1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. DGFV338
    5. /
  5. 19
Page 91 / 212 Scroll up to view Page 86 - 90
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Security and Firewall Protection
4-19
v1.0, April 2007
Quality of Service (QoS) Priorities
This setting determines the priority of a service, which in turn, determines the quality of that
service for the traffic passing through the firewall. The user can change this priority for Outbound
Services only.
The QoS priority definition for a service determines the IP packets queue for outbound traffic
passing through the ProSafe DGFV338 for this service. The priorities are defined by “Type of
Service (TOS) in the Internet Protocol Suite” standards, RFC 1349. The router marks the Type Of
Service (TOS) field as defined below:
Normal-Service
: No special priority is given to the traffic. The IP packets for services with
this priority are marked with a ToS value of 0.
Minimize-Cost
: Used when the data must be transferred over a link that has a low
transmission cost. The IP packets for this service priority are marked with a ToS value of 1.
Maximize-Reliability
: Used when data needs to travel to the destination over a reliable link
with little or no retransmission. The IP packets for this service priority are marked with a ToS
value of 2.
Maximize-Throughput
: Used when the volume of data transferred during an interval is
important even though it may have a high link latency. The IP packets for this service priority
are marked with a ToS value of 4.
Figure 4-14
Outbound Rules Add Screen
QoS Priority
Page 92 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
4-20
Security and Firewall Protection
v1.0, April 2007
Minimize-Delay
: Used when the time required for the packet to reach the destination must be
fast (low link latency). The IP packets for this service priority are marked with a TOS value of
8.
Attack Checks
This screen allows you to specify if the router should be protected against common attacks from
the LAN and WAN networks. The various types of attack checks are defined below. Select the
appropriate radio boxes to enable the required security measures.
WAN Security Checks
:
Respond to Ping On Internet Ports: Responds to an ICMP Echo (ping) packet coming from
the Internet or WAN side. (Usually used as a diagnostic tool for connectivity problems. It
is recommended that you disable this option to prevent hackers from easily discovering
the router via a ping.)
Enable Stealth Mode: If Stealth Mode is enabled, the router will not respond to port scans
from the WAN or Internet, which makes it less susceptible to discovery and attacks.
Block TCP Flood: If this option is enabled, the router will drop all invalid TCP packets
and be protected protect from a SYN flood attack.
LAN Security Checks:
Block UDP Flood: If this option is enabled, the router will not accept
more than 20 simultaneous, active, UDP connections from a single computer on the LAN.
VPN Pass through
: IPSec, PPTP or L2TP: Typically, this router is used as a VPN Client or
Gateway that connects to other VPN Gateways. When the router is in NAT mode, all packets
going to the Remote VPN Gateway are first filtered through NAT and then encrypted, per the
VPN policy.
If a VPN Client or Gateway on the LAN side of this router wants to connect to another VPN
endpoint on the WAN, with this router between the two VPN end points, all encrypted packets
will be sent to this router. Since this router filters the encrypted packets through NAT, the
packets become invalid.
IPSec, PPTP, and L2TP represent different types of VPN tunnels that can pass through this
router. To allow the VPN traffic to pass through without filtering, enable those options for the
type of tunnel(s) that will pass through this router.
Note:
Under NAT mode (Network Configuration menu, WAN Mode screen), a
firewall rule that directs ping requests to a particular computer on the LAN
will override this option.
Page 93 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Security and Firewall Protection
4-21
v1.0, April 2007
To enable Attack Checks:
1.
Select
Security
from the main menu and
Firewall Rules
from the submenu. Then click the
Attack Checks
tab.
2.
Check the radio box for the types of security measures you want to enable. (See the
explanation above the various WAN and LAN Security Checks.)
3.
Click
Apply
to activate the selected security checks.
Managing Groups and Hosts
The Network Database is an automatically-maintained list of all known PCs and network devices.
PCs and devices become known by the following methods:
DHCP Client Requests – By default, the DHCP server in this Router is enabled, and will
accept and respond to DHCP client requests from PCs and other network devices. These
requests also generate an entry in the Network Database. Because of this, leaving the DHCP
Server feature (on the LAN screen) enabled is strongly recommended.
Scanning the Network – The local network is scanned using standard methods such as ARP.
This will detect active devices which are not DHCP clients. However, sometimes the name of
the PC or device cannot be accurately determined, and will be shown as Unknown.
Some advantages of the Network Database are:
Generally, you do not need to enter either IP address or MAC addresses. Instead, you can just
select the desired PC or device.
Figure 4-15
Page 94 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
4-22
Security and Firewall Protection
v1.0, April 2007
No need to reserve an IP address for a PC in the DHCP Server. All IP address assignments
made by the DHCP Server will be maintained until the PC or device is removed from the
database, either by expiry (inactive for a long time) or by you.
No need to use a Fixed IP on PCs. Because the address allocated by the DHCP Server will
never change, you don't need to assign a fixed IP to a PC to ensure it always has the same IP
address.
MAC-level Control over PCs. The Network Database uses the MAC address to identify each
PC or device. So changing a PC's IP address does not affect any restrictions on that PC.
Group and Individual Control over PCs:
You can assign PCs to Groups and apply restrictions to each Group using the Firewall
Rules screen (see
“Outbound Rules (Service Blocking)” on page 4-3
).
You can also select the Groups to be covered by the Block Sites feature (see
“Blocking
Internet Sites” on page 4-24
).
If necessary, you can also create Firewall Rules to apply to a single PC (see
“To block
keywords or Internet domains:” on page 4-27
). Because the MAC address is used to
identify each PC, users cannot avoid these restrictions by changing their IP address.
Page 95 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Security and Firewall Protection
4-23
v1.0, April 2007
Figure 4-16

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top