1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. DGFV338
    5. /
  5. 20
Page 96 / 212 Scroll up to view Page 91 - 95
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
4-24
Security and Firewall Protection
v1.0, April 2007
Blocking Internet Sites
If you want to reduce incoming traffic by preventing access to certain sites on the Internet, you can
use the wireless firewall Web Components filtering and Key Word Blocking. By default, both are
disabled; all requested traffic from any Web site is allowed. When enabled, if users try to access a
blocked site, they see a “Blocked by NETGEAR” message.
Web Components filtering – You can filter the following Web Component types: Proxy, Java,
ActiveX, and Cookies. For example, by enabling Java filtering, “Java” files will be blocked.
Certain commonly used web components can be blocked for increased security. Some of these
components are can be used by malicious websites to infect computers that access them.
Proxy – A proxy server (or simply, proxy) allows computers to route connections to other
computers through the proxy, thus circumventing certain firewall rules. For example, if
Table 4.1
Groups and Hosts
Item
Description
Known PCs and
Devices
This table lists all current entries in the Network Database. For each PC or
device, the following data is displayed.
Radio button – Use this to select a PC for editing or deletion.
Name – The name of the PC or device. Sometimes, this cannot be determined,
and is listed as Unknown. In this case, you can edit the entry to add a
meaningful name.
IP Address – The current IP address. For DHCP clients, where the IP address
is allocated by the DHCP Server in this device, this IP address will not change.
Where the IP address is set on the PC (as a fixed IP address), you may need
to update this entry manually if the IP address on the PC is changed.
MAC Address – The MAC address of the PC. The MAC address is a low-level
network identifier which is fixed at manufacture.
Group – Each PC or device must be in a single group. The Group column
indicates which group each entry is in. By default, all entries are in Group 1.
Operations
Group Assignment – You can select a group for any entry by selecting
Edit
.
When the
Edit Groups and Hosts
screen displays, select the desired group
from the pull-down menu in the Group column. Click
Apply
.
Adding a new Entry – If a PC is not connected, using a fixed IP, or a different
LAN segment, it may not be listed. In this case, you can add it by adding it to
the
Add Known PCs and Devices
and clicking
Add
.
Editing an Entry – To edit an entry, click
Edit
adjacent to the entry.
Deleting an Entry – If a PC or device has been removed from your network,
you can delete it from the database. Select its radio button, and click
Delete
.
Edit Group Names – To edit Group names, click the
Edit Group Names
link at
the top right of the screen. By default the group names are Group1 through
Group 8, with Group 1 being the default group.
Page 97 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Security and Firewall Protection
4-25
v1.0, April 2007
connections to a specific IP address are blocked by a firewall rule, the requests can be
routed through a proxy that is not blocked by the rule, rendering the restriction ineffective.
Enabling this feature blocks proxy servers.
Java – Blocks java applets from being downloaded from pages that contain them. Java
applets are small programs embedded in web pages that enable dynamic functionality of
the page. A malicious applet can be used to compromise or infect computers. Enabling this
setting blocks Java applets from being downloaded.
ActiveX – Similar to Java applets, ActiveX controls install on a Windows computer
running Internet Explorer. A malicious ActiveX control can be used to compromise or
infect computers. Enabling this setting blocks ActiveX applets from being downloaded.
Cookies – Cookies are used to store session information by websites that usually require
login. However, several websites use cookies to store tracking information and browsing
habits. Enabling this option filters out cookies from being created by a website.
Keyword (and domain name) Blocking – You can specify up to 32 words that, should they
appear in the Web site name (URL) or in a newsgroup name, will cause the site or newsgroup
to be blocked by the wireless firewall.
You can apply the keywords to one or more groups in the Apply Keyword Blocking to: fields.
Requests from the PCs in the groups for which keyword blocking has been enabled will be
blocked. Blocking does not occur for the PCs that are in the groups for which keyword
blocking has not been enabled.
If you enter a domain name in the Trusted Domains box, keyword filtering will be bypassed.
For example, if you entered www.netgear.com, keyword filtering will be bypassed for this
domain; however, Web Components filtering still applies.
