NETGEAR DGFV338 Router Manual PDF (Setup & Configuration Guide)

Page 71 / 212 Scroll up to view Page 66 - 70

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

Wireless Configuration

3-19

v1.0, April 2007

To restrict access based on MAC addresses:

1.

Log in to the DGFV338 using the default address of

http://192.168.1.1,

user name

admin

and

default password

password

, or whatever LAN address and password you have set up.

2.

Select

Network Configuration

from the main menu and

Wireless Settings

from the

submenu. Then click the

Setup Access List

link at the top right of the screen. The

Access

Control List

screen will display.

3.

For

Do you want to enable Access Control List?,

check the

Yes

radio button and then click

Apply.

4.

The

Trusted Wireless Stations

table displays currently configured MAC addresses of

wireless devices given permission to connect to this access point. If you have not entered any

wireless stations this list will be empty. Delete an existing entry by selecting it and then click

Delete

.

5.

You can add a

New Trusted Station Manually

by entering the MAC address of the client.

Click

Add

and the new address will be entered in the Trusted Wireless Stations list.

Note:

If configuring the DGFV338 from a wireless computer whose MAC address is not

in the Trusted Wireless Stations list, if you enable Turn Access Control, you will

lose your wireless connection when you click Apply. You must then access the

wireless firewall from a wired computer or from a wireless computer which is on

the Trusted Wireless Stations list to make any further changes.

Figure 3-11

Page 72 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

3-20

Wireless Configuration

v1.0, April 2007

6.

Select the

Available Wireless Stations

tab to populate the

Available Wireless Stations

list

with the MAC addresses of wireless stations found within range of this wireless gateway.

7.

Click the

Add to Trusted List

icon adjacent to the MAC address for each wireless device you

want to add to the

Trusted Wireless Stations

list. Once added, the wireless device can

establish a connection with this wireless gateway. Now, only devices on this list will be

allowed to wirelessly connect to the DGFV338.

Note:

The ACL “Yes” radio button must be enabled to activate the Trusted Wireless

Stations feature.

Page 73 / 212

Security and Firewall Protection

4-1

v1.0, April 2007

Chapter 4

Security and Firewall Protection

This chapter describes how to use the Security features of the ProSafe Wireless ADSL Modem

VPN Firewall Router to protect your network. These features can be found by selecting

Security

from the main menu of the browser interface.

Firewall Protection and Content Filtering Overview

The ProSafe Wireless ADSL Modem VPN Firewall Router provides Web Content filtering—by

Domain name (Web sites) and by Keyword Blocking. Browsing activity reporting and instant

alerts via e-mail provide reports on Content Filtering activities. Parents and network

administrators can establish restricted access policies based on time-of-day, specific Web

Components, Web sites and Web address keywords. You can also block Internet access by

applications and services, such as chat or games.

A firewall is a special category of router that protects one network (the “trusted” network, such as

your LAN) from another (the untrusted network, such as the Internet), while allowing

communication between the two.

A firewall incorporates the functions of a NAT (Network Address Translation) router, while

adding features for dealing with a hacker intrusion or attack, and for controlling the types of traffic

that can flow between the two networks. Unlike simple Internet sharing NAT routers, a firewall

uses a process called stateful packet inspection to protect your network from attacks and

intrusions. NAT performs a very limited stateful inspection in that it considers whether the

incoming packet is in response to an outgoing request, but true Stateful Packet Inspection goes far

beyond NAT.

Using Rules to Block or Allow Specific Kinds of Traffic

Firewall rules are used to block or allow specific traffic passing through from one side to the other.

Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing

only specific outside users to access specific resources. Outbound rules (LAN to WAN) determine

what outside resources local users can have access to.

Page 74 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

4-2

Security and Firewall Protection

v1.0, April 2007

About Service Based Rules

The rules to block traffic are based on the traffic’s category of service.

•

Inbound rules (allow port forwarding).

Inbound traffic is normally blocked by the firewall

unless the traffic is in response to a request from the LAN side. The firewall can be configured

to allow this otherwise blocked traffic.

•

Outbound rules (service blocking)

. Outbound traffic is normally allowed unless the firewall

is configured to disallow it.

•

Customized services

. Additional services can be added to the list of services in the factory

default list. These added services can then have rules defined for them to either allow or block

that traffic.

•

Quality of service (QoS) priorities

. Each service at its own native priority that impacts its

quality of performance and tolerance for jitter or delays. You can change this QoS priority if

desired to change the traffic mix through the system.

A firewall has two default rules, one for inbound traffic and one for outbound traffic. The default

rules of the DGFV338 are:

•

Default Inbound Policy

. Block all inbound traffic to the LAN from the Internet (WAN),

except responses to requests from the LAN. To allow computers from the WAN to access

services on the LAN, a firewall rule for each service must be added

.

•

Default Outbound Policy

.Allow all traffic from the LAN to pass through to the Internet.

Firewall rules can then be applied to block specific types of traffic from going out from the

LAN to the WAN.

The Default Outbound Policy is shown in the LAN-WAN Rules table of the Firewall Rules sub-

menu (under Security on the main menu) in

Figure 4-1

:

Page 75 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

Security and Firewall Protection

4-3

v1.0, April 2007

You may define additional rules that will specify exceptions to the default rules. By adding custom

rules, you can block or allow access based on the service or application, source or destination IP

addresses, and time of day.

You can also tailor these rules to your specific needs (see

“Security and Administrator

Management” on page 4-35

).

Outbound Rules (Service Blocking)

The DGFV338 allows you to block the use of certain Internet services by PCs on your network.

This is called service blocking or port filtering.

The default policy can be changed to block all outbound traffic and enable only specific services to

pass through the router. The following

Outbound Services

lists all the existing rules for outgoing

traffic. A rule is defined by the following fields:

•

! (Status)

: A rule can be disabled if not in use and enabled as needed. A rule is disabled if the

status light is grey and it is enabled if the status light is green. Disabling a rule does not delete

the configuration, but merely de-activates the rule.

•

Service Name

: This is a unique name assigned to the service. The name usually indicates the

type of traffic the rule covers such as ftp, ssh, telnet, ping, etc. Services not already in the list

can be added on the

Add LAN WAN Outbound Services

screen.

Figure 4-1

Note:

This feature is for Advanced Administrators only! Incorrect configuration will

cause serious problems.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share