1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. DGFV338
    5. /
  5. 31
Page 151 / 212 Scroll up to view Page 146 - 150
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Router and Network Management
6-3
v1.0, April 2007
See
“Using Rules to Block or Allow Specific Kinds of Traffic” on page 4-1
for the procedure on
how to use this feature.
Services.
The Rules menu contains a list of predefined Services for creating firewall rules. If a
service does not appear in the predefined Services list, you can define the service. The new service
will then appear in the Rules menu's Services list. See
“Quality of Service (QoS) Priorities” on
page 4-19
for the procedure on how to use this feature.
Groups and Hosts.
You can apply these rules selectively to groups of PCs to reduce the
outbound or inbound traffic. The Network Database is an automatically-maintained list of all
known PCs and network devices. PCs and devices become known by the following methods:
DHCP Client Request – By default, the DHCP server in this Router is enabled, and will accept
and respond to DHCP client requests from PCs and other network devices. These requests also
generate an entry in the Network Database. Because of this, leaving the DHCP Server feature
(on the LAN screen) enabled is strongly recommended.
Scanning the Network – The local network is scanned using standard methods such as ARP.
This will detect active devices which are not DHCP clients. However, sometimes the name of
the PC or device cannot be accurately determined, and will be shown as Unknown.
See
“Managing Groups and Hosts” on page 4-21
for the procedure on how to use this feature.
Schedule.
If you have set firewall rules on the Rules screen, you can configure three different
schedules (i.e., schedule 1, schedule 2, and schedule 3) for when a rule is to be applied. Once a
schedule is configured, it affects all Rules that use this schedule. You specify the days of the week
and time of day for each schedule.
See
“Setting a Schedule to Block or Allow Specific Traffic” on page 4-31
for the procedure on
how to use this feature.
Block Sites
If you want to reduce traffic by preventing access to certain sites on the Internet, you can use the
wireless firewall filtering feature. By default, this feature is disabled; all requested traffic from any
Web site is allowed.
Keyword (and domain name) blocking – You can specify up to 32 words that, should they
appear in the Web site name (i.e., URL) or in a newsgroup name, will cause that site or
newsgroup to be blocked by the wireless firewall.
You can apply the keywords to one or more groups. Requests from the PCs in the groups for
which keyword blocking has been enabled will be blocked. Blocking does not occur for the
PCs that are in the groups for which keyword blocking has not been enabled.
Page 152 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
6-4
Router and Network Management
v1.0, April 2007
You can bypass keyword blocking for trusted domains by adding the exact matching domain
to the list of Trusted Domains. Access to the domains on this list by PCs even in the groups for
which keyword blocking has been enabled will still be allowed without any blocking.
Web component blocking – You can block the following Web component types: Proxy, Java,
ActiveX, and Cookies. Sites on the Trusted Domains list are still subject to Web component
blocking when the blocking of a particular Web component has been enabled.
See
“Blocking Internet Sites” on page 4-24
for the procedure on how to use this feature.
Source MAC Filtering
If you want to reduce outgoing traffic by preventing Internet access by certain PCs on the LAN,
you can use the source MAC filtering feature to drop the traffic received from the PCs with the
specified MAC addresses. By default, this feature is disabled; all traffic received from PCs with
any MAC address is allowed.
See
“To block keywords or Internet domains:” on page 4-27
for the procedure on how to use this
feature.
Wireless Firewall Features That Increase Traffic
Features that tend to increase WAN-side loading are as follows:
Port forwarding
Port triggering
VPN tunnels
Port Forwarding
The firewall always blocks DoS (Denial of Service) attacks. A DoS attack does not attempt to steal
data or damage your PCs, but overloads your Internet connection so you can not use it (i.e., the
service is unavailable). You can also create additional firewall rules that are customized to block or
allow specific traffic.
You can control specific inbound traffic (i.e., from WAN to LAN and from WAN to DMZ).
Inbound Services lists all existing rules for inbound traffic. If you have not defined any rules, only
the default rule will be listed. The default rule blocks all inbound traffic.
Warning:
This feature is for Advanced Administrators only! Incorrect configuration
will cause serious problems.
Page 153 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Router and Network Management
6-5
v1.0, April 2007
Each rule lets you specify the desired action for the connections covered by the rule:
BLOCK always
BLOCK by schedule, otherwise Allow
ALLOW always
ALLOW by schedule, otherwise Block
You can also enable a check on special rules:
VPN Passthrough – Enable this to pass the VPN traffic without any filtering, specially used
when this firewall is between two VPN tunnel end points.