Keyword application examples:
If the keyword “XXX” is specified, the URL
is blocked,
as is the newsgroup
alt.pictures.XXX
.
If the keyword “.com” is specified, only Web sites with other domain suffixes (such as
.edu
or
.gov
) can be viewed.
If you wish to block all Internet browsing access, enter the keyword
“.”
.
Note:
Many websites require that cookies be accepted in order for the site to be
accessed properly. Blocking cookies may cause many websites to not
function properly.
Page 98 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
4-26
Security and Firewall Protection
v1.0, April 2007
The following screen (
Figure 4-17
) illustrates the use of Keyword Blocking and adding Trusted
Domains.
Figure 4-17
Page 99 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Security and Firewall Protection
4-27
v1.0, April 2007
To block keywords or Internet domains:
1.
Check the
Yes
radio box in the
Turn keyword blocking on?
section and click
Apply
. (The
default is
No.
)
2.
Select the
Web Components
you want to enable and click
Apply.
3.
Check the boxes next to the group names in the
Apply Keyword Blocking to
list to specify
for which groups you want to implement Keyword Blocking. Only those PCs that are in one of
the specified groups will undergo the filtering process. Click
Enable.
Only those groups
names selected with show their status as enabled.
4.
Enter a
Blocked Keyword
in the
Add Blocked Keyword table
and click
Add.
The word or
domain name will appear in the
Blocked Keywords
table. Any number of keywords or
domain names may be added to the list.
5.
In the
Add Trusted Domain
table, enter the name(s) of any domain for which the keyword
filtering will be bypassed and click
Add
. The domain name must be exact; e.g., entering
www.netgear.com would be allowed as a trusted domain exempt from filtering. The Trusted
Domain will appear in the
Trusted Domains
table and will be exempt from filtering.
To delete keywords or domain names:
1.
Check the box adjacent to the keyword or domain name to be deleted and click
Delete.
2.
Delete all keywords or domain names by clicking
Select All
and then
Delete.
Enabling Source MAC Filtering
Source MAC Filter will drop the Internet-bound traffic received from PCs with specified MAC
addresses.
By default, the source MAC address filter is disabled; all the outbound traffic received from
any PCs with a MAC address are allowed.
When enabled, outbound Internet traffic will be dropped from the PCs that have a configured
MAC address in the
Blacked MAC Addresses
table.
To enable the Source MAC Address Filtering:
1.
Select
Security
from the main menu and
Source MAC Filter
from the submenu. The
Source
MAC Filter
screen will display.
2.
In the
MAC Filtering Enable
section, check the
Yes
radio box and click
Apply.
3.
Enter the MAC Address to be blocked in the
MAC Address
field
and click
Add
. The MAC
address will appear in the
Blocked MAC Addresses
table. Repeat this process to add
additional MAC addresses.
Page 100 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
4-28
Security and Firewall Protection
v1.0, April 2007
A valid MAC address is 12 fields; 0 to 9 and a to f. For example: 00:e0:4c:69:0a:11.
4.
Click
Apply
. The outbound traffic from the specified MAC addresses will be dropped
To delete a MAC Address or all MAC addresses:
Check the radio box adjacent to the MAC Address to be deleted and click
Delete
or
Click
select all
to select all the MAC Addresses and click
Delete
.
Setting up Port Triggering
Port triggering is used to allow some applications to function correctly that would otherwise be
partially blocked by the firewall when the router is in NAT mode. Some applications require that
when external devices connect to them, they receive data on a specific port or range of ports. THe
router must send all incoming data for that application only on the required port or range of ports.
Using this feature requires that you know the port numbers used by the application.
Port triggering allows computers on the private network (LAN) to request that one or more ports
be forwarded to them. Unlike basic port forwarding which forwards ports to only one IP address,
port triggering waits for an outbound request from the private network on one of the defined
outgoing ports. It then automatically sets up forwarding to the IP address from where the request
Figure 4-18
Note:
For additional ways of restricting outbound traffic, see
“Order of Precedence
for Rules” on page 4-17
.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top