Page 56 / 149 Scroll up to view Page 51 - 55
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall
5-2
Security
Security Log
The firewall will log security-related events such as denied incoming and outgoing service
requests, hacker probes, and administrator logins. If you enable content filtering in the Block Sites
menu, the Log page will also show you when someone on your network tried to access a blocked
site. If you enabled e-mail notification, you'll receive these logs in an e-mail message. If you don't
have e-mail notification enabled, you can view the logs here. An example is shown in
Figure 5-1
:
Figure 5-1.
Logs menu
Page 57 / 149
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall
Security
5-3
Log entries are described in
Table 5-1
Log action buttons are described in
Table 5-2
Table 5-1.
Log entry descriptions
Field
Description
Date and Time
The date and time the log entry was recorded.
Description or
Action
The type of event and what action was taken if any.
Source IP
The IP address of the initiating device for this log entry.
Source port and
interface
The service port number of the initiating device, and whether it
originated from the LAN or WAN
Destination
The name or IP address of the destination device or website.
Destination port
and interface
The service port number of the destination device, and whether
it’s on the LAN or WAN.
Table 5-2.
Log action buttons
Field
Description
Refresh
Click this button to refresh the log screen.
Clear Log
Click this button to clear the log entries.
Send Log
Click this button to email the log immediately.
Page 58 / 149
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall
5-4
Security
Examples of log messages
Following are examples of log messages. In all cases, the log entry shows the timestamp as:
Day,
Year-Month-Date Hour:Minute:Second
Activation and Administration
Tue, 2002-05-21 18:48:39 - NETGEAR activated
[This entry indicates a power-up or reboot with initial time entry.]
Tue, 2002-05-21 18:53:28 - Administrator login failed - IP:192.168.0.2
Tue, 2002-05-21 18:55:00 - Administrator login successful - IP:192.168.0.2
Thu, 2002-05-21 18:56:58 - Administrator logout - IP:192.168.0.2
[This entry shows an administrator logging in and logging out of the firewall from IP address
192.168.0.2.]
Tue, 2002-05-21 19:00:06 - Login screen timed out - IP:192.168.0.2
[This entry shows a timout of the administrator login.]
Wed, 2002-05-22 22:00:19 - Log emailed
[This entry shows when the log was emailed.]
Dropped Packets
Wed, 2002-05-22 07:15:15 - TCP packet dropped - Source:64.12.47.28,4787,WAN -
Destination:134.177.0.11,21,LAN - [Inbound Default rule match]
Sun, 2002-05-22 12:50:33 - UDP packet dropped - Source:64.12.47.28,10714,WAN -
Destination:134.177.0.11,6970,LAN - [Inbound Default rule match]
Sun, 2002-05-22 21:02:53 - ICMP packet dropped - Source:64.12.47.28,0,WAN -
Destination:134.177.0.11,0,LAN - [Inbound Default rule match]
[These entries show an inbound FTP (port 21) packet, UDP packet, and ICMP packet being
dropped as a result of the default inbound rule, which states that all inbound packets are
denied.]
Page 59 / 149
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall
Security
5-5
Block Sites
The NETGEAR ProSafe Firewall allows you to restrict access based on Web addresses and Web
address keywords. Up to 255 entries are supported in the Keyword list. The Keyword Blocking
menu is shown in
Figure 5-2
:
Figure 5-2.
Block Sites menu
To enable keyword blocking, check “Turn keyword blocking on”, then click Apply.
To add a keyword or domain, type it in the Keyword box, click Add Keyword, then click Apply.
To delete a keyword or domain, select it from the list, click Delete Keyword, then click Apply.
Keyword application examples:
If the keyword "XXX" is specified, the URL <http://www.badstuff.com/xxx.html> is blocked.
If the keyword “.com” is specified, only websites with other domain suffixes (such as .edu or
.gov) can be viewed.
If you wish to block all Internet browsing access, enter the keyword “.”.
To specify a Trusted User, enter that PC’s IP address in the Trusted User box and click Apply.
Page 60 / 149
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall
5-6
Security
You may specify one Trusted User, which is a PC that will be exempt from blocking and
logging. Since the Trusted User will be identified by an IP address, you should configure that
PC with a fixed or reserved IP address.
Rules
Firewall rules are used to block or allow specific traffic passing through from one side to the other.
Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing
only specific outside users to access specific resources. Outbound rules (LAN to WAN) determine
what outside resources local users can have access to.
A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of
the NETGEAR ProSafe Firewall are:
Inbound: Block all access from outside except responses to requests from the LAN side.
Outbound: Allow all access from the LAN side to the outside.
These default rules are shown in the Rules table of the Rules menu in
Figure 5-3
:
Figure 5-3.
Rules menu

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top