Drop fragmented IP packets – Enable this to drop the fragmented IP packets.
UDP Flooding – Enable this to limit the number of UDP sessions created from one LAN
machine.
TCP Flooding – Enable this to protect the router from Syn flood attack.
Enable DNS Proxy – Enable this to allow the incoming DNS queries.
Enable Stealth Mode – Enable this to set the firewall to operate in stealth mode.
As you define your firewall rules, you can further refine their application according to the
following criteria:
LAN users
. These settings determine which computers on your network are affected by this
rule. Select the desired IP Address in this field.
WAN Users
. These settings determine which Internet locations are covered by the rule, based
on their IP address.
Any: The rule applies to all Internet IP address.
Single address: The rule applies to a single Internet IP address.
Address range: The rule is applied to a range of Internet IP addresses.
Destination Address.
These settings determine the destination IP address for this rule which
will be applicable to incoming traffic. This rule is applied only when the destination IP address
of the incoming packet matches the IP address of the selected WAN interface or the specific IP
address entered in this field. Selecting ANY enables the rule for any IP in the destination field.
Services
. You can specify the desired Services or applications to be covered by this rule. If the
desired service or application does not appear in the list, you must define it using the Services
menu (see
“Services” on page 6-3
).
Schedule
. You can specify whether the rule is to be applied on the Schedule 1, Schedule 2, or
Schedule 3 time schedule (see
“Schedule” on page 6-3
).
Page 154 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
6-6
Router and Network Management
v1.0, April 2007
See
“Using Rules to Block or Allow Specific Kinds of Traffic” on page 4-1
for the procedure on
how to use this feature.
Port Triggering
Port triggering allows some applications to function correctly that would otherwise be partially
blocked by the firewall. Using this feature requires that you know the port numbers used by the
Application.
Once configured, operation is as follows:
A PC makes an outgoing connection using a port number defined in the Port Triggering table.
This Router records this connection, opens the additional INCOMING port or ports associated
with this entry in the Port Triggering table, and associates them with the PC.
The remote system receives the PCs request and responds using the different port numbers that
you have now opened.
This Router matches the response to the previous request and forwards the response to the PC.
Without Port Triggering, this response would be treated as a new connection request rather
than a response. As such, it would be handled in accordance with the Port Forwarding rules.
Only one PC can use a Port Triggering application at any time.
After a PC has finished using a Port Triggering application, there is a time-out period
before the application can be used by another PC. This is required because the firewall
cannot be sure when the application has terminated.
See
“Setting up Port Triggering” on page 4-28
for the procedure on how to use this feature.
VPN Tunnels
The wireless firewall permits up to 50 VPN tunnels at a time. Each tunnel requires extensive
processing for encryption and authentication.
See
Chapter 5, “Virtual Private Networking
” for the procedure on how to use this feature.
Using QoS to Shift the Traffic Mix
The QoS priority settings determine the priority and, in turn, the quality of service for the traffic
passing through the firewall. The QoS is set individually for each service.
You can accept the default priority defined by the service itself by not changing its QoS
setting.
Page 155 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Router and Network Management
6-7
v1.0, April 2007
You can change the priority to a higher or lower value than its default setting to give the
service higher or lower priority than it otherwise would have.
The QoS priority settings conform to the IEEE 802.1D-1998 (formerly 802.1p) standard for class
of service tag.
You will not change the WAN bandwidth used by changing any QoS priority settings. But you will
change the mix of traffic through the WAN ports by granting some services a higher priority than
others. The quality of a service is impacted by its QoS setting, however.
See
“Quality of Service (QoS) Priorities” on page 4-19
for the procedure on how to use this
feature.
Tools for Traffic Management
The ProSafe Wireless ADSL Modem VPN Firewall Router includes several tools that can be used
to monitor the traffic conditions of the firewall and control who has access to the Internet and the
types of traffic they are allowed to have. See
“Monitoring” on page 6-12
for a discussion of the
tools.
Administrator and Guest Access Authorization
You can change the administrator and guest passwords, administrator login time-out, and enable
remote management. Administrator access is read/write and guest access is read-only.
Changing the Passwords and Login Time-out
The default passwords for the firewall’s Web Configuration Manager is
password
. NETGEAR
recommends that you change this password to a more secure password.
To change the password:
1.
Select
Administration
from the main menu and
Set Password
from the submenu. The
Set
Password
screen will display.
2.
Enter a
New User Name
if desired.
Note:
You can change the Administrator account name; however, you cannot change
it to “root”, as this is a Telnet account that already exists on the system.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top