1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. DGFV338
    5. /
  5. 16
Page 76 / 212 Scroll up to view Page 71 - 75
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
4-4
Security and Firewall Protection
v1.0, April 2007
Filter
: Defines an action to be taken on the enabled rule. It can be:
Block Always:
Block selected service at all times.
Enable Always
: Allow selected service to pass through at all times.
Block by schedule, otherwise allow
: Works in conjunction with a schedule defined on the
Schedule
screen. The selected service will be blocked during the schedule interval
(Schedule 1, Schedule 2 or Schedule 3) and will be allowed to pass through at other times.
Allow by schedule, otherwise block
: Works in conjunction with a schedule defined on
the
Schedule
screen. The selected service will be allowed to pass through during the
schedule interval (Schedule 1, Schedule 2, or Schedule 3) and will be blocked at other
times.
LAN Users
: Specifies whether one or more LAN IP addresses will be affected by the rule.
This rule will affect packets for the selected service coming from the defined IP address or
range of IP addresses on the LAN side.
Any
: All computers on the LAN are included in the rule.
Single Address
: A single LAN IP address that is affected by the rule.
Address Range
: A range of LAN IP addresses that are affected by the rule.
Group
: Computers that are part of the Group defined in the Network Database will be
affected by the rule. (Groups are defined by selecting
Network Configuration
from the
main menu,
LAN Groups
from the sub-menu and then clicking the
Edit Group Names
tab.)
WAN Users
: Specifies whether one or more WAN IP address will be affected by the rule. This
rule will affect packets for the selected service to the defined IP address or range of IP
addresses on the WAN side.
Any
: All IP addresses on the WAN will be affected by the rule.
Single Address:
A single WAN IP address will be affected by the rule.
Address Range
: A range of IP addresses on the WAN will be affected by the rule.
Priority:
The priority assigned to IP packets of this service. The priorities are defined by
“Type of Service (ToS) in the Internet Protocol Suite” standards, RFC 1349. The router marks
the Type Of Service (ToS) field as defined below:
Normal-Service
: No special priority given to the traffic. The IP packets for services with
this priority are marked with a TOS value of 0.
Minimize-Cost
: Used when data must be transferred over a link that has a lower “cost”.
The IP packets for services with this priority are marked with a TOS value of 1.
Page 77 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Security and Firewall Protection
4-5
v1.0, April 2007
Maximize-Reliability
: Used when data needs to travel to the destination over a reliable
link and with little or no retransmission. The IP packets for services with this priority are
marked with a ToS value of 2.
Maximize-Throughput
: Used when the volume of data transferred during an interval is
important even if the latency over the link is high. The IP packets for services with this
priority are marked with a ToS value of 4.
Minimize-Delay
: Used when the time required (latency) for the packet to reach the
destination must be low. The IP packets for services with this priority are marked with a
ToS value of 8.
Log
: Specifies whether the packets for this rule should be logged or not. If you select Always,
the details for all packets that match this rule will be logged. If you select Never, logging will
be disabled and no details logged.
For example, if an outbound rule for a schedule is selected as Block Always, then for every
packet that tries to make an outbound connection for that service, a message with the packet’s
source address and destination address, along with other information will be recorded in the
log.
Action
: You can move a rule
up
or
down
in priority or you can edit the rule by selecting the
appropriate button.
Additional actions that can be taken on the rules listed in the Outbound Services table are:
Edit
: Modify the configuration of the selected rule.
Select All
: Selects all the rules in the table.
Delete
: Deletes the selected policy or policies.
Enable
: Enables the selected rule or rules.
Disable
: Disables the selected rule or rules.
Add
: Add a new rule.
Note:
Enabling the
Log
function may generate a significant number of log messages
and is recommended that this be used for debugging purposes only.
Note:
Since Rules are applied in the order listed (from top to bottom), the hierarchy
of the rules may make a difference in how traffic is handled.
Page 78 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
4-6
Security and Firewall Protection
v1.0, April 2007
To add a new Outbound Service:
1.
Click the
Add
icon under the Outbound Services table. The
Add LAN-WAN Outbound
Service
screen will display.
2.
Fill out the Outbound Service fields for this policy (based on the field explanations above).
3.
Click
Apply
to create your policy. The new service policy will display in the
Outbound
Services
table.
Figure 4-2
Note:
See
“To block keywords or Internet domains:” on page 4-27
for yet another
way to block outbound traffic from selected PCs that would otherwise be
allowed by the firewall.
Page 79 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Security and Firewall Protection
4-7
v1.0, April 2007
Outbound Rule Example: Blocking Instant Messenger
Outbound rules let you prevent users from using applications such as Instant Messenger. If you
want to block Instant Messenger usage by employees during working hours, you can create an
outbound rule to block that application from any internal IP address to any external address
according to the schedule that you have created in the Schedule menu. You can also have the
firewall log any attempt to use Instant Messenger during that blocked period.
.
Inbound Rules (Port Forwarding)
Because the DGFV338 uses Network Address Translation (NAT), your network presents only one
IP address to the Internet and outside users cannot directly address any of your local computers.
Figure 4-3
Figure 4-4
Page 80 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
4-8
Security and Firewall Protection
v1.0, April 2007
However, by defining an inbound rule you can make a local server (for example, a Web server or
game server) visible and available to the Internet. The rule tells the firewall to direct inbound
traffic for a particular service to one local server. If you enable Translate to a Port Number, the
traffic will be forwarded to a specific port based on the destination port number. This is also
known as port forwarding.
This following lists all the existing rules for incoming traffic. Remember that allowing inbound
services opens holes in your firewall. Only enable those ports that are necessary for your network.
A rule is defined by the following fields:
! (Status)
: A rule can be disabled if not in use and enabled as needed. A rule is disabled if the
status light is grey and it is enabled if the status light is green. Disabling a rule does not delete
the configuration, but merely de-activates the rule.
Service Name
: This is a unique name assigned to the service. The name usually indicates the
type of traffic the rule covers such as ftp, ssh, telnet, ping, etc. Services not already in the list
can be are added on the Services page.
Filter
: Defines an action to be taken on the enabled rule. It can be:
Block Always
: Block selected service at all times.
Enable Always
: Allow selected service to pass through at all times.
Block by schedule, otherwise allow
: Works in conjunction with a schedule defined in the
Schedule 1/2/3 pages. Selected service will be blocked during the scheduled interval and
will be allowed to pass through at other times.
Allow by schedule, otherwise block
: Works in conjunction with a schedule defined in the
Schedule 1/2/3 pages. Selected service will be allowed to pass through during the
scheduled interval and will be blocked at other times.
LAN Server IP Address
: An IP address and port number of a machine on the LAN which is
hosting the server. It is displayed in the form: <
IP address:port number
>.
For example, if a machine with an IP address of 192.168.1.100 on the LAN side is running a
telnet server on port 2000, then the table will display 192.168.10.100:2000. If the telnet server
is running on the default port (port 23), then the table will display only the IP address.
Destination LAN Users
: Specifies whether one or more IP addresses on the LAN will be
affected by the rule. This field is only enabled when in routing mode since the LAN is
accessible only in this mode.
Any
: All computers on the LAN will be affected by the rule.
Single Address
: A single IP address on the LAN will be affected by the rule.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top