Site, Corporate Site, etc. This is to allow you to

identify multiple tunnels and does not have to match the name used at the other end of the tunnel.

Interface: You can select the Interface from the pull-down menu. When dual WAN is enable, there will be two

options. (WAN1/WAN2).

Enable: Check the box to enable VPN.

Local Group Setup

Local Security Gateway Type: There are five types. They are IP Only, IP + Domain Name (FQDN) Authentication, IP

+ E-mail Addr. (USER FQDN) Authentication, Dynamic IP + Domain Name (FQDN) Authentication, Dynamic IP +

E-mail Addr. (USER FQDN) Authentication. The type of Local Security Gateway Type should match the Remote

Security Gateway Type of VPN devices in the other end of tunnel.

IP Only: If you select IP Only, only the specific IP Address will be able to access the tunnel. The WAN IP of the

Router will automatically appear in this field.

Figure 6-44: Gateway to Gateway

Downloaded from

www.Manualslib.com

manuals search engine