Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

5-2

Security

Security Log

The firewall will log security-related events such as denied incoming and outgoing service

requests, hacker probes, and administrator logins. If you enable content filtering in the Block Sites

menu, the Log page will also show you when someone on your network tried to access a blocked

site. If you enabled e-mail notification, you'll receive these logs in an e-mail message. If you don't

have e-mail notification enabled, you can view the logs here. An example is shown in

Figure 5-1

:

Figure 5-1.

Logs menu

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

Security

5-3

Log entries are described in

Table 5-1

Log action buttons are described in

Table 5-2

Table 5-1.

Log entry descriptions

Field

Description

Date and Time

The date and time the log entry was recorded.

Description or

Action

The type of event and what action was taken if any.

Source IP

The IP address of the initiating device for this log entry.

Source port and

interface

The service port number of the initiating device, and whether it

originated from the LAN or WAN

Destination

The name or IP address of the destination device or website.

Destination port

and interface

The service port number of the destination device, and whether

it’s on the LAN or WAN.

Table 5-2.

Log action buttons

Field

Description

Refresh

Click this button to refresh the log screen.

Clear Log

Click this button to clear the log entries.

Send Log

Click this button to email the log immediately.

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

5-4

Security

Examples of log messages

Following are examples of log messages. In all cases, the log entry shows the timestamp as:

Day,

Year-Month-Date Hour:Minute:Second

Activation and Administration

Tue, 2002-05-21 18:48:39 - NETGEAR activated

[This entry indicates a power-up or reboot with initial time entry.]

Tue, 2002-05-21 18:53:28 - Administrator login failed - IP:192.168.0.2

Tue, 2002-05-21 18:55:00 - Administrator login successful - IP:192.168.0.2

Thu, 2002-05-21 18:56:58 - Administrator logout - IP:192.168.0.2

[This entry shows an administrator logging in and logging out of the firewall from IP address

192.168.0.2.]

Tue, 2002-05-21 19:00:06 - Login screen timed out - IP:192.168.0.2

[This entry shows a timout of the administrator login.]

Wed, 2002-05-22 22:00:19 - Log emailed

[This entry shows when the log was emailed.]

Dropped Packets

Wed, 2002-05-22 07:15:15 - TCP packet dropped - Source:64.12.47.28,4787,WAN -

Destination:134.177.0.11,21,LAN - [Inbound Default rule match]

Sun, 2002-05-22 12:50:33 - UDP packet dropped - Source:64.12.47.28,10714,WAN -

Destination:134.177.0.11,6970,LAN - [Inbound Default rule match]

Sun, 2002-05-22 21:02:53 - ICMP packet dropped - Source:64.12.47.28,0,WAN -

Destination:134.177.0.11,0,LAN - [Inbound Default rule match]

[These entries show an inbound FTP (port 21) packet, UDP packet, and ICMP packet being

dropped as a result of the default inbound rule, which states that all inbound packets are

denied.]

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

Security

5-5

Block Sites

The NETGEAR ProSafe Firewall allows you to restrict access based on Web addresses and Web

address keywords. Up to 255 entries are supported in the Keyword list. The Keyword Blocking

menu is shown in

Figure 5-2

:

Figure 5-2.

Block Sites menu

To enable keyword blocking, check “Turn keyword blocking on”, then click Apply.

To add a keyword or domain, type it in the Keyword box, click Add Keyword, then click Apply.

To delete a keyword or domain, select it from the list, click Delete Keyword, then click Apply.

Keyword application examples:

•

If the keyword "XXX" is specified, the URL <http://www.badstuff.com/xxx.html> is blocked.

•

If the keyword “.com” is specified, only websites with other domain suffixes (such as .edu or

.gov) can be viewed.

•

If you wish to block all Internet browsing access, enter the keyword “.”.

To specify a Trusted User, enter that PC’s IP address in the Trusted User box and click Apply.

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

5-6

Security

You may specify one Trusted User, which is a PC that will be exempt from blocking and

logging. Since the Trusted User will be identified by an IP address, you should configure that

PC with a fixed or reserved IP address.

Rules

Firewall rules are used to block or allow specific traffic passing through from one side to the other.

Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing

only specific outside users to access specific resources. Outbound rules (LAN to WAN) determine

what outside resources local users can have access to.

A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of

the NETGEAR ProSafe Firewall are:

•

Inbound: Block all access from outside except responses to requests from the LAN side.

•

Outbound: Allow all access from the LAN side to the outside.

These default rules are shown in the Rules table of the Rules menu in

Figure 5-3

:

Figure 5-3.

Rules menu